From Surf Wiki (app.surf) — the open knowledge base

List of DNS record types

Overview of resource records permissible in zone files of the Domain Name System

A graphical overview of all active DNS record types

This list of DNS record types is an overview of resource records (RRs) permissible in zone files of the Domain Name System (DNS). It also contains pseudo-RRs.

Resource records

Type	Type id (decimal)	Defining RFC	Description	Function
A	1		Address record	Returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host, but it is also used for DNSBLs, storing subnet masks, etc.
AAAA	28		IPv6 address record	Returns a 128-bit IPv6 address, most commonly used to map hostnames to an IP address of the host.
AFSDB	18		AFS database record	Location of database servers of an AFS cell. This record is commonly used by AFS clients to contact AFS cells outside their local domain. A subtype of this record is used by the obsolete DCE/DFS file system.
APL	42		Address Prefix List	Specify lists of address ranges, e.g. in CIDR format, for various address families. Experimental.
CAA]]	257		Certification Authority Authorization	DNS Certification Authority Authorization, constraining acceptable CAs for a host/domain
CDNSKEY	60			Child copy of DNSKEY record, for transfer to parent
CDS	59		Child DS	Child copy of DS record, for transfer to parent
CERT	37		Certificate record	Stores digital certificates in various forms (PKIX, SPKI, PGP, etc).
CNAME]]	5		Canonical name record	Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name.
CSYNC	62	RFC 7477	Child-to-Parent Synchronization	Specify a synchronization mechanism between a child and a parent DNS zone. Typical example is declaring the same NS records in the parent and the child zone
DHCID	49	RFC 4701	DHCP identifier	Used in conjunction with the FQDN option to DHCP
DLV	32769	RFC 4431	DNSSEC Lookaside Validation record	For publishing DNSSEC trust anchors outside of the DNS delegation chain. Uses the same format as the DS record. RFC 5074 describes a way of using these records.
DNAME]]	39	RFC 6672	Delegation name record	Alias for a name and all its subnames, unlike CNAME, which is an alias for only the exact name. Like a CNAME record, the DNS lookup will continue by retrying the lookup with the new name.
DNSKEY	48		DNS Key record	The key record used in DNSSEC. Uses the same format as the KEY record.
DS	43		Delegation signer	The record used to identify the DNSSEC signing key of a delegated zone
EUI48	108	RFC 7043	MAC address (EUI-48)	A 48-bit IEEE Extended Unique Identifier.
EUI64	109	RFC 7043	MAC address (EUI-64)	A 64-bit IEEE Extended Unique Identifier.
HINFO	13		Placeholder record, or host information	Repurposed to be used while responding to ANY queries. Originally defined as "Host information", intended to inform about host's operating system and hardware. RFC 8482 did not obsolete this conventional meaning for explicit HINFO queries, but rather considers it rarely used.
HIP]]	55	RFC 8005	Host Identity Protocol	Method of separating the end-point identifier and locator roles of IP addresses.
HTTPS	65		HTTPS Binding	A specialised type of SVCB record. Provides connection information required to establish a secure connection via HTTPS, which would ordinarily be obtained and negotiated during connection to the host. Obtaining the information from the DNS server instead of negotiating it with the host allows for more secure connections (e.g. by using Encrypted Client Hello) and lower latency when the connection to the host is first established.
IPSECKEY	45	RFC 4025	IPsec Key	Key record that can be used with IPsec
KEY	25	RFC 2535 RFC 2930	Key record	Used only for SIG(0) (RFC 2931) and TKEY (RFC 2930). RFC 3445 eliminated their use for application keys and limited their use to DNSSEC. RFC 3755 designates DNSKEY as the replacement within DNSSEC. RFC 4025 designates IPSECKEY as the replacement for use with IPsec.
KX	36	RFC 2230	Key Exchanger record	Used with some cryptographic systems (not including DNSSEC) to identify a key management agent for the associated domain-name. Note that this has nothing to do with DNS Security. It is Informational status, rather than being on the IETF standards-track. It has always had limited deployment, but is still in use.
LOC	29	RFC 1876	Location record	Specifies a geographical location associated with a domain name
MX	15	RFC 7505	Mail exchange record	List of mail exchange servers that accept email for a domain
