DNSLOOKUP
Docs
Introduction
Dns Record Types

DNS Record Types

DNS records are instructions that live in authoritative DNS servers and provide information about a domain. Each record has a specific type that defines what kind of information it contains. This page explains the most common DNS record types and their purposes.

Common DNS Record Types

A Record (Address Record)

The most basic and commonly used DNS record type that maps a domain name to an IPv4 address.

example.com. IN A 192.0.2.1

This record tells DNS servers that the domain "example.com" should resolve to the IPv4 address 192.0.2.1.

AAAA Record (IPv6 Address Record)

Similar to an A record, but maps a domain name to an IPv6 address instead of IPv4.

example.com. IN AAAA 2001:0db8:85a3:0000:0000:8a2e:0370:7334

This record tells DNS servers that the domain "example.com" should resolve to the IPv6 address 2001:0db8:85a3:0000:0000:8a2e:0370:7334.

CNAME Record (Canonical Name Record)

Maps one domain name (an alias) to another (the canonical name). This is useful for subdomains that should point to the same content as another domain.

www.example.com. IN CNAME example.com.

This record tells DNS servers that "www.example.com" is an alias for "example.com". When someone visits www.example.com, they'll be directed to the same IP address as example.com.

Note: CNAME records cannot coexist with other record types for the same name. For example, if you have a CNAME for "www.example.com", you cannot also have an A record for "www.example.com".

MX Record (Mail Exchange Record)

Specifies the mail servers responsible for accepting email on behalf of a domain and their priority.

example.com. IN MX 10 mail1.example.com.

example.com. IN MX 20 mail2.example.com.

These records tell email servers that mail for "example.com" should be delivered to mail1.example.com first (priority 10), and if that's unavailable, to mail2.example.com (priority 20). Lower numbers indicate higher priority.

TXT Record (Text Record)

Allows domain administrators to store arbitrary text in the DNS. Commonly used for domain verification, SPF, DKIM, and DMARC records.

example.com. IN TXT "v=spf1 include:_spf.example.com ~all"

This example shows an SPF (Sender Policy Framework) record implemented as a TXT record, which helps prevent email spoofing.

NS Record (Name Server Record)

Delegates a DNS zone to a set of authoritative name servers. These records specify which name servers are authoritative for a domain.

example.com. IN NS ns1.example.com.

example.com. IN NS ns2.example.com.

These records tell the DNS system that the authoritative name servers for "example.com" are ns1.example.com and ns2.example.com.

Specialized DNS Record Types

SOA Record (Start of Authority)

Contains administrative information about the DNS zone, including the primary name server, the email address of the domain administrator, and various refresh timers.

example.com. IN SOA ns1.example.com. admin.example.com. (

2023010101 ; Serial

3600 ; Refresh (1 hour)

1800 ; Retry (30 minutes)

604800 ; Expire (1 week)

86400 ; Minimum TTL (1 day)

)

Every DNS zone must have exactly one SOA record. It contains critical information about how the zone should be managed.

PTR Record (Pointer Record)

Used for reverse DNS lookups, mapping an IP address to a domain name. These are stored in the special in-addr.arpa domain for IPv4 and ip6.arpa for IPv6.

1.2.0.192.in-addr.arpa. IN PTR example.com.

This record maps the IP address 192.0.2.1 (written in reverse order with .in-addr.arpa appended) to the domain name "example.com".

SRV Record (Service Record)

Specifies the location of servers for specific services. Used for services like SIP, XMPP, and LDAP to allow clients to discover servers automatically.

_sip._tcp.example.com. IN SRV 10 60 5060 sipserver.example.com.

This record tells SIP clients that the SIP service for example.com can be found at sipserver.example.com on port 5060, with a priority of 10 and a weight of 60.

CAA Record (Certification Authority Authorization)

Specifies which certificate authorities (CAs) are allowed to issue certificates for a domain.

example.com. IN CAA 0 issue "letsencrypt.org"

This record specifies that only Let's Encrypt is authorized to issue SSL/TLS certificates for example.com.

DNSSEC Records (DNSKEY, DS, RRSIG, NSEC)

Used for DNS Security Extensions (DNSSEC) to provide authentication and integrity to DNS data.

  • DNSKEY: Contains a public key used to verify DNSSEC signatures
  • DS (Delegation Signer): References a DNSKEY record in a delegated zone
  • RRSIG (Resource Record Signature): Contains a DNSSEC signature for a record set
  • NSEC/NSEC3: Used to prove the non-existence of a record

Email Authentication Records

SPF Record (Sender Policy Framework)

Implemented as a TXT record, SPF specifies which mail servers are authorized to send email on behalf of a domain.

example.com. IN TXT "v=spf1 ip4:192.0.2.0/24 include:_spf.google.com ~all"

This record authorizes the IP range 192.0.2.0/24 and Google's mail servers to send email for example.com.

DKIM Record (DomainKeys Identified Mail)

Implemented as a TXT record, DKIM provides a way to validate that an email was sent and authorized by the owner of a domain.

selector._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC..."

This record contains a public key that email recipients can use to verify that messages were signed by the domain owner.

DMARC Record (Domain-based Message Authentication, Reporting, and Conformance)

Implemented as a TXT record, DMARC tells receiving mail servers what to do with messages that fail SPF and DKIM checks.

_dmarc.example.com. IN TXT "v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@example.com"

This record instructs receiving mail servers to quarantine (place in spam folder) 100% of messages that fail authentication, and to send aggregate reports to dmarc-reports@example.com.

Next Steps

Now that you understand the different DNS record types, you might want to explore:

PreviousNext
Edit this page on GitHub