📚 DNS Record Types Reference

Maps a domain name to an IPv4 address. This is the most fundamental DNS record type used to resolve domain names to IP addresses.

Maps a domain name to an IPv6 address. Essential for IPv6 connectivity.

Creates an alias for a domain name, pointing to another canonical domain name. Cannot coexist with other record types at the same name.

Specifies mail servers for a domain and their priority. Lower priority values indicate preferred servers.

Delegates a DNS zone to use the given authoritative name servers.

Provides authoritative information about a DNS zone including primary name server, zone administrator email, serial number, and timing parameters.

Stores arbitrary text data. Commonly used for SPF, DKIM, domain verification, and other metadata.

Used for reverse DNS lookups, mapping IP addresses back to domain names.

Specifies which mail servers are authorized to send email on behalf of a domain. Stored in TXT records starting with "v=spf1".

Provides email authentication via cryptographic signatures. Public keys are published in TXT records at selector._domainkey.example.com.

Defines policy for handling emails that fail SPF or DKIM checks. Published at _dmarc.example.com.

Enables SMTP TLS security and reporting. Published at _mta-sts.example.com with accompanying policy file.

Associates TLS/SSL certificates with domain names using DANE (DNS-based Authentication of Named Entities). Published at _port._protocol.hostname.

Specifies where to send SMTP TLS failure reports. Published at _smtp._tls.example.com.

Contains public keys used to verify DNSSEC signatures. Can be Zone Signing Keys (ZSK) or Key Signing Keys (KSK).

Contains cryptographic signatures for DNS record sets, enabling verification of DNS data authenticity.

Holds hash of a DNSKEY record, used in the chain of trust between parent and child zones.

Provides authenticated denial of existence in DNSSEC by listing the next domain name in the zone.

Improved version of NSEC that prevents zone enumeration by using hashed domain names.

Specifies parameters for NSEC3 hashing algorithm used in the zone.

Published by child zone to signal to parent zone to update DS records, enabling automated DNSSEC key rollovers.

Child copy of DNSKEY for signaling DS updates to parent zone.

Defines the location of servers for specified services. Format: _service._proto.name.

Allows rewriting of domain names based on regular expressions. Used in ENUM and other dynamic services.

Modern service binding record that provides service parameters including alternative endpoints, ports, and protocols.

Special case of SVCB for HTTPS, enables HTTP/3, ECH, and other modern features.

Specifies which certificate authorities are authorized to issue certificates for a domain.

Creates an alias for an entire subtree of the domain name space. Like CNAME but works for subdomains.

Specifies geographical location information (latitude, longitude, altitude) for a domain.

Stores certificates in DNS (PGP, PKIX, SPKI, etc.).

Publishes SSH public key fingerprints to verify SSH host identity.

Provides host CPU and OS information. Rarely used due to security concerns.

Provides information about the responsible person for a domain.

Maps a domain name to a URI with priority and weight values.

Original SPF record type. DEPRECATED - use TXT records instead.

Obsolete. Use MX records instead.

Obsolete. Use MX records instead.

Experimental mailbox record. Not widely used.

Experimental mail group record. Not widely used.