NAPTR	35	RFC 3403	Naming Authority Pointer	Allows regular-expression-based rewriting of domain names which can then be used as URIs, further domain names to lookups, etc.
NS	2		Name server record	Delegates a DNS zone to use the given authoritative name servers
NSEC	47		Next Secure record	Part of DNSSEC—used to prove a name does not exist. Uses the same format as the (obsolete) NXT record.
NSEC3	50	RFC 5155	Next Secure record version 3	An extension to DNSSEC that allows proof of nonexistence for a name without permitting zonewalking
NSEC3PARAM	51	RFC 5155	NSEC3 parameters	Parameter record for use with NSEC3
OPENPGPKEY	61	RFC 7929	OpenPGP public key record	A DNS-based Authentication of Named Entities (DANE) method for publishing and locating OpenPGP public keys in DNS for a specific email address using an OPENPGPKEY DNS resource record.
PTR	12			Pointer to a canonical name. Unlike a CNAME, DNS processing stops and just the name is returned. The most common use is for implementing reverse DNS lookups, but other uses include such things as DNS-SD.
RP	17		Responsible Person	Information about the responsible person(s) for the domain. Usually an email address with the @ replaced by a .
RRSIG	46		DNSSEC signature	Signature for a DNSSEC-secured record set. Uses the same format as the SIG record.
SIG	24	RFC 2535	Signature	Signature record used in SIG(0) (RFC 2931) and TKEY (RFC 2930). RFC 3755 designated RRSIG as the replacement for SIG for use within DNSSEC.
SMIMEA	53	url = https://tools.ietf.org/html/rfc8162#section-2	title = RFC 8162 – Using Secure DNS to Associate Certificates with Domain Names for S/MIME	publisher = Internet Engineering Task Force	date = May 2017	doi = 10.17487/RFC8162	access-date = 17 October 2018	last1 = Hoffman	first1 = P.	last2 = Schlyter	first2 = J. }}	url = https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml	title = Domain Name System (DNS) Parameters	publisher = Internet Assigned Numbers Authority	date = September 2018	access-date = 17 October 2018}}	Associates an S/MIME certificate with a domain name for sender authentication.
SOA	6	RFC 2308	Start of [a zone of] authority record	Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.
SRV	33	RFC 2782	Service locator	Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX.
SSHFP]]	44	RFC 4255	SSH Public Key Fingerprint	Resource record for publishing SSH public host key fingerprints in the DNS, in order to aid in verifying the authenticity of the host. RFC 6594 defines ECC SSH keys and SHA-256 hashes. See the [IANA SSHFP RR parameters registry](https://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xml) for details.
SVCB	64		Service Binding	This resource record provides metadata and other information that can help clients connect to the host. The HTTPS record is a specialised SVCB record to help when establishing HTTPS connections. The more general SVCB record can provide other information such as supported protocols, alternative endpoints, and some types of aliasing not supported by CNAME records.
TA	32768		DNSSEC Trust Authorities	Part of a deployment proposal for DNSSEC without a signed DNS root. See the [IANA database](https://www.iana.org/assignments/dns-parameters) and [Weiler Spec](http://www.watson.org/~weiler/INI1999-19.pdf) for details. Uses the same format as the DS record.
TKEY]]	249	RFC 2930	Transaction Key record	A method of providing keying material to be used with TSIG that is encrypted under the public key in an accompanying KEY RR.
TLSA	52	RFC 6698	TLSA certificate association	A record for DANE. RFC 6698 defines "The TLSA DNS resource record is used to associate a TLS server certificate or public key with the domain name where the record is found, thus forming a 'TLSA certificate association'".
TSIG	250	RFC 2845	Transaction Signature	Can be used to authenticate dynamic updates as coming from an approved client, or to authenticate responses as coming from an approved recursive name server similar to DNSSEC.
TXT]]	16		Text record	Originally for arbitrary human-readable text in a DNS record. Since the early 1990s, however, this record more often carries machine-readable data, such as specified by RFC 1464, opportunistic encryption, Sender Policy Framework, DKIM, DMARC, DNS-SD, etc.
URI]]	256	RFC 7553	Uniform Resource Identifier	Can be used for publishing mappings from hostnames to URIs.
ZONEMD]]	63	RFC 8976	Message Digests for DNS Zones	Provides a cryptographic message digest over DNS zone data at rest.

