User Tools

Site Tools


DNS Records Explained

Domain Name System (DNS) records are used to translate and store information relating to web hosting such as website IP addressing, domain name and subdomains associated, web servers, mail servers and a range of other resources that you wish to access or have accessed by others.

Name Servers are used to respond to requests, keep track of key information and generally manage the operational aspects of DNS requests.

Below is a comprehensive list of DNS records being used at this time. Keep in mind that many of these aren't common, but can be used if required.

The most common records in use include A, CNAME, MX, NS, SOA and TXT. All are explained below.

Comprehensive List of DNS Records


  • address records that map domain names to IPv4 IP addresses
  • domains can have single domain names mapped to multiple IP addresses
  • single IP addresses can have multiple domains mapped to them


  • address records that map domain names to IPv6 IP addresses
  • as with A records, one to many and many to one mapping is allowed


  • address records that map domain names to an Andrew File System Database server


  • address records used to map apex domains (domain.tld without subdomains)
  • similar to CNAME (though CNAME can only be used on subdomains)


  • used for reverse IP Automatic Multicast Tunneling discovery
  • advertises a set of AMT relays for receiving and forwarding multicast traffic


  • Address Prefix List resolution and sharing


  • maps domain names to Asynchronous Transfer Mode Addresses
  • ATM addresses can be E.164 or NSAP (decimal or hexadecimal) formats


  • used for application metadata relating to Application Visibility and Control


  • as a part of the DNS transaction process for domain transfers
  • AXFR is a DNS query type which, when combined with certain values, corresponds to steps in the domain transfer process/exchange


  • the Certification Authority Authorization (CAA) identifies which certificate authorities are permitted to issue certs for a given domain


  • a Child DNSKey or CDNSKEY is a record used in the signaling of secure entry points in the process of establishing, modifying or deleting DS records


  • a Child DS record is used for signaling changes for a zone DNSSEC status


  • enabling DNS to store and maintain certificate information, CERT resource records relate to certificates and certificate revocation lists


  • Canonical NAME records are used to map subdomain resources to their respective domains (which will also have A records to map primary domain.tld to respective IP addresses
  • enables domain moves to new IP addresses using just A record changes, without need to change all the subdomain mapping as well


  • Child SYNC or CSYNC records enable change notices to be sent from child DNS operators to their respective parents, notifying them of changes needing to be made


  • Dynamic Host Configuration ID records are used to associate DHCP clients with their domain names
  • typically only updated via DHCP clients and servers, not via DNS zone edits manually


  • DNSSEC Lookaside Validation records are formatted as DS records and are used for DNSSEC public-key validation chains which can be published outside of tradition DNS validation chains, appearing at the zone apex


  • DNS Name redirection records, or DNAME, enable entire subtree redirection of one domain to another
  • whereas an A, AAAA or Alias allows apex domains to be pointed elsewhere, a DNAME record allows all subdomains of one domain to be associated with all subdomains on another domain (such as and being associated with and - all by simply setting one DNAME record, thus associating all subdomains)


  • holding a public key, the DNSKEY record can be used by resolvers to verify DNSSEC key signatures


  • Digital Object Architecture over DNS maps objects and object resources to handles, URI and related resource details


  • Delegation Signer records reference DNSKEY-records and include details about the key algorithm, digest-type and digest


  • Endpoint Identifier records are used in Nimrod Routing Architecture for uniquely identifying the node


  • used to encode ethernet addresses in DNS, EUI48 records are 48-bit Extended Unique Identifiers that specify layer-2 addressing details


  • used to encode ethernet addresses in DNS, EUI64 records are 64-bit Extended Unique Identifiers that specify layer-2 addressing details


  • Group IDentifier information maintained and encoded via DNS


  • Geographical POSition information (being replaced by LOC records)


  • containing Host INFOrmation, HINFO records store host software and hardware details


  • Host Identity Protocol records store the Host Identity, Host Identity Tag and the respective Rendezvous Servers domain names


  • contains the IPsec KEY - the public key associated with a domain name


  • maps an Integrated Services Digital Network telephone number to a domain name


  • Incremental Zone Transfer
  • see AXFR
  • used for updating zone information on newer DNS implementations


  • specifies the Key eXchanger for use in cryptographic key management


  • used for specifying 32-bit Locator records


  • used for specifying 64-bit Locator records


  • by storing WGS84 latitude, longitude and altitude information, LOCation records enable resources to be associated with geographical location information


