List of DNS record types
Encyclopedia
This List of DNS record types provides an overview of types of resource records (database records) stored in the zone file
s of the Domain Name System
(DNS).
The DNS implements a distributed, hierarchical, and redundant database for information associated with Internet domain names and addresses. In these domain servers, different record types are used for different purposes.
Of the records listed at IANA, some have limited use, for various reasons. Some are marked obsolete in the list, some are for very obscure services, some are for older versions of services, and some have special notes saying they are "not right".
RP(17) may be used for certain human-readable information regarding a different contact point for a specific host, subnet, or other domain level label separate than that used in the SOA record.
Zone file
A Domain Name System zone file is a text file that describes a DNS zone. A DNS zone is a subset, often a single domain, of the hierarchical domain name structure of the DNS. The zone file contains mappings between domain names and IP addresses and other resources, organized in the form of text...
s of the Domain Name System
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
(DNS).
The DNS implements a distributed, hierarchical, and redundant database for information associated with Internet domain names and addresses. In these domain servers, different record types are used for different purposes.
Resource records
| Type | Value (decimal) | Defining RFC | Description | Function |
|---|---|---|---|---|
| A | 1 | RFC 1035 | address record | Returns a 32-bit IPv4 IPv4 Internet Protocol version 4 is the fourth revision in the development of the Internet Protocol and the first version of the protocol to be widely deployed. Together with IPv6, it is at the core of standards-based internetworking methods of the Internet... address, most commonly used to map hostname Hostname A hostname is a label that is assigned to a device connected to a computer network and that is used to identify the device in various forms of electronic communication such as the World Wide Web, e-mail or Usenet... s to an IP address of the host, but also used for DNSBL DNSBL A DNSBL is a list of IP addresses published through the Internet Domain Name Service either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time... s, storing subnet masks in RFC 1101, etc. |
| AAAA | 28 | RFC 3596 | IPv6 IPv6 Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4... address record |
Returns a 128-bit IPv6 IPv6 Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4... address, most commonly used to map hostname Hostname A hostname is a label that is assigned to a device connected to a computer network and that is used to identify the device in various forms of electronic communication such as the World Wide Web, e-mail or Usenet... s to an IP address of the host. |
| AFSDB | 18 | RFC 1183 | AFS database record | Location of database servers of an AFS Andrew file system The Andrew File System is a distributed networked file system which uses a set of trusted servers to present a homogeneous, location-transparent file name space to all the client workstations. It was developed by Carnegie Mellon University as part of the Andrew Project. It is named after Andrew... cell. This record is commonly used by AFS clients to contact AFS cells outside their local domain. A subtype of this record is used by the obsolete DCE/DFS DCE Distributed File System The DCE Distributed File System is the remote file access protocol used with the Distributed Computing Environment. It was based on the AFS Version 3.0 protocol that was developed commercially by Transarc Corporation... file system. |
| APL | 42 | RFC 3123 | Address Prefix List | Specify lists of address ranges, e.g. in CIDR format, for various address families. Experimental. |
| CERT | 37 | RFC 4398 | Certificate record | Stores PKIX, SPKI, PGP Pretty Good Privacy Pretty Good Privacy is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security... , etc. |
| CNAME CNAME record A CNAME record or Canonical Name record is a type of resource record in the Domain Name System that specifies that the domain name is an alias of another, canonical domain name. This helps when running multiple services from a single IP address... |
5 | RFC 1035 | Canonical Canonical Canonical is an adjective derived from canon. Canon comes from the greek word κανών kanon, "rule" or "measuring stick" , and is used in various meanings.... name record |
Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name. |
| DHCID | 49 | RFC 4701 | DHCP identifier | Used in conjunction with the FQDN option to DHCP |
| DLV | 32769 | RFC 4431 | DNSSEC Lookaside Validation record | For publishing DNSSEC DNSSEC The Domain Name System Security Extensions is a suite of Internet Engineering Task Force specifications for securing certain kinds of information provided by the Domain Name System as used on Internet Protocol networks... trust anchors outside of the DNS delegation chain. Uses the same format as the DS record. RFC 5074 describes a way of using these records. |
| DNAME | 39 | RFC 2672 | delegation name | DNAME creates an alias for a name and all its subnames, unlike CNAME, which aliases only the exact name in its label. Like the CNAME record, the DNS lookup will continue by retrying the lookup with the new name. |
| DNSKEY | 48 | RFC 4034 | DNS Key record | The key record used in DNSSEC DNSSEC The Domain Name System Security Extensions is a suite of Internet Engineering Task Force specifications for securing certain kinds of information provided by the Domain Name System as used on Internet Protocol networks... . Uses the same format as the KEY record. |
| DS | 43 | RFC 4034 | Delegation signer | The record used to identify the DNSSEC signing key of a delegated zone |
| HIP Host Identity Protocol The Host Identity Protocol is a host identification technology for use on Internet Protocol networks, such as the Internet. The Internet has two main name spaces, IP addresses and the Domain Name System. HIP separates the end-point identifier and locator roles of IP addresses... |
55 | RFC 5205 | Host Identity Protocol | Method of separating the end-point identifier and locator roles of IP address IP address An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing... es. |
| IPSECKEY | 45 | RFC 4025 | IPSEC Key | Key record that can be used with IPSEC IPsec Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session... |
| KEY | 25 | RFC 2535 and RFC 2930 | key record | Used only for SIG(0) (RFC 2931) and TKEY (RFC 2930). RFC 3445 eliminated their use for application keys and limited their use to DNSSEC. RFC 3755 designates DNSKEY as the replacement within DNSSEC. RFC 4025 designates IPSECKEY as the replacement for use with IPsec. |
| KX | 36 | RFC 2230 | Key eXchanger record | Used with some cryptographic systems (not including DNSSEC) to identify a key management agent for the associated domain-name. Note that this has nothing to do with DNS Security. It is Informational status, rather than being on the IETF standards-track. It has always had limited deployment, but is still in use. |
| LOC LOC record In the Domain Name System, a LOC record is a means for expressing geographic location information for a domain name.It contains WGS84 Latitude, Longitude and Altitude information together with host/subnet physical size and location accuracy... |
29 | RFC 1876 | Location record | Specifies a geographical location associated with a domain name |
| MX MX record A mail exchanger record is a type of resource record in the Domain Name System that specifies a mail server responsible for accepting email messages on behalf of a recipient's domain, and a preference value used to prioritize mail delivery if multiple mail servers are available... |
15 | RFC 1035 | mail exchange record | Maps a domain name to a list of message transfer agents for that domain |
| NAPTR | 35 | RFC 3403 | Naming Authority Pointer | Allows regular expression based rewriting of domain names which can then be used as URI Úri Úriis a village and commune in the comitatus of Pest in Hungary.... s, further domain names to lookups, etc. |
| NS | 2 | RFC 1035 | name server record | Delegates a DNS zone DNS zone A DNS zone is a portion of the global Domain Name System namespace for which administrative responsibility has been delegated.-Definition:... to use the given authoritative name servers |
| NSEC | 47 | RFC 4034 | Next-Secure record | Part of DNSSEC—used to prove a name does not exist. Uses the same format as the (obsolete) NXT record. |
| NSEC3 | 50 | RFC 5155 | NSEC record version 3 | An extension to DNSSEC that allows proof of nonexistence for a name without permitting zonewalking |
| NSEC3PARAM | 51 | RFC 5155 | NSEC3 parameters | Parameter record for use with NSEC3 |
