DNS Records Explained

DNS records (aka zone files) are instructions that live in authoritative DNS servers and provide information about a domain including what IP address is associated with that domain and how to handle requests for that domain. These records consist of a series of text files written in what is known as DNS syntax. DNS syntax is just a string of characters used as commands that tell the DNS server what to do. All DNS records also have a ‘TTL’, which stands for time-to-live, and indicates how often a DNS server will refresh that record.

You can think of a set of DNS records like a business listing on Yelp. That listing will give you a bunch of useful information about a business such as their location, hours, services offered, etc. All domains are required to have at least a few essential DNS records for a user to be able to access their website using a domain name, and there are several optional records that serve additional purposes.

What are the most common types of DNS record?

• A record – The record that holds the IP address of a domain. Learn more about the A record.
• AAAA record – The record that contains the IPv6 address for a domain (as opposed to A records, which list the IPv4 address). Learn more about the AAAA record.
• CNAME record – Forwards one domain or subdomain to another domain, does NOT provide an IP address. Learn more about the CNAME record.
• MX record – Directs mail to an email server. Learn more about the MX record.
• TXT record – Lets an admin store text notes in the record. These records are often used for email security. Learn more about the TXT record.
• NS record – Stores the name server for a DNS entry. Learn more about the NS record.
• SOA record – Stores admin information about a domain. Learn more about the SOA record.
• SRV record – Specifies a port for specific services. Learn more about the SRV record.
• PTR record – Provides a domain name in reverse-lookups. Learn more about the PTR record.

What are some of the less commonly used DNS records?

• AFSDB record – This record is used for clients of the Andrew File System (AFS) developed by Carnegie Melon. The AFSDB record functions to find other AFS cells.
• APL record – The ‘address prefix list’ is an experiment record that specifies lists of address ranges.
• CAA record – This is the ‘certification authority authorization’ record, it allows domain owners state which certificate authorities can issue certificates for that domain. If no CAA record exists, then anyone can issue a certificate for the domain. These records are also inherited by subdomains.
• DNSKEY record – The ‘DNS Key Record’ contains a public key used to verify Domain Name System Security Extension (DNSSEC) signatures.
• CDNSKEY record – This is a child copy of the DNSKEY record, meant to be transferred to a parent.
• CERT record – The ‘certificate record’ stores public key certificates.
• DCHID record – The ‘DHCP Identifier’ stores info for the Dynamic Host Configuration Protocol (DHCP), a standardized network protocol used on IP networks.
• DNAME record – The ‘delegation name’ record creates a domain alias, just like CNAME, but this alias will redirect all subdomains as well. For instance if the owner of ‘example.com’ bought the domain ‘website.net’ and gave it a DNAME record that points to ‘example.com’, then that pointer would also extend to ‘blog.website.net’ and any other subdomains.
• HIP record – This record uses ‘Host identity protocol’, a way to separate the roles of an IP address; this record is used most often in mobile computing.
• IPSECKEY record – The ‘IPSEC key’ record works with the Internet Protocol Security (IPSEC), an end-to-end security protocol framework and part of the Internet Protocol Suite (TCP/IP).
• LOC record – The ‘location’ record contains geographical information for a domain in the form of longitude and latitude coordinates.
• NAPTR record – The ‘name authority pointer’ record can be combined with an SRV record to dynamically create URI’s to point to based on a regular expression.
• NSEC record – The ‘next secure record’ is part of DNSSEC, and it’s used to prove that a requested DNS resource record does not exist.
• RRSIG record – The ‘resource record signature’ is a record to store digital signatures used to authenticate records in accordance with DNSSEC.
• RP record – This is the ‘responsible person’ record and it stores the email address of the person responsible for the domain.
• SSHFP record – This record stores the ‘SSH public key fingerprints’; SSH stands for Secure Shell and it’s a cryptographic networking protocol for secure communication over an unsecure network.

Cloudflare DNS is an authoritative DNS service that offers the fastest response time and advanced security. Cloudflare DNS supports a wide variety of DNS records, plus additional services like easy DMARC, DKIM, and SPF configuration. Cloudflare also offers 1.1.1.1, a free DNS resolver that is fast and private. Learn about Cloudflare’s authoritative DNS service, or about managing DNS records in Cloudflare.

“What Are DNS Records?,” Cloudflare, 2023, https://www.cloudflare.com/learning/dns/dns-records/#:~:text=DNS%20records%20(aka%20zone%20files,handle%20requests%20for%20that%20domain..