Type | Description | Function |
A | IPv4 Address record | Returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host, but it is also used for DNSBLs, storing subnet masks in RFC 1101, etc. |
AAAA | IPv6 address record | Returns a 128-bit IPv6 address, most commonly used to map hostnames to an IP address of the host. |
AFSDB | AFS database record | Location of database servers of an AFS cell. This record is commonly used by AFS clients to contact AFS cells outside their local domain. A subtype of this record is used by the obsolete DCE/DFS file system. |
CAA | Certification Authority Authorization | DNS Certification Authority Authorization, constraining acceptable CAs for a host/domain |
CERT | Certificate record | Stores PKIX, SPKI, PGP, etc. |
CNAME | Canonical name record | Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name. |
DHCID | DHCP identifier | Used in conjunction with the FQDN option to DHCP |
DNAME | Delegation name record | Alias for a name and all its subnames, unlike CNAME, which is an alias for only the exact name. Like a CNAME record, the DNS lookup will continue by retrying the lookup with the new name. |
DNSKEY | DNS Key record | The key record used in DNSSEC. Uses the same format as the KEY record. |
DS | Delegation signer | The record used to identify the DNSSEC signing key of a delegated zone |
IPSECKEY | IPsec Key | Key record that can be used with IPsec |
LOC | Location record | Specifies a geographical location associated with a domain name |
MX | Mail exchange record | Maps a domain name to a list of message transfer agents for that domain |
NAPTR | Naming Authority Pointer | Allows regular-expression-based rewriting of domain names which can then be used as URIs, further domain names to lookups, etc. |
NS | Name server record | Delegates a DNS zone to use the given authoritative name servers |
NSEC | Next Secure record | Part of DNSSEC—used to prove a name does not exist. Uses the same format as the (obsolete) NXT record. |
NSEC3 | Next Secure record version 3 | An extension to DNSSEC that allows proof of nonexistence for a name without permitting zonewalking |
NSEC3PARAM | NSEC3 parameters | Parameter record for use with NSEC3 |
PTR | PTR Resource Record | Pointer to a canonical name. Unlike a CNAME, DNS processing stops and just the name is returned. The most common use is for implementing reverse DNS lookups, but other uses include such things as DNS-SD. |
RP | Responsible Person | Information about the responsible person(s) for the domain. Usually an email address with the @ replaced by a . |
RRSIG | DNSSEC signature | Signature for a DNSSEC-secured record set. Uses the same format as the SIG record. |
SOA | Start of [a zone of] authority record | Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone. |
SRV | Service locator | Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX. |
SSHFP | SSH Public Key Fingerprint | Resource record for publishing SSH public host key fingerprints in the DNS System, in order to aid in verifying the authenticity of the host. RFC 6594 defines ECC SSH keys and SHA-256 hashes. See the IANA SSHFP RR parameters registry for details. |
TLSA | TLSA certificate association | A record for DANE. RFC 6698 defines "The TLSA DNS resource record is used to associate a TLS server certificate or public key with the domain name where the record is found, thus forming a 'TLSA certificate association'". |
TSIG | Transaction Signature | Can be used to authenticate dynamic updates as coming from an approved client, or to authenticate responses as coming from an approved recursive name server[13] similar to DNSSEC. |
TXT | Text record | Originally for arbitrary human-readable text in a DNS record. Since the early 1990s, however, this record more often carries machine-readable data, such as specified by RFC 1464, opportunistic encryption, Sender Policy Framework, DKIM, DMARC, DNS-SD, etc. |
URI | Uniform Resource Identifier | Can be used for publishing mappings from hostnames to URIs. |