DNS Record Types - Learn About DNS Record Types

Definition of DNS Record Types

DNS record types are important parts of the Domain Name System (DNS) that give key information about a domain or hostname. These records have important details, such as the current IP address linked to a specific domain. DNS records are kept as text files, called zone files, on authoritative DNS servers. Each record type has a special purpose and is important for DNS to work right. The information in these records lets human-readable domain names be changed into machine-readable IP addresses, which helps devices on the internet talk to each other.

A Record

The A record is one of the most important DNS record types. It points to the IPv4 address of a domain. The main use of an A record is for IP address lookup, allowing web browsers to load websites using easy-to-remember domain names instead of numeric IP addresses.

AAAA Record (Quad-A Record)

The AAAA record, also known as a Quad-A record, is similar to the A record but points to the IPv6 address of a domain. IPv6 addresses are much longer than IPv4 addresses and help solve the problem of running out of unique IP addresses. AAAA records are used to resolve domain names to the newer IPv6 protocol addresses.

CNAME Record (Canonical Name Record)

A CNAME record points a domain name (an alias) to another domain (the canonical name). The alias does not point directly to an IP address. CNAME records are useful for running multiple subdomains on the same server without needing to assign each one a separate IP address.

NS Record (Nameserver Record)

NS records specify the authoritative nameservers for a domain. These records help direct internet applications, like web browsers, to the correct DNS server to find the IP address associated with a domain. Usually, multiple NS records are specified for a single domain for redundancy.

MX Record (Mail Exchanger Record)

MX records indicate where email messages sent to a domain should be routed. They allow email to be directed to the appropriate mail servers. A domain can have multiple MX records with different priorities, providing backup email servers if the primary one is unavailable.

TXT Record (Text Record)

TXT records allow domain owners to store arbitrary text values in the DNS. These records are often used by various services to verify domain ownership. They can contain different types of information, such as SPF records for email authentication and security.

PTR Record (Pointer Record)

PTR records provide a domain name associated with an IP address, enabling reverse DNS lookups. They are the opposite of A records. PTR records are useful for verifying the identity of servers and can help prevent email messages from being flagged as spam.

SOA Record (Start of Authority Record)

The SOA record stores administrative information about a domain, such as the email address of the domain's administrator and the timestamp of the last update. It also specifies the primary nameserver for the domain and other important DNS configuration details.

SRV Record (Service Record)

An SRV record specifies the location of specific services within a domain. It stores the IP address and port number for services like Voice over IP (VoIP), instant messaging, and other applications. SRV records enable service discovery, making it easier for applications to find the appropriate server within a domain without needing to know the exact IP address or port in advance. This simplifies configuration and allows for flexibility in deploying and moving services.

CAA Record (Certification Authority Authorization Record)

CAA records add an extra layer of security to the SSL/TLS certificate issuance process by specifying which Certificate Authorities (CAs) are authorized to issue certificates for a particular domain. When a CA receives a request to issue a certificate for a domain, it checks for the presence of CAA records. If CAA records exist, the CA must verify that it is listed as an authorized issuer before proceeding. This helps prevent unauthorized entities from issuing certificates for a domain, reducing the risk of fraudulent certificates being used in phishing attacks or other malicious activities.

DNAME Record (Delegation Name Record)

A DNAME record is similar to a CNAME record but has a broader effect. While a CNAME record points a single domain name to another domain, a DNAME record points all subdomains of the alias domain to the target domain. For example, if a DNAME record points example.com to newexample.com, then subdomain.example.com would automatically point to subdomain.newexample.com without needing individual CNAME records for each subdomain. DNAME records are useful for redirecting an entire domain and its subdomains to a new domain name.

NAPTR Record (Naming Authority Pointer Record)

NAPTR records are used for dynamic rewriting of URLs. They allow for the conversion of one domain name format to another based on defined rules and regular expressions. NAPTR records are commonly used in applications that require dynamic mapping, such as converting telephone numbers into SIP URIs for VoIP calls. They provide a flexible way to map different naming schemes and facilitate interoperability between different systems and protocols.

DNSKEY Record

The DNSKEY record is an important part of the Domain Name System Security Extensions (DNSSEC). It contains the public keys used in the DNSSEC process to check the authenticity and integrity of DNS responses. When a DNS resolver gets a signed response, it uses the public key from the DNSKEY record to validate the digital signature, making sure that the response hasn't been changed and comes from the authoritative DNS server.

DS Record (Delegation Signer Record)

RRSIG Record (Resource Record Signature)

RRSIG records contain digital signatures for DNS record sets. These signatures are created using the private key associated with the zone's DNSKEY. When a DNS response is received, the resolver uses the public key from the DNSKEY record to verify the RRSIG, confirming that the response is authentic and hasn't been changed in transit. The presence of a valid RRSIG record proves the integrity and authenticity of the DNS data.

NSEC Record (Next Secure Record)

NSEC records are used for authenticated denial of existence in DNSSEC. When a requested DNS record does not exist, the authoritative server returns an NSEC record along with the signed response. The NSEC record proves that the requested record does not exist and that no record exists between it and the next record in the zone. This prevents attackers from forging negative responses and helps maintain the integrity of the DNS system.