DNS Record Types Reference

Maps a name to a single IPv4 address.

example.com.  300  IN  A  192.0.2.1

Maps a name to a single IPv6 address.

example.com.  300  IN  AAAA  2001:db8::1

Alias to another name. Cannot coexist with other records at the same owner name.

www.example.com.  300  IN  CNAME  example.com.

Provider-specific flattened CNAME usable at the zone apex. Not a real DNS type — resolved server-side to A/AAAA.

example.com.  300  IN  ALIAS  app.heroku.com.

Where to deliver mail for this domain. Lower preference number wins.

example.com.  300  IN  MX  10 mail.example.com.

Arbitrary text. Carries SPF, DKIM, DMARC, domain verification tokens.

example.com.  300  IN  TXT  "v=spf1 -all"

Delegates a zone to the listed authoritative name servers.

example.com.  86400  IN  NS  ns1.example.com.

Zone metadata: primary NS, contact, serial, refresh/retry/expire/minimum TTLs.

example.com.  3600  IN  SOA  ns1.example.com. hostmaster.example.com. 2024010101 7200 3600 1209600 3600

Reverse lookup — IP back to a name.

1.2.0.192.in-addr.arpa.  300  IN  PTR  host.example.com.

Priority, weight, port, target — used by SIP, XMPP, LDAP, Minecraft, and Kerberos.

_sip._tcp.example.com.  300  IN  SRV  10 60 5060 sip.example.com.

Restricts which CAs may issue certificates for this domain.

example.com.  300  IN  CAA  0 issue "letsencrypt.org"

Hash of a child zone's DNSKEY, published in the parent — establishes DNSSEC chain of trust.

example.com.  86400  IN  DS  12345 13 2 ABCD…

Public key used to validate signatures on a DNSSEC-signed zone.

example.com.  3600  IN  DNSKEY  256 3 13 …base64…

Cryptographic signature over a record set.

example.com.  300  IN  RRSIG  A 13 2 300 …signature…

DNSSEC proof that a name does not exist.

example.com.  300  IN  NSEC  next.example.com. A NS SOA RRSIG NSEC DNSKEY

Binds a TLS certificate or key to a name via DNSSEC — used by DANE.

_443._tcp.example.com.  300  IN  TLSA  3 1 1 …hash…

SSH host-key fingerprint published in DNS.

example.com.  300  IN  SSHFP  4 2 …hex…

Advertises HTTP/3, ALPN, IP hints, ECH config. Lets clients skip a CNAME hop and pick the right transport.

example.com.  300  IN  HTTPS  1 . alpn="h3,h2" ipv4hint=192.0.2.1

Rule-based rewriting — used by ENUM (telephone-to-URI) and SIP discovery.

example.com.  300  IN  NAPTR  100 10 "u" "E2U+sip" "!^.*$!sip:info@example.com!" .

Geographic coordinates. Rarely used in practice.

example.com.  300  IN  LOC  37 46 30 N 122 25 10 W 0m

Generic URI lookup with priority/weight, like SRV but for any URI scheme.

_ftp._tcp.example.com.  300  IN  URI  10 1 "ftp://ftp.example.com/public"

Originally type 99; RFC 7208 mandates TXT only. Use TXT.

example.com.  300  IN  TXT  "v=spf1 include:_spf.google.com -all"

Public key used by receivers to verify DKIM signatures on mail.

selector._domainkey.example.com.  300  IN  TXT  "v=DKIM1; k=rsa; p=MIGfMA0…"

Tells receivers how to handle mail that fails SPF/DKIM alignment.

_dmarc.example.com.  300  IN  TXT  "v=DMARC1; p=reject; rua=mailto:dmarc@example.com"

Publishes a logo SVG for DMARC-protected mail. Some clients require a Verified Mark Certificate.

default._bimi.example.com.  300  IN  TXT  "v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem"

Not stored as records — query types used to replicate zones between authoritative servers.

dig @ns1.example.com example.com AXFR

Asks for every record type at a name. Many resolvers refuse or return minimal data (RFC 8482).

dig example.com ANY