DNS Records

Last updated:

DNS Records

What constitutes a DNS record?

DNS records, also referred to as zone files, are directives stored within authoritative DNS servers, conveying details about a domain. This information encompasses the associated IP address of the domain and how requests for that domain should be managed. These records are constructed using a sequence of text files adhering to DNS syntax. DNS syntax comprises a sequence of characters functioning as commands that guide the DNS server’s actions. Each DNS record is accompanied by a ‘TTL’ or time-to-live value, dictating how frequently a DNS server should refresh the specific record.

An analogy can be drawn between a collection of DNS records and a business listing on platforms like Yelp. Similar to how a Yelp listing offers pertinent data about a business, such as its location, operating hours, and services, DNS records furnish essential information about a domain. All domains are mandated to possess fundamental DNS records to facilitate user access to their websites using domain names. Moreover, various optional records serve supplementary functions.

What are the primary types of DNS records?

  • A Record - This record contains the IP address associated with a domain.
  • AAAA Record - This record holds the IPv6 address for a domain (in contrast to A records, which store IPv4 addresses).
  • CNAME Record - It forwards a domain or subdomain to another domain, without supplying an IP address.
  • MX Record - This record guides email to the appropriate email server.
  • TXT Record - Administrators can store textual notes within this record. It’s commonly used for enhancing email security.
  • NS Record - This record stores the name server responsible for a DNS entry.
  • SOA Record - It stores administrative details about a domain.
  • SRV Record - This record designates a port for specific services.
  • PTR Record - It enables domain name retrieval through reverse lookups.

What are some of the lesser-known DNS records?

  • AFSDB Record - This particular record serves clients of the Andrew File System (AFS), developed by Carnegie Mellon University. Its purpose is to locate other AFS cells.
  • APL Record - The ‘address prefix list’ is an experimental record that outlines lists of address ranges.
  • CAA Record - The ‘certification authority authorization’ record empowers domain owners to specify which certificate authorities can issue certificates for their domain. In the absence of a CAA record, any entity can issue a certificate for the domain. These records also extend to subdomains.
  • DNSKEY Record - The ‘DNS Key Record’ contains a public key employed to verify signatures in the Domain Name System Security Extension (DNSSEC).
  • CDNSKEY Record - A child variant of the DNSKEY record, intended for transfer to a parent.
  • CERT Record - The ‘certificate record’ stores public key certificates.
  • DCHID Record - The ‘DHCP Identifier’ holds information related to the Dynamic Host Configuration Protocol (DHCP), a standardized network protocol on IP networks.
  • DNAME Record - The ‘delegation name’ record establishes a domain alias, similar to a CNAME record, but this alias encompasses all subdomains as well. For instance, if the owner of ‘example.com’ acquires the domain ‘website.net’ and assigns a DNAME record pointing to ‘example.com’, the redirection would also apply to ‘blog.website.net’ and any other subdomains.
  • HIP Record - This record uses the ‘Host Identity Protocol,’ a method that separates the roles of an IP address; it’s commonly used in mobile computing.
  • IPSECKEY Record - The ‘IPSEC key’ record collaborates with Internet Protocol Security (IPSEC), a security protocol framework within the Internet Protocol Suite (TCP/IP).
  • LOC Record - The ‘location’ record contains geographical details for a domain, expressed as longitude and latitude coordinates.
  • NAPTR Record - The ‘name authority pointer’ record can be combined with an SRV record to dynamically create URIs based on regular expressions.
  • NSEC Record - Part of DNSSEC, the ‘next secure record’ is employed to verify the non-existence of a requested DNS resource record.
  • RRSIG Record - The ‘resource record signature’ is used to store digital signatures that authenticate records in accordance with DNSSEC.
  • RP Record - The ‘responsible person’ record stores the email address of the individual responsible for the domain.
  • SSHFP Record - This record holds the ‘SSH public key fingerprints.’ SSH, or Secure Shell, is a cryptographic networking protocol used for secure communication over an unsecured network.