DNS records types

What is a DNS record?

DNS records (aka zone files) are instructions that live in authoritative DNS servers and provide information about a domain including what IP address is associated with that domain and how to handle requests for that domain. These records consist of a series of text files written in what is known as DNS syntax. DNS syntax is just a string of characters used as commands that tell the DNS server what to do. All DNS records also have a ‘TTL’, which stands for time-to-live, and indicates how often a DNS server will refresh that record.

 

What are some of the less commonly used DNS records?

  • CAA record
  • DNSKEY record
  • CERT record
  • DCHID record
  • DNAME record
  • DKIM record(TXT)
  • IPSECKEY record
  • LOC record
  • RP record
  • SSHFP record
  • DMARC record

What are the most common types of DNS record?

  • A record
  • AAAA record
  • CNAME record
  • NS record
  • MX record
  • SOA record
  • TXT record
  • SRV record
  • SPF record(TXT)

A Record

The A record is the most important DNS record type. The "A" in A record stands for "address." An A record shows the IP address for a specific hostname or domain. For example, a DNS record lookup for the domain example.com returns the following result:

From figure above, we can see that the current IP address is 93.184.216.34. The A record only supports IPV4 addresses. Later in this post, we'll see how to point a domain to an IPV6 address using another DNS record type.

Use of a record

The main use of A record is for IP address lookup. Using an A record, a web browser is able to load a website using the domain name. As a result, we can access websites on the internet without knowing their IP addresses.

Another use of A record is in the domain name system-based blackhole list (DNSBL). Here, the A record is used to block mail from known spam sources.

AAAA record

AAAA record, just like A record, point to the IP address for a domain. However, this DNS record type is different in the sense that it points to IPV6 addresses.

IPV6 is an upgrade over IPV4 as it offers more IP addresses. As a result, IPV6 solves the issue of running out of unique IP addresses. An IPV6 address looks something like the following:

Use of a record

Usage of the AAAA record for DNS resolution has great potential because it uses IPV6, which is an improvement over IPV4. Also, as the internet keeps growing and we're running out of IPV4 addresses, the potential for AAAA records is high.

AAAA records are used to resolve a domain name to the newer IPV6 protocol address.

A colon separates each field in an IPV6 address

CNAME record

CNAME — or "canonical name" — is a DNS record that points a domain name (an alias) to another domain. In a CNAME record, the alias doesn't point to an IP address. And the domain name that the alias points to is the canonical name. For example, the subdomain www.tenants.cloud can point to tenants.cloud using CNAME. Here example.com points to the actual IP address using an A record.

Use of a record

Example for the use of CNAME records is running multiple subdomains for different purposes on the same server. For example, we can use ftp.example.com for file transfer protocol and serve webpages via www.example.com. We can then use a CNAME record to point both subdomains to example.com. 

It's also possible to point a CNAME to another CNAME. However, doing so is inefficient and can lead to slow load speed and poor user experience.

NS record

A nameserver (NS) record specifies the authoritative DNS server for a domain. For example, these could look like ns-1330.awsdns-38.org and ns-713.awsdns-25.net. Domain registrars require at least two NS-records to be registered for maximum fault tolerance

Use of a record

Those nameservers, in simple terms, connect your domain name to the actual server your site is hosted on. The nameserver contains other DNS records for the domain like an A record and other records

MX record

A mail exchange (MX) record, is a DNS record type that shows where emails for a domain should be routed to. In other words, an MX record makes it possible to direct emails to a mail server.

You can have multiple MX records for a single domain name. And what this means is that you can have backup email servers. The following shows an example of a domain with multiple MX records:

Use of a record

MX record with priority 1 will be the primary mail server, while the secondary server will only be used when the primary server is unavailable (or fails to send emails). The lower the priority value, the higher the actual priority

With an MX record, it's possible to hand off emails to a dedicated email server. For example, you can decide to leave all the trouble of setting up webmail on a server you own to a specialized email provider. This comes with many benefits and improved security and spam filters.

soa record

The DNS 'start of authority' (SOA) record stores important information about a domain or zone such as the email address of the administrator, when the domain was last updated, and how long the server should wait between refreshes

txt record

The DNS 'text' (TXT) record lets a domain administrator enter text into the Domain Name System (DNS). The TXT record was originally intended as a place for human-readable notes. However, now it is also possible to put some machine-readable data into TXT records. One domain can have many TXT records.

SRV record

The DNS "service" (SRV) record specifies a host and port for specific services such as voice over IP (VoIP), instant messaging, and so on. Most other DNS records only specify a server or an IP address, but SRV records include a port at that IP address as well. Some Internet protocols require the use of SRV records in order to function.

SPF record

A sender policy framework (SPF) record is a type of DNS TXT record that lists all the servers authorized to send emails from a particular domain.

A DNS TXT (“text”) record lets a domain administrator enter arbitrary text into the Domain Name System (DNS). 

caa record

This is the ‘certification authority authorization’ record, it allows domain owners state which certificate authorities can issue certificates for that domain. If no CAA record exists, then anyone can issue a certificate for the domain. These records are also inherited by subdomains

DNSKEY record

The ‘DNS Key Record’ contains a public key used to verify Domain Name System Security Extension (DNSSEC) signatures

CERT record

The ‘certificate record’ stores public key certificates

DCHID record

The ‘DHCP Identifier’ stores info for the Dynamic Host Configuration Protocol (DHCP), a standardized network protocol used on IP networks

DNAME  record

The ‘delegation name’ record creates a domain alias, just like CNAME, but this alias will redirect all subdomains as well. For instance if the owner of ‘example.com’ bought the domain ‘website.net’ and gave it a DNAME record that points to ‘example.com’, then that pointer would also extend to ‘blog.website.net’ and any other subdomains

DKIM record

DKIM record is a specially formatted DNS TXT record that stores the public key the receiving mail server will use to verify a message's signature. A DKIM includes a name, version, key type, and the public key itself, and is often made available by the provider that is sending your email.

IPSECKEY record

The ‘IPSEC key’ record works with the Internet Protocol Security (IPSEC), an end-to-end security protocol framework and part of the Internet Protocol Suite (TCP/IP).

LOC record

The ‘location’ record contains geographical information for a domain in the form of longitude and latitude coordinates.

RP record

This is the ‘responsible person’ record and it stores the email address of the person responsible for the domain.

SSHFP record

This record stores the ‘SSH public key fingerprints’; SSH stands for Secure Shell and it’s a cryptographic networking protocol for secure communication over an unsecure network.

DMARC record

DMARC, which stands for Domain-based Message Authentication, Reporting, and Conformance, is a DNS TXT Record that can be published for a domain to control what happens if a message fails authentication. A published DMARC record basically serves two purposes:

  1. Tell the recipient server to either: Quarantine the message or Reject the message or Allow the message to continue delivery
  2. Sends reports to an email address or addresses with data about all the messages seen from the domain

Q/A