DNS Record Types

DNS, or the Domain Name System, is a database of information for network resources - kind of like the phonebook of the internet.

Information in DNS is stored in a list of DNS resource records related to a domain name. Each DNS record has a type, an expiration time (time to live or TTL), a class, and type-specific data. See our DNS lookup page for a more detailed overview of DNS in general.

The most common types of DNS records you'll see are likely A, NS, CNAME and MX, but as you'll see there are many more types of DNS resource record types as detailed below.

Following is a table of most of the common standard DNS records that you might find in the wild.


Type Description RFC Function
A Address record (IPv4) RFC 1035 Returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host, but it is also used for DNSBLs, storing subnet masks in RFC 1101, etc.
AAAA Address record (IPv6) RFC 3596 Returns a 128-bit IPv6 address, most commonly used to map hostnames to an IP address of the host.
AFSDB AFS database record RFC 1183 Location of database servers of an AFS cell. This record is commonly used by AFS clients to contact AFS cells outside their local domain. A subtype of this record is used by the obsolete DCE/DFS file system.
CAA Certification Authority Authorization RFC 6844 DNS Certification Authority Authorization, constraining acceptable CAs for a host/domain.
CERT Certificate record RFC 4398 Stores PKIX, SPKI, PGP, etc.
CNAME Canonical name record RFC 1035 Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name.
DHCID DHCP identifier RFC 4701 Used in conjunction with the FQDN option to DHCP.
DNAME Delegation Name record RFC 6672 Alias for a name and all its subnames, unlike CNAME, which is an alias for only the exact name. Like a CNAME record, the DNS lookup will continue by retrying the lookup with the new name.
DNSKEY DNS Key record RFC 4034 The key record used in DNSSEC. Uses the same format as the KEY record.
DS Delegation signer RFC 4034 The record used to identify the DNSSEC signing key of a delegated zone
IPSECKEY IPsec Key RFC 4025 Key record that can be used with IPsec.
LOC Location record RFC 1876 Specifies a geographical location associated with a domain name
MX Mail exchange record RFC 1035
RFC 7505
Maps a domain name to a list of message transfer agents for that domain.
NAPTR Naming Authority Pointer RFC 3403 Allows regular-expression-based rewriting of domain names which can then be used as URIs, further domain names to lookups, etc.
NS Name server record RFC 1035 Delegates a DNS zone to use the given authoritative name servers.
NSEC Next Secure record RFC 4034 Part of DNSSEC—used to prove a name does not exist. Uses the same format as the (obsolete) NXT record.
NSEC3 Next Secure record version 3 RFC 5155 An extension to DNSSEC that allows proof of nonexistence for a name without permitting zonewalking.
NSEC3PARAM NSEC3 parameters RFC 5155 Parameter record for use with NSEC3.
PTR Pointer record RFC 1035 Pointer to a canonical name. Unlike a CNAME, DNS processing stops and just the name is returned. The most common use is for implementing reverse DNS lookups, but other uses include such things as DNS-SD.
RP Responsible Person RFC 1183 Information about the responsible person(s) for the domain. Usually an email address with the @ replaced by a.
RRSIG DNSSEC signature RFC 4034 Signature for a DNSSEC-secured record set. Uses the same format as the SIG record.
SOA Start of Authority record RFC 1035
RFC 2308
Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.
SRV Service locator RFC 2782 Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX.
SSHFP SSH Public Key Fingerprint RFC 4255 Resource record for publishing SSH public host key fingerprints in the DNS System, in order to aid in verifying the authenticity of the host. RFC 6594 defines ECC SSH keys and SHA-256 hashes. See the IANA SSHFP RR parameters registry for details.
TLSA TLSA certificate association RFC 6698 A record for DANE. RFC 6698 defines "The TLSA DNS resource record is used to associate a TLS server certificate or public key with the domain name where the record is found, thus forming a 'TLSA certificate association'".
TXT Text record RFC 1035 Originally for arbitrary human-readable text in a DNS record. Since the early 1990s, however, this record more often carries machine-readable data, such as specified by RFC 1464, opportunistic encryption, Sender Policy Framework, DKIM, DMARC, DNS-SD, etc.
URI Uniform Resource Identifier RFC 7553 Can be used for publishing mappings from hostnames to URIs.