All Types of DNS Records at a Glance!

The Domain Name System (DNS) and DNS records are an essential part of the internet. They allow access to websites via domains or for receiving emails.

Each domain is assigned different records that define how requests are processed, such as which IP address is assigned or which mail server is responsible.

Therefore, there are different types of DNS records, each containing a different type of information. Some DNS record types are fundamental to making a website accessible under a specific domain, while others are optional and provide additional features.

Basic Records for Name Resolution

A Record—Linking to an IPv4 Address

The A record (Address Record) is one of the most fundamental DNS records. It associates a domain with an IPv4 address, the address of the server where the website is hosted. A records form the foundation of many DNS configurations. They are at the end of the resolution process when a domain name needs to be converted into a machine-readable IP address.

AAAA Record—Linking to an IPv6 Address

The AAAA record works similarly to the A record, with one key difference: instead of an IPv4 address, an IPv6 address is assigned.

But why are there two versions of IP addresses? The internet has grown significantly in recent years. This growth has caused the original IPv4 address space, which has about 4 billion addresses, to reach its limits. IPv6 solves this problem with much longer addresses and an almost unlimited number of combinations.

AAAA records are only used when both the server and the corresponding device support IPv6. In this case, the AAAA record takes priority over the classic A record. Many systems still use IPv4, but IPv6 is becoming increasingly important, especially for new devices and modern networks.

CNAME Record—Alias for Another Domain

A CNAME record (Canonical Name) is used to define an alias for an existing domain. They are only used with subdomains. Instead of pointing directly to an IP address like the A record, the CNAME record redirects the request to another domain. Ideally, this domain itself has an A or AAAA record.

If the IP address of the main server changes, only the A record of the target domain needs to be changed. All aliases will remain automatically up to date.

ALIAS Record—Alternative to CNAME for Root Domains

An ALIAS record serves a similar purpose to a CNAME record. It points to another hostname rather than an IP address. The difference is that ALIAS records can also be used for root domains, whereas CNAME records cannot.

PTR Record—For Reverse DNS Queries

A PTR record (Pointer Record) works opposite to the A record. Instead of associating a domain with an IP address, a PTR record assigns a hostname to an IP address. This process is called Reverse DNS Lookup and helps to determine which domain name is behind an IP address.

NS Record—Responsible Name Servers for a Domain

The NS record (Name Server Record) defines which name servers are responsible for a specific domain. These servers contain the complete DNS records for the domain and can answer requests with official information rather than just cached data.

Every domain requires at least one, but usually multiple, NS records to ensure DNS requests are reliably answered, even if one server is unreachable.

A missing or incorrectly set NS record will result in websites and other services associated with the domain being unable to load.

SOA Record—Information About the Domain Zone

The SOA record (Start of Authority) is a mandatory component of every DNS zone. It contains basic information about the domain or zone. This includes the administrator's email address and the last update time. It also specifies which server is responsible for the zone, playing a central role in the DNS hierarchy.

NAPTR Record—Extended Reference with Search Patterns

A NAPTR record (Naming Authority Pointer) is an extended form of the classic A record. It includes protocol-specific information and search patterns. If multiple NAPTR records are available, prioritization can be defined. It is only used in specialized applications, not for traditional websites or emails.

DNS Records for Email and Other Services

MX Record—Responsible for Email Reception

An MX record (Mail Exchange) specifies which server is responsible for receiving emails for a domain. It points to the hostname of a mail server, like mail.example.com, rather than an IP address.

A priority can also be set, where the lowest value indicates the mail server to be used first. This allows defining an order if multiple mail servers are available.

OPENPGPKEY Record—Public PGP Keys in DNS

The OPENPGPKEY record allows public PGP keys to be published directly in DNS. This allows users to get the right public key for an email address through a DNS query. It supports secure end-to-end encryption of emails with OpenPGP.

SMIMEA Record—Certificates for Encrypted Emails

An SMIMEA record (S/MIME Certificate Association) connects S/MIME certificates to a domain name. This helps encrypt and digitally sign emails and ensures that communication is both private and authentic.

This record functions similarly to OPENPGPKEY but is based on the S/MIME standard, which is primarily used in corporate environments.

SRV Record—Directions for Specific Services

An SRV record (Service Record) specifies which server is responsible for a particular IP-based service, including the port and protocol used. SRV records are used for services like SIP (VoIP) or XMPP (instant messaging). They help define the technical details of a service clearly.

DNS Records Containing Information

TXT Record—For Verification and Email Security

A TXT record (Text Record) is one of the most common DNS records. It allows free text to be stored in the domain name system. Originally intended for human-readable notes, it is now mostly used for technical purposes, such as domain verification. In email security, TXT records are used for SPF, DMARC, and DKIM entries.

RP Record—Responsible Contact Person

A RP record (Responsible Person) specifies who is technically or administratively responsible for a domain. Typically, this DNS record includes an email address.

HINFO Record—Technical Information About the Host

An HINFO record (Host Information) stores technical details about the server hosting a domain, such as the CPU and operating system.

However, it is rarely used today, as such information should not be made publicly available due to privacy concerns.

LOC Record—Location Information in DNS

A LOC record (Location Record) stores geographical location data for a domain or host in the DNS. This includes latitude, longitude, altitude, and accuracy information. It is rarely used, as modern services usually collect this data in other ways.

Security-Related DNS Records

IPSECKEY Record—Keys for IPsec Connections

An IPSECKEY record contains public keys for IPsec connections, a network protocol used to securely encrypt and authenticate data at the IP level. It is commonly used for VPNs or in highly secure networks.

CAA Record—Control Over SSL Certificates

A CAA record (Certification Authority Authorization) specifies which certificate authority (CA) is allowed to issue SSL certificates for a domain. This prevents unknown CAs from issuing certificates.

SSHFP Record—Fingerprint for SSH Keys

An SSHFP record (SSH Fingerprint) allows the fingerprint of an SSH key to be published directly in DNS. This allows a client to verify if the server's public key matches the fingerprint stored in the DNS when establishing an SSH connection. This helps to prevent man-in-the-middle attacks.

CERT Record—Store Certificates in DNS

A CERT record (Certificate Record) stores encrypted certificates like PGP or S/MIME directly in the DNS. This record is rarely used in practice, as certificates are typically managed through secure connections or central certification authorities.

TLSA Record—Certificate Association for DANE

A TLSA record (TLS Authentication) is used with the DANE protocol (DNS-based Authentication of Named Entities). It links an SSL/TLS certificate directly with a domain name. This allows clients to validate the certificate when establishing a connection, independent of traditional certification authorities.

Other Types of DNS Records

URI Record—Make Resources Discoverable via DNS

A URI record (Uniform Resource Identifier) allows a specific resource (e.g., an API) to be discovered via DNS. Priorities and weights can be used to define which URI should be preferred when multiple are available.

AFSDB Record—For the Andrew File System

An AFSDB record is used by the Andrew File System, a distributed file system from the research sector. It indicates which server is responsible for a specific AFS resource.

HTTPS Record—For Secure Connections

An HTTPS record contains information about a secure connection to a website, such as supported protocols. It reduces the steps required to establish an HTTPS connection and improves load times and security.

SVCB Record—Flexible Connection Data for Modern Services

An SVCB record (Service Binding) is similar to an HTTPS record but more versatile. It can be used for services beyond HTTP, such as DNS, and supports modern protocols and alias features.