What are the different DNS record types?

Understanding DNS Record Types

DNS supports numerous record types, each designed for specific purposes. Understanding these record types is essential for managing domains, configuring email delivery, securing communications, and maintaining internet infrastructure.

Primary DNS Record Types

A Record (Address Record)

Purpose: Maps domain name to IPv4 address

Example:

inventivehq.com.    3600    A    192.0.2.1

Use cases:

• Pointing domains to web servers
• Setting up subdomains
• Load balancing with multiple IPs

Format:

• Domain name
• TTL (time to live)
• Record type (A)
• IPv4 address (4 octets)

Common scenarios:

example.com        A    192.0.2.1
www.example.com    A    192.0.2.2
api.example.com    A    192.0.2.3

AAAA Record (IPv6 Address)

Purpose: Maps domain name to IPv6 address

Example:

inventivehq.com.    3600    AAAA    2001:db8::1

Use cases:

• IPv6 support (increasingly important)
• Dual-stack environments (both IPv4 and IPv6)
• Future-proofing infrastructure

Format:

• Domain name
• TTL
• Record type (AAAA)
• IPv6 address (128-bit)

Increasingly critical: As IPv4 addresses become scarce, IPv6 adoption is accelerating.

CNAME Record (Canonical Name)

Purpose: Creates alias for domain

Example:

www.example.com    CNAME    example.com.
blog.example.com   CNAME    platform.example.com.

Use cases:

• Creating subdomains that point to other domains
• Simplifying domain management
• Migrating services without changing primary domain

Important: CNAME must point to fully qualified domain name (ending with dot)

Common patterns:

www.example.com     CNAME    example.com
blog.example.com    CNAME    blogservice.com
mail.example.com    CNAME    mail.office365.com

Limitation: Cannot have CNAME at zone apex (example.com itself)

MX Record (Mail Exchange)

Purpose: Directs email to mail servers

Example:

example.com    10    MX    mail.example.com.
example.com    20    MX    mail2.example.com.

Use cases:

• Routing email to mail servers
• Setting up backup mail servers
• Delegating email to email services

Priority: Lower number = higher priority (10 before 20)

Format:

• Domain name
• TTL
• Record type (MX)
• Priority (lower = higher)
• Mail server hostname

Email delivery process:

Sending mail server queries MX records
Tries mail.example.com (priority 10) first
If unavailable, tries mail2.example.com (priority 20)
Connects to available mail server
Delivers message

TXT Record (Text Record)

Purpose: Stores text data for various purposes

Examples:

example.com    TXT    "v=spf1 include:_spf.google.com ~all"
example.com    TXT    "google-site-verification=abcd1234"

Common uses:

• SPF: Specifies which IPs can send email
• DKIM: Stores public key for email authentication
• DMARC: Email authentication policy
• Domain verification: Proving domain ownership
• BIMI: Brand Indicator for Message Identification

SPF example:

v=spf1 include:_spf.google.com include:sendgrid.net ~all

DKIM example:

selector1._domainkey    TXT    "v=DKIM1; k=rsa; p=MIGfMA0GCS..."

Format: Text enclosed in quotes, multiple TXT records supported

NS Record (Nameserver)

Purpose: Designates authoritative nameservers for domain

Example:

example.com    NS    ns1.example.com.
example.com    NS    ns2.example.com.

Use cases:

• Delegating domain to specific nameservers
• Setting up subdomains with separate nameservers
• Pointing to registrar or DNS provider

Usually managed by: DNS provider or registrar

Important: Changes at registrar level, not in zone file

SRV Record (Service)

Purpose: Specifies location of services

Example:

_ldap._tcp.example.com    SRV    10 60 389 ldap.example.com.
_sip._udp.example.com     SRV    10 60 5060 sip.example.com.

Use cases:

• Locating LDAP servers
• SIP/VoIP services
• Microsoft Exchange Auto-Discover
• Kubernetes internal service discovery

Format:

• Service name (underscore prefix)
• Protocol (underscore prefix)
• Domain
• Priority (lower = preferred)
• Weight (distribution among same priority)
• Port
• Target hostname

CAA Record (Certification Authority Authorization)

Purpose: Specifies which Certificate Authorities can issue certificates

Example:

example.com    CAA    0 issue "letsencrypt.org"
example.com    CAA    0 issuewild "letsencrypt.org"
example.com    CAA    0 iodef "mailto:[email protected]"

Use cases:

• Controlling who can issue SSL/TLS certificates
• Preventing unauthorized certificate issuance
• Security best practice for HTTPS

Flags:

• 0: Non-critical
• 128: Critical (CA must understand it)

Tags:

• issue: CAs that can issue certificates
• issuewild: CAs that can issue wildcard certificates
• iodef: Violation reporting endpoint

Specialized and Less Common Records

ALIAS Record (ANAME)

Purpose: Like CNAME but works at zone apex

Not standard DNS: Offered by some providers (Cloudflare, Route 53)

Example:

example.com    ALIAS    target.example.com.