Other types and pseudo-RRs

Other types of records simply provide some types of information (for example, an HINFO record gives a description of the type of computer/OS a host uses), or others return data used in experimental features. The "type" field is also used in the protocol for various operations.

	Type		Type id.	Defining RFC
*	255		All cached records	Returns all records of all types known to the name server. If the name server does not have any information on the name, the request will be forwarded on. The records returned may not be complete. For example, if there is both an A and an MX for a name, but the name server has only the A record cached, only the A record will be returned. Usually referred to as *ANY* (e.g., in dig, Windows nslookup, and Wireshark). In 2019, standards-track publication led many DNS providers, including Cloudflare, to provide only minimal responses to "ANY" queries, instead of enumerating records.
AXFR	252		Authoritative Zone Transfer	Transfer entire zone file from the primary name server to secondary name servers.
IXFR	251	RFC 1996	Incremental Zone Transfer	Requests a zone transfer of the given zone but only differences from a previous serial number. This request may be ignored and a full (AXFR) sent in response if the authoritative server is unable to fulfill the request due to configuration or lack of required deltas.
OPT	41	RFC 6891	Option	This is a pseudo-record type needed to support EDNS.
ALIAS /	-	draft-ietf-dnsop-aname-04	Alias similar to DNAME	An ANAME, ALIAS. apex CNAME, CNAME flattening, or sometimes also top-level redirection record is a pseudo record type is a commonly used but not RFC-standardized record type. Its implementation varies. It serves as an alternative to CNAMEs especially for the bare domain name and where such records should co-exist with others. It causes the DNS software vendor to synthetically generate A and AAAA records similar to the ones of the ANAME-records destination. If the destination changes these synthetic A and AAAA records change automatically as well. The actual mechanisms used are often considered proprietary.

Obsolete record types

Progress has rendered some of the originally defined record-types obsolete. Of the records listed at IANA, some have limited use, for various reasons. Some are marked obsolete in the list, some are for very obscure services, some are for older versions of services, and some have special notes saying they are "not right".

Type	Type id.(decimal)	Defining RFC	Obsoleted by	Description
MD	3			Mail destination (MD) and mail forwarder (MF) records; MAILA is not an actual record type, but a query type which returns MF and/or MD records. RFC 973 replaced these records with the MX record.
MF	4
MAILA	254
MB	7		Not formally obsoleted. Unlikely to be ever adopted (RFC 2505).	MB, MG, MR, and MINFO are records to publish subscriber mailing lists. MAILB is a query code which returns one of those records. The intent was for MB and MG to replace the SMTP VRFY and EXPN commands. MR was to replace the "551 User Not Local" SMTP error. Later, RFC 2505 recommended that both VRFY and EXPN be disabled, making MB and MG unnecessary. They were classified as experimental by RFC 1035.
MG	8
MR	9
MINFO	14
MAILB	253
WKS	11		Declared as "not to be relied upon" by (more in ).	Record to describe well-known services supported by a host. Not used in practice. The current recommendation and practice is to determine whether a service is supported on an IP address by trying to connect to it. SMTP is even prohibited from using WKS records in MX processing.
NB	32			Mistakes (from RFC 1002); the numbers are now assigned to NIMLOC and SRV.
NBSTAT	33
NULL	10			Obsoleted by RFC 1035. RFC 883 defined "completion queries" (opcode 2 and maybe 3) which used this record. RFC 1035 later reassigned opcode 2 to be "status" and reserved opcode 3.
A6	38			Defined as part of early IPv6 but downgraded to experimental by RFC 3363; later downgraded to historic by RFC 6563.
NXT	30	RFC 2065	RFC 3755	Part of the first version of DNSSEC (RFC 2065). NXT was obsoleted by DNSSEC updates (RFC 3755). At the same time, the domain of applicability for KEY and SIG was also limited to not include DNSSEC use.
KEY	25
SIG	24
HINFO	13		Unobsoleted by . Currently used by Cloudflare in response to queries of the type ANY.	Record intended to provide information about host CPU type and operating system. It was intended to allow protocols to optimize processing when communicating with similar peers.
RP	17			RP may be used for certain human-readable information regarding a different contact point for a specific host, subnet, or other domain level label separate than that used in the SOA record.
X25	19		Not in current use by any notable application
ISDN	20		Not in current use by any notable application
RT	21		Not in current use by any notable application
NSAP	22	RFC 1706		Not in current use by any notable application
NSAP-PTR	23		Not in current use by any notable application
PX	26	RFC 2163		Not in current use by any notable application
EID	31			Defined by the [Nimrod DNS](https://datatracker.ietf.org/doc/html/draft-ietf-nimrod-dns-00) Internet Draft, but never made it to RFC status. Not in current use by any notable application
NIMLOC	32
ATMA	34			title=ATM Name System, V2.0	date=July 2000	publisher=ATM Forum Technical Committee	url=http://www.broadband-forum.org/ftp/pub/approved-specs/af-dans-0152.000.pdf	archive-url=https://web.archive.org/web/20190314135249/http://www.broadband-forum.org/ftp/pub/approved-specs/af-dans-0152.000.pdf	url-status=dead	archive-date=2019-03-14	access-date=14 March 2019}}
APL	42	RFC 3123		Specify lists of address ranges, e.g. in CIDR format, for various address families. Experimental.
SINK	40			Defined by the [Kitchen Sink](https://datatracker.ietf.org/doc/draft-eastlake-kitchen-sink/) Internet Draft, but never made it to RFC status
GPOS	27	RFC 1712		A more limited early version of the LOC record
UINFO	100			IANA reserved, no RFC documented them [https://web.archive.org/web/20080611185015/http://www.ops.ietf.org/lists/namedroppers/namedroppers.2004/msg00949.html](https://web.archive.org/web/20080611185015/http://www.ops.ietf.org/lists/namedroppers/namedroppers.2004/msg00949.html) and support was removed from BIND in the early 90s.
UID	101
GID	102
UNSPEC	103
SPF	99	RFC 4408	RFC 7208	title=Resolution of the Sender Policy Framework (SPF) and Sender ID Experiments	rfc=6686	appendix=A	sectionname=Background on the RRTYPE Issue	first1=M.	last1=Kucherawy	date=July 2012	publisher=IETF	access-date=August 31, 2013}}
NINFO	56			last1=Reid	first1=Jim	title=draft-reid-dnsext-zs-01 – The Zone Status (ZS) DNS Resource Record	newspaper=Ietf Datatracker	url=https://datatracker.ietf.org/doc/draft-reid-dnsext-zs/	publisher=IETF	access-date=9 March 2019	date=4 July 2008}}
RKEY	57			last1=Reid	first1=Jim	last2=Schlyter	first2=Jakob	last3=Timms	first3=Ben	title=draft-reid-dnsext-rkey-00 – The RKEY DNS Resource Record	newspaper=Ietf Datatracker	url=https://datatracker.ietf.org/doc/draft-reid-dnsext-rkey/	publisher=IETF	access-date=9 March 2019	date=4 July 2008}}
TALINK	58			Defined by the [DNSSEC Trust Anchor History Service](https://tools.ietf.org/html/draft-wijngaards-dnsop-trust-history-02) Internet Draft, but never made it to RFC status
NID	104	RFC 6742		Not in use by any notable application and marked as "experimental"
L32	105
L64	106
LP	107
DOA	259			Defined by the [DOA over DNS](https://tools.ietf.org/html/draft-durand-doa-over-dns-03) Internet Draft, but never made it to RFC status

