List of DNS record types

This list of DNS record types is an overview of resource records (RRs) permissible in zone files of the Domain Name System (DNS). It also contains pseudo-RRs.

Resource records

Type Type id. (decimal) Defining RFC Description Function
A
1 RFC 1035[1] Address record Returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host, but it is also used for DNSBLs, storing subnet masks in RFC 1101, etc.
AAAA
28 RFC 3596[2] IPv6 address record Returns a 128-bit IPv6 address, most commonly used to map hostnames to an IP address of the host.
AFSDB
18 RFC 1183 AFS database record Location of database servers of an AFS cell. This record is commonly used by AFS clients to contact AFS cells outside their local domain. A subtype of this record is used by the obsolete DCE/DFS file system.
APL
42 RFC 3123 Address Prefix List Specify lists of address ranges, e.g. in CIDR format, for various address families. Experimental.
CAA
257 RFC 6844 Certification Authority Authorization DNS Certification Authority Authorization, constraining acceptable CAs for a host/domain
CDNSKEY
60 RFC 7344 Child DNSKEY Child copy of DNSKEY record, for transfer to parent
CDS
59 RFC 7344 Child DS Child copy of DS record, for transfer to parent
CERT
37RFC 4398Certificate recordStores PKIX, SPKI, PGP, etc.
CNAME 5 RFC 1035[1] Canonical name record Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name.
DHCID
49RFC 4701DHCP identifierUsed in conjunction with the FQDN option to DHCP
DLV
32769RFC 4431DNSSEC Lookaside Validation recordFor publishing DNSSEC trust anchors outside of the DNS delegation chain. Uses the same format as the DS record. RFC 5074 describes a way of using these records.
DNSKEY
48RFC 4034DNS Key recordThe key record used in DNSSEC. Uses the same format as the KEY record.
DS
43RFC 4034Delegation signerThe record used to identify the DNSSEC signing key of a delegated zone
IPSECKEY
45RFC 4025IPsec KeyKey record that can be used with IPsec
KEY
25RFC 2535[3] and RFC 2930[4]Key recordUsed only for SIG(0) (RFC 2931) and TKEY (RFC 2930).[5] RFC 3445 eliminated their use for application keys and limited their use to DNSSEC.[6] RFC 3755 designates DNSKEY as the replacement within DNSSEC.[7] RFC 4025 designates IPSECKEY as the replacement for use with IPsec.[8]
KX
36 RFC 2230 Key Exchanger record Used with some cryptographic systems (not including DNSSEC) to identify a key management agent for the associated domain-name. Note that this has nothing to do with DNS Security. It is Informational status, rather than being on the IETF standards-track. It has always had limited deployment, but is still in use.
LOC 29 RFC 1876 Location record Specifies a geographical location associated with a domain name
MX 15 RFC 1035[1] and RFC 7505 Mail exchange record Maps a domain name to a list of message transfer agents for that domain
NAPTR 35 RFC 3403 Naming Authority Pointer Allows regular-expression-based rewriting of domain names which can then be used as URIs, further domain names to lookups, etc.
NS
2 RFC 1035[1] Name server record Delegates a DNS zone to use the given authoritative name servers
NSEC
47RFC 4034Next Secure recordPart of DNSSECused to prove a name does not exist. Uses the same format as the (obsolete) NXT record.
NSEC3
50RFC 5155Next Secure record version 3An extension to DNSSEC that allows proof of nonexistence for a name without permitting zonewalking
NSEC3PARAM
51RFC 5155NSEC3 parametersParameter record for use with NSEC3
PTR
12 RFC 1035[1] Pointer record Pointer to a canonical name. Unlike a CNAME, DNS processing stops and just the name is returned. The most common use is for implementing reverse DNS lookups, but other uses include such things as DNS-SD.
RRSIG
46RFC 4034DNSSEC signatureSignature for a DNSSEC-secured record set. Uses the same format as the SIG record.
RP
17RFC 1183Responsible PersonInformation about the responsible person(s) for the domain. Usually an email address with the @ replaced by a .
SIG
24RFC 2535SignatureSignature record used in SIG(0) (RFC 2931) and TKEY (RFC 2930).[7] RFC 3755 designated RRSIG as the replacement for SIG for use within DNSSEC.[7]
SOA 6 RFC 1035[1] and RFC 2308[9] Start of [a zone of] authority record Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.
SRV 33 RFC 2782 Service locator Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX.
SSHFP
44 RFC 4255 SSH Public Key Fingerprint Resource record for publishing SSH public host key fingerprints in the DNS System, in order to aid in verifying the authenticity of the host. RFC 6594 defines ECC SSH keys and SHA-256 hashes. See the IANA SSHFP RR parameters registry for details.
TA
32768 N/ADNSSEC Trust AuthoritiesPart of a deployment proposal for DNSSEC without a signed DNS root. See the IANA database and Weiler Spec for details. Uses the same format as the DS record.
TKEY
249 RFC 2930 Transaction Key record A method of providing keying material to be used with TSIG that is encrypted under the public key in an accompanying KEY RR.[10]
TLSA
52 RFC 6698 TLSA certificate association A record for DNS-based Authentication of Named Entities (DANE). RFC 6698 defines "The TLSA DNS resource record is used to associate a TLS server certificate or public key with the domain name where the record is found, thus forming a 'TLSA certificate association'".
TSIG
250 RFC 2845 Transaction Signature Can be used to authenticate dynamic updates as coming from an approved client, or to authenticate responses as coming from an approved recursive name server[11] similar to DNSSEC.
TXT
16 RFC 1035[1] Text record Originally for arbitrary human-readable text in a DNS record. Since the early 1990s, however, this record more often carries machine-readable data, such as specified by RFC 1464, opportunistic encryption, Sender Policy Framework, DKIM, DMARC, DNS-SD, etc.
URI
256 RFC 7553 Uniform Resource Identifier Can be used for publishing mappings from hostnames to URIs.