| PTR | 12 | RFC 1035 | pointer record | Pointer to a canonical name. Unlike a CNAME, DNS processing does NOT proceed, just the name is returned. The most common use is for implementing reverse DNS lookup Reverse DNS lookup In computer networking, reverse DNS lookup or reverse DNS resolution is the determination of a domain name that is associated with a given IP address using the Domain Name System of the Internet.... s, but other uses include such things as DNS-SD. |
| RRSIG | 46 | RFC 4034 | DNSSEC signature | Signature for a DNSSEC-secured record set. Uses the same format as the SIG record. |
| RP | 17 | RFC 1183 | Responsible person | Information about the responsible person(s) for the domain. Usually an email address with the @ replaced by a . |
| SIG | 24 | RFC 2535 | Signature | Signature record used in SIG(0) (RFC 2931) and TKEY (RFC 2930). RFC 3755 designated RRSIG as the replacement for SIG for use within DNSSEC. |
| SOA | 6 | RFC 1035 | start of [a zone of] authority record | Specifies authoritative information about a DNS zone DNS zone A DNS zone is a portion of the global Domain Name System namespace for which administrative responsibility has been delegated.-Definition:... , including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone. |
| SPF Sender Policy Framework Sender Policy Framework is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF... |
99 | RFC 4408 | Sender Policy Framework | Specified as part of the SPF protocol in preference to the earlier provisional practice of storing SPF data in TXT records. Uses the same format as the earlier TXT record. |
| SRV SRV record A Service record is a specification of data in the Domain Name System defining the location, i.e. the hostname and port number, of servers for specified services. It is defined in RFC 2782, and its type code is 33... |
33 | RFC 2782 | Service locator | Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX. |
| SSHFP | 44 | RFC 4255 | SSH Public Key Fingerprint | Resource record for publishing SSH Secure Shell Secure Shell is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client... public host key fingerprints in the DNS System, in order to aid in verifying the authenticity of the host. |
| TA | 32768 | DNSSEC Trust Authorities | Part of a deployment proposal for DNSSEC without a signed DNS root. See the IANA database and Weiler Spec for details. Uses the same format as the DS record. | |
| TKEY TKEY record TKEY is a record type of the Domain Name System.TKEY RRs can used in number of different modes to establish shared keys between a DNS resolver and Server.-TKEY record format:-Mode Field values:* 0 - Reserved* 1 - Server assignment... |
249 | RFC 2930 | secret key record | A method of providing keying material to be used with TSIG TSIG TSIG is a computer networking protocol definedin RFC 2845. It is used primarily by the Domain Name System to provide a means of authenticating updates to a Dynamic DNS database, although it can also be used between servers and for regular queries... that is encrypted under the public key in an accompanying KEY RR. |
| TSIG TSIG TSIG is a computer networking protocol definedin RFC 2845. It is used primarily by the Domain Name System to provide a means of authenticating updates to a Dynamic DNS database, although it can also be used between servers and for regular queries... |
250 | RFC 2845 | Transaction Signature | Can be used to authenticate dynamic updates Dynamic DNS Dynamic DNS or DDNS is a term used for the updating in real time of Internet Domain Name System name servers to keep up to date the active DNS configuration of their configured hostnames, addresses and other information.... as coming from an approved client, or to authenticate responses as coming from an approved recursive name server similar to DNSSEC. |
| TXT | 16 | RFC 1035 | Text record | Originally for arbitrary human-readable text in a DNS record. Since the early 1990s, however, this record more often carries machine-readable data, such as specified by RFC 1464, opportunistic encryption Opportunistic encryption Opportunistic Encryption refers to any system that, when connecting to another system, attempts to encrypt the communications channel otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two systems.Opportunistic encryption can be used to... , Sender Policy Framework Sender Policy Framework Sender Policy Framework is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF... (although this provisional use of TXT records is deprecated in favor of SPF records), DomainKeys DomainKeys DomainKeys is an e-mail authentication system designed to verify the DNS domain of an e-mail sender and the message integrity. The DomainKeys specification has adopted aspects of Identified Internet Mail to create an enhanced protocol called DomainKeys Identified Mail... , DNS-SD, etc. |