Benefit: Allows alias at root domain level (CNAME limitation workaround)

PTR Record (Pointer)

Purpose: Reverse DNS lookup (IP to domain)

Example:

1.2.0.192.in-addr.arpa    PTR    mail.example.com.

Use cases:

• Email server identification
• Reverse DNS verification
• IP-to-domain mapping

Usually managed by: IP address provider or ISP

SOA Record (Start of Authority)

Purpose: Contains authoritative information about zone

Typically only one per domain, managed automatically by DNS provider

Contains:

• Primary nameserver
• Responsible person email
• Serial number (version)
• Refresh interval
• Retry interval
• Expire time
• Negative caching TTL

TLSA Record (Transport Layer Security)

Purpose: Specifies TLS certificate details for DANE

Example:

_443._tcp.example.com    TLSA    3 1 1 [certificate hash]

Use cases:

• DANE (DNS-based Authentication of Named Entities)
• Enhanced TLS security
• Certificate pinning via DNS

DNS Record Hierarchy and Defaults

Zone Apex Records

example.com.    A       192.0.2.1

The domain itself has specific rules:

• Can have A, AAAA, MX, TXT records
• Cannot have CNAME (in standard DNS)
• Must have NS records (at registrar level)

Subdomain Records

www.example.com.        A       192.0.2.2
api.example.com.        A       192.0.2.3
mail.example.com.       MX      192.0.2.4

Subdomains can have any record type.

Wildcard Records

*.example.com.    A    192.0.2.99

Matches any subdomain without explicit record:

• blog.example.com → 192.0.2.99
• api.example.com → 192.0.2.99
• anything.example.com → 192.0.2.99

Explicit records override wildcards.

Record Sets and Multiple Records

Multiple Records of Same Type

example.com    A    192.0.2.1
example.com    A    192.0.2.2
example.com    A    192.0.2.3

All returned in response (round-robin or as configured).

Multiple Record Types

example.com    A            192.0.2.1
example.com    MX     10    mail.example.com
example.com    TXT    "v=spf1 ~all"

All returned when queried for ANY record type.

Understanding TTL (Time To Live)

TTL affects how long records are cached:

example.com    3600    A    192.0.2.1

• 3600: Seconds (1 hour)
• 300: Seconds (5 minutes)
• 86400: Seconds (1 day)

Short TTL (300): Changes propagate quickly, more DNS queries Long TTL (86400): Less DNS traffic, slower changes

Best practices:

• Long TTL for stable records
• Lower TTL before planned changes
• Very low TTL (60-300) during troubleshooting

Common DNS Record Combinations

Basic Website

example.com        A        192.0.2.1
www.example.com    CNAME    example.com

Website with Email

example.com        A        192.0.2.1
example.com        MX    10    mail.example.com
mail.example.com   A        192.0.2.2
example.com        TXT    "v=spf1 include:mail.example.com ~all"

Email with DKIM and DMARC

example.com                    MX    10    mail.example.com
example.com                    TXT    "v=spf1 include:mail.example.com ~all"
selector1._domainkey.example.com    TXT    "v=DKIM1; p=[public key]"
_dmarc.example.com            TXT    "v=DMARC1; p=reject; rua=mailto:[email protected]"

CDN Setup

example.com        A            192.0.2.1
example.com        A            192.0.2.2
www.example.com    CNAME        cdn.cloudflare.com

Testing DNS Records

Command-Line Tools

# Query specific record type
dig example.com A
dig example.com MX
dig example.com TXT
dig example.com AAAA

# Query all records
dig example.com ANY

# Trace DNS path
dig +trace example.com

# Query specific nameserver
dig @ns1.example.com example.com

Online Tools

• Inventive HQ DNS Lookup Tool
• MXToolbox
• DNSChecker
• Google Public DNS (dns.google)

Best Practices

1. Plan records before setup: Know all services you'll need
2. Use appropriate TTL: Short for frequently-changing, long for stable
3. Implement DMARC/DKIM/SPF: Essential email security
4. Use CAA records: Prevent unauthorized certificate issuance
5. Monitor propagation: Verify global availability after changes
6. Document all records: Keep inventory of what you have
7. Backup configurations: Save DNS settings regularly

Conclusion

DNS record types are diverse and serve many purposes. Understanding these types enables you to:

• Configure domain infrastructure correctly
• Set up email delivery properly
• Implement security best practices
• Troubleshoot DNS issues
• Optimize domain performance

Whether managing a simple website, complex enterprise infrastructure, or email services, proper DNS configuration using appropriate record types is foundational to reliable internet connectivity.