KNOWNHOST WIKI

User Tools

Site Tools


dns:dns-records-explained

DNS Records Explained

Domain Name System (DNS) records are used to translate and store information relating to web hosting such as website IP addressing, domain name and subdomains associated, web servers, mail servers and a range of other resources that you wish to access or have accessed by others.

Name Servers are used to respond to requests, keep track of key information and generally manage the operational aspects of DNS requests.

Below is a comprehensive list of DNS records being used at this time. Keep in mind that many of these aren't common, but can be used if required.


The most common records in use include A, CNAME, MX, NS, SOA and TXT. All are explained below.


Comprehensive List of DNS Records


A

  • address records that map domain names to IPv4 IP addresses
  • domains can have single domain names mapped to multiple IP addresses
  • single IP addresses can have multiple domains mapped to them


AAAA

  • address records that map domain names to IPv6 IP addresses
  • as with A records, one to many and many to one mapping is allowed


AFSDB

  • address records that map domain names to an Andrew File System Database server


ALIAS

  • address records used to map apex domains (domain.tld without subdomains)
  • similar to CNAME (though CNAME can only be used on subdomains)


AMTRELAY

  • used for reverse IP Automatic Multicast Tunneling discovery
  • advertises a set of AMT relays for receiving and forwarding multicast traffic


APL

  • Address Prefix List resolution and sharing


ATMA

  • maps domain names to Asynchronous Transfer Mode Addresses
  • ATM addresses can be E.164 or NSAP (decimal or hexadecimal) formats


AVC

  • used for application metadata relating to Application Visibility and Control


AXFR

  • as a part of the DNS transaction process for domain transfers
  • AXFR is a DNS query type which, when combined with certain values, corresponds to steps in the domain transfer process/exchange


CAA

  • the Certification Authority Authorization (CAA) identifies which certificate authorities are permitted to issue certs for a given domain


CDNSKEY

  • a Child DNSKey or CDNSKEY is a record used in the signaling of secure entry points in the process of establishing, modifying or deleting DS records


CDS

  • a Child DS record is used for signaling changes for a zone DNSSEC status


CERT

  • enabling DNS to store and maintain certificate information, CERT resource records relate to certificates and certificate revocation lists


CNAME

  • Canonical NAME records are used to map subdomain resources to their respective domains (which will also have A records to map primary domain.tld to respective IP addresses
  • enables domain moves to new IP addresses using just A record changes, without need to change all the subdomain mapping as well


CSYNC

  • Child SYNC or CSYNC records enable change notices to be sent from child DNS operators to their respective parents, notifying them of changes needing to be made


DHCID

  • Dynamic Host Configuration ID records are used to associate DHCP clients with their domain names
  • typically only updated via DHCP clients and servers, not via DNS zone edits manually


DLV

  • DNSSEC Lookaside Validation records are formatted as DS records and are used for DNSSEC public-key validation chains which can be published outside of tradition DNS validation chains, appearing at the zone apex


DNAME

  • DNS Name redirection records, or DNAME, enable entire subtree redirection of one domain to another
  • whereas an A, AAAA or Alias allows apex domains to be pointed elsewhere, a DNAME record allows all subdomains of one domain to be associated with all subdomains on another domain (such as mail.domain1.com and ftp.domain1.com being associated with mail.domain2.com and ftp.domain2.com - all by simply setting one DNAME record, thus associating all subdomains)


DNSKEY

  • holding a public key, the DNSKEY record can be used by resolvers to verify DNSSEC key signatures


DOA

  • Digital Object Architecture over DNS maps objects and object resources to handles, URI and related resource details


DS

  • Delegation Signer records reference DNSKEY-records and include details about the key algorithm, digest-type and digest


EID

  • Endpoint Identifier records are used in Nimrod Routing Architecture for uniquely identifying the node


EUI48

  • used to encode ethernet addresses in DNS, EUI48 records are 48-bit Extended Unique Identifiers that specify layer-2 addressing details


EUI64

  • used to encode ethernet addresses in DNS, EUI64 records are 64-bit Extended Unique Identifiers that specify layer-2 addressing details


GID

  • Group IDentifier information maintained and encoded via DNS


GPOS

  • Geographical POSition information (being replaced by LOC records)


HINFO

  • containing Host INFOrmation, HINFO records store host software and hardware details


HIP

  • Host Identity Protocol records store the Host Identity, Host Identity Tag and the respective Rendezvous Servers domain names


IPSECKEY

  • contains the IPsec KEY - the public key associated with a domain name


ISDN

  • maps an Integrated Services Digital Network telephone number to a domain name


IXFR

  • Incremental Zone Transfer
  • see AXFR
  • used for updating zone information on newer DNS implementations


KX

  • specifies the Key eXchanger for use in cryptographic key management


L32

  • used for specifying 32-bit Locator records


L64

  • used for specifying 64-bit Locator records


LOC

  • by storing WGS84 latitude, longitude and altitude information, LOCation records enable resources to be associated with geographical location information