References

RFC 2535, §3
RFC 3445, §1. "The KEY RR was defined in RFC 2930..."
RFC 2931, §2.4. "SIG(0) on the other hand, uses public key authentication, where the public keys are stored in DNS as KEY RRs and a private key is stored at the signer."
RFC 3445, §1. "DNSSEC will be the only allowable sub-type for the KEY RR..."
RFC 3755, §3. "DNSKEY will be the replacement for KEY, with the mnemonic indicating that these keys are not for application use, per RFC3445. RRSIG (Resource Record SIGnature) will replace SIG, and NSEC (Next SECure) will replace NXT. These new types completely replace the old types, except that SIG(0) RFC2931 and TKEY RFC2930 will continue to use SIG and KEY."
RFC 4025, Abstract. "This record replaces the functionality of the sub-type #4 of the KEY Resource Record, which has been obsoleted by RFC 3445."
(May 2017). "RFC 8162 – Using Secure DNS to Associate Certificates with Domain Names for S/MIME". [[Internet Engineering Task Force]].
(September 2018). "Domain Name System (DNS) Parameters". [[Internet Assigned Numbers Authority]].
The minimum field of SOA record is redefined to be the TTL of NXDOMAIN reply in RFC 2308.
RFC 2930, §6. "... the keying material is sent within the key data field of a TKEY RR encrypted under the public key in an accompanying KEY RR RFC 2535."
RFC 2845, abstract
(16 March 2019). "What happened next: the deprecation of ANY". [[Cloudflare]].
(13 April 2016). "What happened next: the deprecation of ANY". [[Cloudflare]].
(July 2000). "ATM Name System, V2.0". ATM Forum Technical Committee.
(July 2012). "Resolution of the Sender Policy Framework (SPF) and Sender ID Experiments". [[Internet Engineering Task Force.
(April 2014). "Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1". [[Internet Engineering Task Force.
(4 July 2008). "draft-reid-dnsext-zs-01 – The Zone Status (ZS) DNS Resource Record". [[IETF]].
(4 July 2008). "draft-reid-dnsext-rkey-00 – The RKEY DNS Resource Record". [[IETF]].

Info: Wikipedia Source

This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page.

domain-name-system internet-protocols dns-record-types

Want to explore this topic further?

Ask Mako anything about List of DNS record types — get instant answers, deeper analysis, and related topics.

Research with Mako

Free with your Surf account

Content sourced from Wikipedia, available under CC BY-SA 4.0.

This content may have been generated or modified by AI. CloudSurf Software LLC is not responsible for the accuracy, completeness, or reliability of AI-generated content. Always verify important information from primary sources.

Report