List of DNS record types
From Wikipedia, the free encyclopedia
(Redirected from A record (DNS))
The Domain name system (DNS) implements a distributed, hierarchical, and redundant database for information associated with Internet domain names and addresses. This List of DNS record types provides an overview of the types of database records (resource records) stored in the zone files of this system.
| Code | Number | Defining RFC | Description | Function |
|---|---|---|---|---|
| A | 1 | RFC 1035 | address record | returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host. |
| AAAA | 28 | RFC 3596 | IPv6 address record | returns a 128-bit IPv6 address, most commonly used to map hostnames to an IP address of the host. |
| AFSDB | 18 | RFC 1183 | AFS database record | location of the database servers of an AFS cell. This record is commonly used by AFS clients to contact AFS cells outside their local domain. A subtype of this record is used by the obsolete DCE/DFS file system. |
| AXFR | 252 | RFC 1035 | Full Zone Transfer | Transfer the entire zone file from the master name server to secondary name servers. |
| CERT | 37 | RFC 4398 | Certificate record | can store PKIX, SPKI, PGP, etc. |
| CNAME | 5 | RFC 1035 | canonical name record | an alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name. This helps when running multiple services (like an FTP and a webserver; each running on different ports) from a single IP address. Each service can then have its own entry in DNS (like ftp.example.com. and www.example.com.). Network administrators also use CNAMEs when running multiple HTTP servers on the same port, with different names, on the same physical host. This however requires host headers support for the two sites to both listen on the default port (port 80). |
| DHCID | 49 | RFC 4701 | DHCP identifier | Used in conjunction with the FQDN option to DHCP |
| DLV | 32769 | RFC 4431 | DNSSEC Lookaside Validation record | for publishing DNSSEC trust anchors outside of the DNS delegation chain. |
| DNAME | 39 | RFC 2672 | delegation name | Unlike the CNAME record which creates a single alias, a DNAME will delegate an entire portion of the DNS tree under a new name. Like the CNAME record, the DNS lookup will continue by retrying the lookup with the new name. |
| DNSKEY | 48 | RFC 3755 | DNS Key record | The key record used in DNSSEC |
| DS | 43 | RFC 3658 | Delegation signer | The record used to identify the DNSSEC signing key of a delegated zone |
| HIP | 55 | RFC 5205 | Host Identity Protocol | a method of separating the end-point identifier and locator roles of IP addresses. |
|
IPSECKEY
|
45 | RFC 4025 | IPSEC Key | Key record that can be used with IPSEC |
| IXFR | 251 | RFC 1995 | Incremental Zone Transfer | Transfer the changed parts of the zone file from the master name server to secondary name servers. |
|
KEY
|
25 | RFC 4034 | Key record | Used only for TKEY (RFC 2930). Before RFC 3755 was published, this was also used for DNSSEC, but DNSSEC now uses DNSKEY. |
| LOC | 29 | RFC 1876 | Location record | Specifies a geographical location associated with a domain name. |
| MX | 15 | RFC 1035 | mail exchange record | maps a domain name to a list of mail exchange servers for that domain. |
| NAPTR | 35 | RFC 3403 | Naming Authority Pointer | a newer type of DNS record that support regular expression based rewriting. |
| NS | 2 | RFC 1035 | name server record | delegates a DNS zone to use the given authoritative name servers |
| NSEC | 47 | RFC 3755 | Next-Secure record | Part of DNSSEC. Used to prove that a name does not exist. |
| NSEC3 | 50 | RFC 5155 | NSEC record version 3 | An extension to DNSSEC that allows proof of nonexistence for a name without permitting zonewalking. |
| NSEC3PARAM | 51 | RFC 5155 | NSEC3 parameters | Parameter record for use with NSEC3 |
| OPT | 41 | RFC 2671 | Option | This is a "pseudo DNS record type" needed to support EDNS |
| PTR | 12 | RFC 1035 | pointer record | a pointer to a canonical name. Unlike a CNAME, DNS processing does NOT proceed, just the name is returned. The most common use is for implementing reverse DNS lookups by putting a PTR record for a hostname in the in-addr.arpa. domain that corresponds to an IP address. For example (at the time of writing), www.icann.net has the IP address 192.0.34.164, but a PTR record maps 164.34.0.192.in-addr.arpa to its canonical name, referrals.icann.org. |