LP

  • used as a Locator Pointer for L32 and L64 records, LP holds network name information used with ILNP


MAILA

  • MAIL Agent records being replaced by MX records


MAILB

  • MAIL Box records being replaced by MX records


MB

  • Mail Box records which map a mailbox to a host server
  • requires a valid A record for the zone


MD

  • Mail Destination records being replaced with MX records


MF

  • Mail Forwarder records being replaced with MX records


MG

  • Mail Group member records used to associate boxes MB's with a group
  • requires a valid MB for each MG member


MINFO

  • Mailbox INFOrmation records specify who is responsible for a box, group or list


MR

  • Mailbox Redirection records map an existing mailbox address to a new address
  • also known as Mailbox Rename
  • acts as a forwarder from one mailbox to another


MX

  • Mail eXchange records maps mail subdomain to an apex domain
  • can specify multiple servers and their relative priority in the list
  • must point to A or AAAA records, not CNAME records


NAPTR

  • the Name Authority Pointer record is typically used to convey IP telephony details (such as with SIP) relating to your domain supporting VOIP/SIP and details about ports and protocols used


NID

  • DNS Node Identifiers (NID records) hold values for ILNP-capable nodes under a new internet architecture approach
  • ideally suited for mobile nodes, devices and networks presented on Identifier Locator Network Protocol implementations


NIMLOC

  • used for location information storage and retrieval in Nimrod Routing Architecture deployments


NINFO

  • designed to convey domain status information
  • uses TXT record format


NS

  • NameServer (NS) records identify what nameservers are to be used in resolving DNS queries about a given domain


NSAP

  • Network Service Access Point addressing information is done via NSAP records and are most commonly used in ConnectionLess Network Protocol routing detail queries


NSEC

  • used in DNSSEC validation, a Next SECure record will store the address of the next record name in the zone
  • generally used to identify that a record doesn't exist


NSEC3

  • like NSEC, Next SECure record 3 records serve the same function as NSEC but differ by being cryptographically hashed names to prevent the clear text presenting of record names in the zone


NSEC3PARAM

  • accompanying NSEC3, Next SECure record 3 PARAMeters are used to include additional detailed information


NULL

  • placeholders for experimental protocols or as part of DNS:Tunnel, NULL is an empty space


OPENPGPKEY

  • used for delivery of PGP public keys for email addresses


OPT

  • a pseudo-key, OPT records don't actually contain DNS data, but instead are used to pass control information during a DNS question/answer exchange


PTR

  • used for reverse DNS lookups, PoinTeR records provide a map from domain name to IP addresses so that requests can query via IP address and get a domain name as a result
  • the opposite of A records which can handle query via domain name to provide IP addresses


PX

  • designed for use in X.400 (RFC822) mapping


RKEY

  • used for storing keys that encrypt NAPTR records, protocol, algorithm and key data are contained in these resource records


RP

  • Responsible Person records store the identity information of the person responsible for a particular domain name


RRSIG

  • acting as storage for a DNSSEC signature across a record set, RRSIG records work in conjunction with DNSKEY public keys


RT

  • Route Through records delineate intermediate hosts used to route to the final destination host


SIG

  • SIGnature or SIGning records, SIG records are used to authenticate exchanges (DNS requests) so that the requester can be sure it's communicating with the server queried (intended to communicate with)


SINK

  • the kitchen SINK record has historically been used as a lump and dump storage facility for handling miscellaneous data that couldn't be conveniently stored and queried using other record types


SMIMEA

  • associated email addresses with end entity certificates or public keys


SOA

  • Start of Authority records contain administrative details about a zone and are typically used as part of the zone transfer process


SPF

  • Sender Policy Framework records are TXT records containing details about what hostnames and IP addresses are authorized to send email for a domain


SRV

  • SeRVice records specify hostname and port for detailing servers associated with particular services


SSHFP

  • Secure SHell Fingerprint records spell out the SSH keys associated with a given hostname


SVCB

  • SerViCe Binding records allow requests to find associated multiple network locations for a given origin


  • Trust Anchor LINK records have been used to connect two domain names


TKEY

  • Transaction KEY records are a part of the exchanging of secret keys


TLSA

  • the TLS Authentication record makes an association between domain name and a TLS server certificate or key


TSIG

  • a Transaction SIGnature record confirms the validity of DNS database changes
  • often used with dynamic DNS or with slave/secondary DNS server systems


TXT

  • TeXT records enable storing of miscellaneous information associated with a given hostname


UID

  • used for storing User ID information


UINFO

  • User INFO records are much like TXT records and can store arbitrary info associated with a domain


UNSPEC

  • UNSPECified records store information that's not conveniently stored elsewhere


URI

  • Uniform Resource Indicator records store precisely that


WKS

  • Well Known Services records spell out protocols that are to be supported at a particular address


X25

  • used for mapping Public Switched Data Networks to particular addresses
  • often implemented for specifying secure circuit endpoints on PSTN connections
dns/dns-records-explained.txt · Last modified: 2020/11/27 10:33 by Karson N.