  • used as a Locator Pointer for L32 and L64 records, LP holds network name information used with ILNP


  • MAIL Agent records being replaced by MX records


  • MAIL Box records being replaced by MX records


  • Mail Box records which map a mailbox to a host server
  • requires a valid A record for the zone


  • Mail Destination records being replaced with MX records


  • Mail Forwarder records being replaced with MX records


  • Mail Group member records used to associate boxes MB's with a group
  • requires a valid MB for each MG member


  • Mailbox INFOrmation records specify who is responsible for a box, group or list


  • Mailbox Redirection records map an existing mailbox address to a new address
  • also known as Mailbox Rename
  • acts as a forwarder from one mailbox to another


  • Mail eXchange records maps mail subdomain to an apex domain
  • can specify multiple servers and their relative priority in the list
  • must point to A or AAAA records, not CNAME records


  • the Name Authority Pointer record is typically used to convey IP telephony details (such as with SIP) relating to your domain supporting VOIP/SIP and details about ports and protocols used


  • DNS Node Identifiers (NID records) hold values for ILNP-capable nodes under a new internet architecture approach
  • ideally suited for mobile nodes, devices and networks presented on Identifier Locator Network Protocol implementations


  • used for location information storage and retrieval in Nimrod Routing Architecture deployments


  • designed to convey domain status information
  • uses TXT record format


  • NameServer (NS) records identify what nameservers are to be used in resolving DNS queries about a given domain


  • Network Service Access Point addressing information is done via NSAP records and are most commonly used in ConnectionLess Network Protocol routing detail queries


  • used in DNSSEC validation, a Next SECure record will store the address of the next record name in the zone
  • generally used to identify that a record doesn't exist


  • like NSEC, Next SECure record 3 records serve the same function as NSEC but differ by being cryptographically hashed names to prevent the clear text presenting of record names in the zone


  • accompanying NSEC3, Next SECure record 3 PARAMeters are used to include additional detailed information


  • placeholders for experimental protocols or as part of DNS:Tunnel, NULL is an empty space


  • used for delivery of PGP public keys for email addresses


  • a pseudo-key, OPT records don't actually contain DNS data, but instead are used to pass control information during a DNS question/answer exchange


  • used for reverse DNS lookups, PoinTeR records provide a map from domain name to IP addresses so that requests can query via IP address and get a domain name as a result
  • the opposite of A records which can handle query via domain name to provide IP addresses


  • designed for use in X.400 (RFC822) mapping


  • used for storing keys that encrypt NAPTR records, protocol, algorithm and key data are contained in these resource records


  • Responsible Person records store the identity information of the person responsible for a particular domain name


  • acting as storage for a DNSSEC signature across a record set, RRSIG records work in conjunction with DNSKEY public keys


  • Route Through records delineate intermediate hosts used to route to the final destination host


  • SIGnature or SIGning records, SIG records are used to authenticate exchanges (DNS requests) so that the requester can be sure it's communicating with the server queried (intended to communicate with)


  • the kitchen SINK record has historically been used as a lump and dump storage facility for handling miscellaneous data that couldn't be conveniently stored and queried using other record types


  • associated email addresses with end entity certificates or public keys


  • Start of Authority records contain administrative details about a zone and are typically used as part of the zone transfer process


  • Sender Policy Framework records are TXT records containing details about what hostnames and IP addresses are authorized to send email for a domain


  • SeRVice records specify hostname and port for detailing servers associated with particular services


  • Secure SHell Fingerprint records spell out the SSH keys associated with a given hostname


  • SerViCe Binding records allow requests to find associated multiple network locations for a given origin

  • Trust Anchor LINK records have been used to connect two domain names


  • Transaction KEY records are a part of the exchanging of secret keys


  • the TLS Authentication record makes an association between domain name and a TLS server certificate or key


  • a Transaction SIGnature record confirms the validity of DNS database changes
  • often used with dynamic DNS or with slave/secondary DNS server systems


  • TeXT records enable storing of miscellaneous information associated with a given hostname


  • used for storing User ID information


  • User INFO records are much like TXT records and can store arbitrary info associated with a domain


  • UNSPECified records store information that's not conveniently stored elsewhere


  • Uniform Resource Indicator records store precisely that


  • Well Known Services records spell out protocols that are to be supported at a particular address


  • used for mapping Public Switched Data Networks to particular addresses
  • often implemented for specifying secure circuit endpoints on PSTN connections
dns/dns-records-explained.txt · Last modified: 2020/11/27 10:33 by Karson N.