| RRSIG | 46 | RFC 3755 | DNSSEC signature | Signature for a DNSSEC-secured record set |
| SIG | 24 | RFC 2535 | Signature | Signature record used in SIG(0) (RFC 2931). Until RFC 3755 was published, the SIG record was part of DNSSEC; now RRSIG is used for that. |
| SOA | 6 | RFC 1035 | start of authority record | specifies the authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone. |
|
SPF
|
99 | RFC 4408 | SPF record | Specified as part of the SPF protocol, as an alternative to storing SPF data in TXT records. |
| SRV | 33 | RFC 2782 | Service locator | a generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX. |
| SSHFP | 44 | RFC 4255 | SSH Public Key Fingerprint | a resource record for publishing SSH public host key fingerprints in the DNS System, in order to aid in verifying the authenticity of the host. |
| TA | 32768 | None | DNSSEC Trust Authorities | Part of a deployment proposal for DNSSEC without a signed DNS root. See the IANA database and Weiler Spec] for details |
| TKEY | 249 | RFC 2930 | Transaction Key | a record that supports one set of security mechanisms for the DNS. Used between DNS resolvers and Name servers, in contrast to DNSSEC which secures DNS records. |
| TSIG | 250 | RFC 2845 | Transaction Signature | a record that supports one set of security mechanisms for DNS. Used between DNS resolvers and Name servers, in contrast to DNSSEC which secures DNS records. |
| TXT | 16 | RFC 1035 | Text record | originally intended to carry arbitrary human-readable text in a DNS record. Since the early 1990s, however, this record is more often used to carry machine-readable data such as specified by RFC 1464, opportunistic encryption, Sender Policy Framework and DomainKeys. |
Contents |
[edit] Other types
Other types of records simply provide some types of information (for example, an HINFO record gives a description of the type of computer/OS a host uses), or others return data used in experimental features.
The "type" field is also used in the protocol for various operations; type 255 is a request for "all cached records of all types", 252 (AXFR) is a request for transfer of a zone, TKEY and TSIG are used for transaction signing (which is different from record signing).
[edit] Obsolete record types
Progress has obsoleted some of the originally-defined record-types. Of the records listed at IANA, some have limited use, for various reasons. Some are marked obsolete in the list, some are for very obscure services, some are for older versions of services, and some have special notes saying they're "not right".
- Obsoleted by RFC 973: MD(3), MF (4), MAILA (254)
- Records to publish mailing list subscriber lists in the DNS: MB(7), MG(8), MR(9), MINFO(14), MAILB (253). The intent, as specified by RFC 883, was for MB to replace the SMTP VRFY command, MG to replace the SMTP EXPN command, and MR to replace the "551 User Not Local" SMTP error. Later, RFC 2505 recommends that both the VRFY and EXPN commands be disabled.
- Declared "not to be relied upon" by RFC 1123: WKS(11)[1]
- Mistakes: NB(32), NBSTAT(33) (from RFC 1002); the numbers are now assigned to NIMLOC and SRV.
- Obsoleted by RFC 1035: NULL(10) (RFC 883 defined "completion queries", opcode 2, which used this record. RFC 1035 reserved this opcode.)
- Defined as part of early IPv6 but downgraded to experimental by RFC 3364: A6(38)
- Obsoleted by DNSSEC updates (RFC 3755): NXT(30). The domain of applicability for KEY and SIG was also limited to not include DNSSEC use.
- Part of the first version of DNSSEC (RFC 2230/RFC 2065), now obsolete: KX(36)
- Not in current use by any notable application: HINFO(13), RP(17), X25(19), ISDN(20), RT(21), NSAP(22), NSAP-PTR(23), PX(26), EID(31), NIMLOC(32), ATMA(34), APL(42)
- Defined by the Kitchen Sink internet draft, but never made it to RFC status: SINK(40)
- A more limited early version of the LOC record: GPOS(27)
- IANA reserved, no RFC documented them[1] and support was removed from BIND in the early 90s: UINFO(100), UID(101), GID(102), UNSPEC(103)
[edit] Further reading
- "IANA DNS Parameters registry". Retrieved on 2008-05-25..
