DNS Record Types

Common DNS record types with descriptions, use cases, and example syntax.

addressAddress2 records
A
Address
Maps a hostname to an IPv4 address.
example.com. 300 IN A 93.184.216.34
AAAA
IPv6 Address
Maps a hostname to an IPv6 address.
example.com. 300 IN AAAA 2606:2800:220:1:248:1893:25c8:1946
namingNaming4 records
CNAME
Canonical Name
Alias that points one hostname to another. The target must ultimately resolve to an A or AAAA record. Cannot coexist with other record types at the same name.
www.example.com. 300 IN CNAME example.com.
NS
Name Server
Delegates a DNS zone to an authoritative name server. Every zone must have at least two NS records.
example.com. 86400 IN NS ns1.example.com.
SOA
Start of Authority
Contains administrative information about the zone: primary name server, admin email, serial number, and refresh/retry/expire intervals.
example.com. 3600 IN SOA ns1.example.com. admin.example.com. 2024010101 3600 900 604800 300
PTR
Pointer
Reverse DNS lookup — maps an IP address back to a hostname. PTR records live in the arpa. zone.
34.216.184.93.in-addr.arpa. 3600 IN PTR example.com.
mailMail4 records
MX
Mail Exchange
Specifies the mail server responsible for accepting email for a domain. Lower preference values have higher priority.
example.com. 300 IN MX 10 mail.example.com.
TXT
Sender Policy Framework
Specifies which mail servers are authorized to send email for the domain. Used by receiving servers to reject spoofed mail.
example.com. 300 IN TXT "v=spf1 include:_spf.google.com ~all"
Stored as a TXT record.
TXT
DomainKeys Identified Mail
Publishes a public key used to verify cryptographic signatures on outgoing email, proving the message wasn't altered in transit.
selector._domainkey.example.com. 300 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0..."
Stored as a TXT record under a selector subdomain.
TXT
Domain-based Message Authentication
Policy record that tells receiving servers what to do with mail that fails SPF or DKIM checks: none, quarantine, or reject.
_dmarc.example.com. 300 IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc@example.com"
Stored as a TXT record at _dmarc.
textText & Service3 records
TXT
Text
Stores arbitrary text data associated with a domain. Used for domain verification, SPF, DKIM, DMARC, and other purposes.
example.com. 300 IN TXT "google-site-verification=abc123"
SRV
Service Locator
Specifies the hostname and port for a specific service (e.g., SIP, XMPP, Minecraft). Format: priority weight port target.
_xmpp-client._tcp.example.com. 300 IN SRV 10 5 5222 xmpp.example.com.
CAA
Certification Authority Authorization
Restricts which certificate authorities may issue TLS certificates for the domain, reducing the risk of misissued certificates.
example.com. 300 IN CAA 0 issue "letsencrypt.org"
dnssecDNSSEC4 records
DS
Delegation Signer
Contains a hash of a DNSKEY record in a child zone, establishing a chain of trust from parent to child zone for DNSSEC validation.
example.com. 3600 IN DS 12345 8 2 49FD...
DNSKEY
DNS Public Key
Holds a public key used to verify DNSSEC signatures (RRSIG records) in the same zone.
example.com. 3600 IN DNSKEY 257 3 8 AwEAAb...
RRSIG
Resource Record Signature
DNSSEC cryptographic signature over a set of DNS records, allowing resolvers to verify authenticity.
example.com. 3600 IN RRSIG A 8 2 300 20241231...
NSEC
Next Secure
Used to prove the non-existence of a DNS name — lists the next existing name in the zone alphabetically.
example.com. 3600 IN NSEC www.example.com. A MX RRSIG NSEC