Other types and pseudo resource records

Other types of records simply provide some types of information (for example, an HINFO record gives a description of the type of computer/OS a host uses), or others return data used in experimental features. The "type" field is also used in the protocol for various operations.

Type Type id. Defining RFC Description Function
* 255 RFC 1035[1] All cached records Returns all records of all types known to the name server. If the name server does not have any information on the name, the request will be forwarded on. The records returned may not be complete. For example, if there is both an A and an MX for a name, but the name server has only the A record cached, only the A record will be returned. Sometimes referred to as "ANY", for example in Windows nslookup and Wireshark.
AXFR 252 RFC 1035[1] Authoritative Zone Transfer Transfer entire zone file from the master name server to secondary name servers.
IXFR
251 RFC 1996 Incremental Zone Transfer Requests a zone transfer of the given zone but only differences from a previous serial number. This request may be ignored and a full (AXFR) sent in response if the authoritative server is unable to fulfill the request due to configuration or lack of required deltas.
OPT
41 RFC 6891 Option This is a "pseudo DNS record type" needed to support EDNS

Obsolete record types

Progress has rendered some of the originally defined record-types obsolete. Of the records listed at IANA, some have limited use, for various reasons. Some are marked obsolete in the list, some are for very obscure services, some are for older versions of services, and some have special notes saying they are "not right".

Type Type id. Defining RFC Obsoleted by Description
MD

MF

MAILA

3

4

254

RFC 973 Obsoleted by: 1034, 1035 Obsoleted by RFC 973: MD(3), MF (4), MAILA (254)
MB

MG

MR

MINFO

MAILB

7

8

9

14

253

RFC 883, RFC 2505 Obsoleted by: 1034, 1035

Obsoleted by: 2050

Records to publish mailing list subscriber lists in the DNS: MB(7), MG(8), MR(9), MINFO(14), MAILB (253). The intent, as specified by RFC 883, was for MB to replace the SMTP VRFY command, MG to replace the SMTP EXPN command, and MR to replace the "551 User Not Local" SMTP error. Later, RFC 2505 recommended that both the VRFY and EXPN commands be disabled, making the use of MB and MG unlikely to ever be adopted.
WKS 11 RFC 1123 Declared "not to be relied upon" by RFC 1123 (with further information in RFC 1127): WKS(11)[12]
NB

NBSTAT

32

33

RFC 1002 Mistakes: NB(32), NBSTAT(33) (from RFC 1002); the numbers are now assigned to NIMLOC and SRV.
NULL 0 RFC 883 RFC 1035 Obsoleted by RFC 1035: NULL(10) (RFC 883 defined "completion queries" (opcode 2 and maybe 3) which used this record, RFC 1035 later reassigned opcode 2 to be "status" and reserved opcode 3.)
A6 38 RFC 3363 RFC 6563 Defined as part of early IPv6 but downgraded to experimental by RFC 3363: A6(38), Later downgraded to historic in RFC 6563.
NXT