Other types and pseudo resource records
Other types of records simply provide some types of information (for example, an HINFO record gives a description of the type of computer/OS a host uses), or others return data used in experimental features. The "type" field is also used in the protocol for various operations.| Code | Number | Defining RFC | Description | Function |
|---|---|---|---|---|
| * | 255 | RFC 1035 | All cached records | Returns all records of all types known to the name server. If the name server does not have any information on the name, the request will be forwarded on. The records returned may not be complete. For example, if there is both an A and an MX for a name, but the name server has only the A record cached, only the A record will be returned. Sometimes referred to as "ANY", for example in Windows nslookup and Wireshark. |
| AXFR | 252 | RFC 1035 | Authoritative Zone Transfer | Transfer entire zone file from the master name server to secondary name servers. |
| IXFR | 251 | RFC 1995 | Incremental Zone Transfer | Requests a zone transfer of the given zone but only differences from a previous serial number. This request may be ignored and a full (AXFR) sent in response if the authoritative server is unable to fulfill the request due to configuration or lack of required deltas. |
| OPT | 41 | RFC 2671 | Option | This is a "pseudo DNS record type" needed to support EDNS EDNS Extension mechanisms for DNS is a specification for expanding the size of several parameters of the Domain Name System protocol which had size restrictions that the Internet engineering community deemed too limited for increasing functionality of the protocol... |
Obsolete record types
Progress has rendered obsolete some of the originally-defined record-types.Of the records listed at IANA, some have limited use, for various reasons. Some are marked obsolete in the list, some are for very obscure services, some are for older versions of services, and some have special notes saying they are "not right".
- Obsoleted by RFC 973: MD(3), MF (4), MAILA (254)
- Records to publish mailing list subscriber lists in the DNS: MB(7), MG(8), MR(9), MINFO(14), MAILB (253). The intent, as specified by RFC 883, was for MB to replace the SMTP VRFY command, MG to replace the SMTP EXPN command, and MR to replace the "551 User Not Local" SMTP error. Later, RFC 2505 recommended that both the VRFY and EXPN commands be disabled, making the use of MB and MG unlikely to ever be adopted.
- Declared "not to be relied upon" by RFC 1123 (with further information in RFC 1127): WKS(11)
- Mistakes: NB(32), NBSTAT(33) (from RFC 1002); the numbers are now assigned to NIMLOC and SRV.
- Obsoleted by RFC 1035: NULL(10) (RFC 883 defined "completion queries" (opcode 2 and maybe 3) which used this record, RFC 1035 later reassigned opcode 2 to be "status" and reserved opcode 3.)
- Defined as part of early IPv6 but downgraded to experimental by RFC 3363: A6(38)
- Obsoleted by DNSSEC updates (RFC 3755): NXT(30). At the same time, the domain of applicability for KEY and SIG was also limited to not include DNSSEC use.
- Part of the first version of DNSSEC (RFC 2065).
- Not in current use by any notable application: HINFO(13), RP(17), X25(19), ISDN(20), RT(21), NSAP(22), NSAP-PTR(23), PX(26), EID(31), NIMLOC(32), ATMA(34), APL(42)
- Defined by the Kitchen Sink internet draftInternet DraftInternet Drafts is a series of working documents published by the IETF. Typically, they are drafts for RFCs, but may be other works in progress not intended for publication as RFCs. It is considered inappropriate to rely on Internet Drafts for reference purposes...
, but never made it to RFC status: SINK(40) - A more limited early version of the LOC record: GPOS(27)
- IANA reserved, no RFC documented them http://www.ops.ietf.org/lists/namedroppers/namedroppers.2004/msg00949.html and support was removed from BINDBINDBIND , or named , is the most widely used DNS software on the Internet.On Unix-like operating systems it is the de facto standard.Originally written by four graduate students at the Computer Systems Research Group at the University of California, Berkeley , the name originates as an acronym from...
in the early 90s: UINFO(100), UID(101), GID(102), UNSPEC(103)
RP(17) may be used for certain human-readable information regarding a different contact point for a specific host, subnet, or other domain level label separate than that used in the SOA record.