Enhancing Skills

DNS record types

We need to understand the different types of DNS records.  The purpose of this page is not to do a deep dive, but enough to set up your domain appropriately.  In addition, a couple of tools will be reviewed to validate when your change has been synced within DNS (in the conclusion).


‘A’ record:

The ‘A’ stands for ‘address’ and this is the most fundamental type of DNS record: it indicates the IP address of a given domain. For example, if you pull the DNS records of cloudflare.com, the A record currently returns an IP address of: 104.17. 210.9. A records only hold IPv4 addresses.

‘AAAA’ record:

An AAAA record maps a domain name to the IP address (Version 6) of the computer hosting the domain. An AAAA record is used to find the IP address of a computer connected to the internet from a name.  For example, all the DNSimple name servers are assigned to an IPv6 address and can be queried via either IPv4 or IPv6.

‘CAA’ record:

Certificate authority authorization (CAA) is a domain name system (DNS) security measure that helps you to increase control of your brand identity. More specifically, certificate authority authorization is a DNS record that lets you specify which certificate authorities are allowed to issue SSL/TLS certificates for your domain.  (SSL/TLS digital certificates, which are also known as website security certificates, add identity and encryption to connections between clients and your web server.)

site.tld  CAA 0 issue “digicert.com”

‘CNAME’ record:

CNAME records can be used to alias one name to another. CNAME stands for Canonical Name.  A common example is when you have both example.com and www.example.com pointing to the same application and hosted by the same server. To avoid maintaining two different records, it’s common to create

    • An A record for example.com pointing to the server IP address
    • A CNAME record for www.example.com pointing to example.com
‘DS’ record:

DS records (Delegation Signer) are used to secure delegations (DNSSEC). A DS record with the name of the sub-delegated zone is placed in the parent zone along with the delegating NS Records. This DS record references a DNSKEY record in the sub-delegated zone.

DS records have the following components:

    • Key Tag:  Contains the tag value of the DNSKEY Resource Record that validates this signature.
    • Algorithm: Identifies the algorithm used to produce a legitimate signature.
    • Digest Type: Identifies the algorithm used to construct the digest.
    • Digest: A cryptographic hash value of the referenced DNSKEY Record.
‘MX’ record:

DNS ‘mail exchange’ (MXrecord directs email to a mail server. The MX record indicates how email messages should be routed by the Simple Mail Transfer Protocol (SMTP, the standard protocol for all email). Like CNAME records, an MX record must always point to another domain.

‘NS’ record:

NS stands for ‘nameserver,’ and the nameserver record indicates which DNS server is authoritative for that domain (i.e. which server contains the actual DNS records). NS records tell the Internet where to go to find out a domain’s IP address.

‘PTR ‘ record:

A PTR record is used for reverse DNS lookups, and it matches domain names with IP addresses. Learn more about PTR records and when they are used.

‘SPF’ record:

An SPF record is a Sender Policy Framework record. It’s used to indicate to mail exchanges which hosts are authorized to send mail for a domain. It’s defined in RFC 4408, and clarified by RFC 7208.

‘SVR’ record:

The DNS ‘service’ (SRVrecord specifies a host and port for specific services such as voice over IP (VoIP), instant messaging, and so on.  Most other DNS records only specify a server or an IP address, but SRV records include a port at that IP address as well.

‘SSHFP’ record:

Secure Shell fingerprint record (abbreviated as SSHFP record) is a type of resource record in the Domain Name System (DNS) which identifies SSH keys that are associated with a hostname. The acquisition of an SSHFP record needs to be secured with a mechanism such as DNSSEC for a chain of trust to be established.

‘TLSA’ record:

The TLS Authentication record (TLSA) is used to associate a TLS server certificate or public key with the domain name where the record is found. With a TLSA record, you can store the fingerprint of a TLS/SSL certificate in the DNS of your domain.

‘TXT’ record:

TXT records are a type of Domain Name System (DNSrecord that contains text information for sources outside of your domain. You add these records to your domain settings. You can use TXT records for various purposes. Google uses them to verify domain ownership and to ensure email security.


Knowing the DNS record types allows me to set up my provider.  I can use the following links to verify my change has been synced between the DNS servers.  The topic for another post.

Let me know your thoughts…


For more details and a deeper dive into the definitions and the defining RFC, please visit the reference URLs below:

One response to “DNS record types”

  1. Anthony says:

    This is awesome!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.