KEY

SIG

30

--

--

RFC 3755 RFC 4034 Obsoleted by DNSSEC updates (RFC 3755): NXT(30). At the same time, the domain of applicability for KEY and SIG was also limited to not include DNSSEC use.
RFC 2065 Part of the first version of DNSSEC (RFC 2065).
HINFO

RP

X25

13

17

19

Not in current use by any notable application
ISDN

RT

NSAP

20

21

22

Not in current use by any notable application
NSAP-PTR

PX

EID

23

26

31

Not in current use by any notable application
NIMLOC

ATMA

APL

32

34

42

Not in current use by any notable application
SINK 40 Defined by the Kitchen Sink internet draft, but never made it to RFC status: SINK(40)
GPOS 27 A more limited early version of the LOC record: GPOS(27)
UINFO

UID

GID

UNSPEC

100

101

102

103

IANA reserved, no RFC documented them and support was removed from BIND in the early 90s: UINFO(100), UID(101), GID(102), UNSPEC(103)
SPF 99 RFC 4408 SPF(99) (from RFC 4408) was specified as part of the Sender Policy Framework protocol as an alternative to storing SPF data in TXT records, using the same format. It was later found that the majority of SPF deployments lack proper support for this record type, and support for it was discontinued in RFC 7208.[13][14]
RP 17 RP(17) may be used for certain human-readable information regarding a different contact point for a specific host, subnet, or other domain level label separate than that used in the SOA record.
HIP 55 RFC 5205 Method of separating the end-point identifier and locator roles of IP addresses. Made obsolete by RFC 8005.
DNAME 39 RFC 2672 Alias for a name and all its subnames, unlike CNAME, which is an alias for only the exact name. Like a CNAME record, the DNS lookup will continue by retrying the lookup with the new name. Made obsolete by RFC 6672.

Further reading

References

  1. 1 2 3 4 5 6 7 8 9 Paul Mockapetris (November 1987). "RFC 1035: Domain Names - Implementation and Specification". Network Working Group of the IETF (Internet Engineering Task Force). p. 12.
  2. "RFC 3596: DNS Extensions to Support IP Version 6". The Internet Society. October 2003.
  3. RFC 2535, §3
  4. RFC 3445, §1. "The KEY RR was defined in RFC 2930..."
  5. RFC 2931, §2.4. "SIG(0) on the other hand, uses public key authentication, where the public keys are stored in DNS as KEY RRs and a private key is stored at the signer."
  6. RFC 3445, §1. "DNSSEC will be the only allowable sub-type for the KEY RR..."
  7. 1 2 3 RFC 3755, §3. "DNSKEY will be the replacement for KEY, with the mnemonic indicating that these keys are not for application use, per RFC3445. RRSIG (Resource Record SIGnature) will replace SIG, and NSEC (Next SECure) will replace NXT. These new types completely replace the old types, except that SIG(0) RFC2931 and TKEY RFC2930 will continue to use SIG and KEY."
  8. RFC 4025, Abstract. "This record replaces the functionality of the sub-type #4 of the KEY Resource Record, which has been obsoleted by RFC 3445."
  9. The minimum field of SOA record is redefined to be the TTL of NXDOMAIN reply in RFC 2308.
  10. RFC 2930, §6. "... the keying material is sent within the key data field of a TKEY RR encrypted under the public key in an accompanying KEY RR RFC 2535."
  11. RFC 2845, abstract
  12. RFC 1123 section 2.2, 5.2.12, 6.1.3.6
  13. Kucherawy, M. (July 2012). "Background on the RRTYPE Issue". Resolution of the Sender Policy Framework (SPF) and Sender ID Experiments. IETF. sec. A. RFC 6686. https://tools.ietf.org/html/rfc6686#appendix-A. Retrieved August 31, 2013.
  14. Kitterman, S. (April, 2014). "The SPF DNS Record Type". Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1. IETF. sec. 3.1. RFC 7208. https://tools.ietf.org/html/rfc7208#section-3.1. Retrieved 26 April 2014.
This article is issued from Wikipedia - version of the 11/29/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.