Master DNS record types, their purposes, and how they power the internet's addressing system
The Domain Name System (DNS) is the internet's phone book. It translates human-readable domain names (like example.com) into IP addresses (like 192.0.2.1) that computers use to communicate. Defined in RFC 1034 and RFC 1035, DNS is a hierarchical, distributed database essential to internet functionality.
DNS records are instructions stored in DNS servers that provide information about a domain, including its IP address, mail servers, and various other data. Each record has a specific format and purpose.
Fun Fact: DNS was created in 1983 by Paul Mockapetris to replace the previous system of using a single HOSTS.TXT file that had to be manually distributed.
Maps a domain name to an IPv4 address. The most fundamental DNS record type.
example.com. 300 IN A 192.0.2.1
Domain → IPv4 Address
RFC: 1035 | Use: Website hosting, server addressing
Maps a domain name to an IPv6 address. The IPv6 equivalent of A records.
example.com. 300 IN AAAA 2001:db8::1
Domain → IPv6 Address
RFC: 3596 | Use: IPv6 connectivity
Creates an alias from one domain to another. The alias inherits all records from the target.
www.example.com. 300 IN CNAME example.com.
Alias → Canonical Domain
RFC: 1035 | Note: Cannot coexist with other records for the same name
Delegates a DNS zone to use the given authoritative name servers.
example.com. 86400 IN NS ns1.example.com.
Zone → Authoritative Server
RFC: 1035 | Use: DNS delegation, zone authority
Contains administrative information about the zone, including the primary name server and email of the administrator.
example.com. 3600 IN SOA ns1.example.com. admin.example.com. 2024010101 7200 3600 1209600 86400
Serial, Refresh, Retry, Expire, Minimum TTL
RFC: 1035 | Required: One per zone
Used for reverse DNS lookups - mapping IP addresses back to domain names.
1.2.0.192.in-addr.arpa. 300 IN PTR example.com.
IP Address → Domain Name
RFC: 1035 | Use: Email authentication, network diagnostics
Specifies mail servers responsible for receiving email on behalf of the domain.
example.com. 300 IN MX 10 mail.example.com.
Priority (lower = higher priority) → Mail Server
RFC: 5321 | Note: Multiple MX records provide redundancy
Sender Policy Framework - Lists authorized mail servers for the domain.
example.com. 300 IN TXT "v=spf1 include:_spf.google.com -all"
Prevents email spoofing
RFC: 7208 | Tool: SPF Generator
DomainKeys Identified Mail - Contains public key for email signature verification.
selector._domainkey.example.com. 300 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0..."
Cryptographic email authentication
RFC: 6376 | Note: Selector-based for key rotation
Domain-based Message Authentication, Reporting & Conformance - Email authentication policy.
_dmarc.example.com. 300 IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc@example.com"
Combines SPF & DKIM with policy enforcement
RFC: 7489 | Tool: DMARC Generator
Brand Indicators for Message Identification - Displays brand logos in email clients.
default._bimi.example.com. 300 IN TXT "v=BIMI1; l=https://example.com/logo.svg"
Requires DMARC at enforcement
RFC: Draft | Tool: BIMI Validator
Specifies which Certificate Authorities can issue SSL/TLS certificates for the domain.
example.com. 300 IN CAA 0 issue "digicert.com"
Prevents unauthorized certificate issuance
RFC: 8659 | Partner: DigiCert
Associates a TLS certificate or public key with the domain (DANE protocol).
_443._tcp.example.com. 300 IN TLSA 3 1 1 ABC123...
Certificate pinning via DNS
RFC: 6698 | Requires: DNSSEC
Cryptographic signatures ensuring DNS response authenticity and integrity.
example.com. 300 IN DNSKEY 257 3 8 AwEAAb...
example.com. 300 IN DS 12345 8 2 ABC123...
example.com. 300 IN RRSIG A 8 2 300 ...
Chain of trust from root to your domain
RFCs: 4033-4035 | Tool: DNS Lookup
Specifies hostname and port for specific services.
_sip._tcp.example.com. 86400 IN SRV 10 60 5060 sip.example.com.
Priority Weight Port Target
RFC: 2782 | Use: SIP, XMPP, Minecraft servers
Holds arbitrary text data. Used for various verification and configuration purposes.
example.com. 300 IN TXT "google-site-verification=ABC123"
255-character chunks, multiple strings allowed
RFC: 1035 | Common: Domain verification, configuration data
Allows regex-based rewriting of domain names. Used in ENUM and SIP.
2.1.example.com. IN NAPTR 100 10 "u" "E2U+sip" "!^.*$!sip:info@example.com!" .
RFC: 3403 | Complex: Requires regex knowledge
TTL determines how long a DNS record can be cached by resolvers before it must be refreshed. It's specified in seconds and appears in every DNS record.
Pro Tip: Lower TTL to 300 seconds 24-48 hours before making DNS changes. After changes propagate, raise it back to reduce query load.
DNS follows a hierarchical structure, like an inverted tree:
Root Servers: 13 root server systems (A-M) operated by various organizations
TLD Servers: Manage top-level domains (.com, .org, country codes)
Authoritative Servers: Host actual DNS records for domains
Recursive Resolvers: Query on behalf of clients (ISP, Google DNS, Cloudflare)
Use our suite of DNS tools to explore and validate DNS records: