Understanding DNS records
Reviewed on 04 September 2024 • Published on 18 August 2023
This page provides information about the different DNS record types available with Domains and DNS and how to use them.
Information in DNS zones is categorized and organized through a list of DNS record types, called resource records (RRs).
Each of these records has a type, an expiration time (Time to Live - TTL) and a name. Certain types of records also have type-specific data.
A record stands for Address record. It is mostly used to map domain names to the IPv4 address of a specific server. In other words, it allows to connect a domain name to the numerical IP address of a server where the website or online service is hosted.
An A record ensures that when you type a website’s name into your browser, your computer knows where to find that website on the internet.
Just like an A record connects a domain to an IPv4 address, an AAAA record does the same thing for the newer IPv6 addresses. It allows devices to locate and communicate with websites and services using the IPv6 protocol.
An ALIAS record works exactly like a CNAME record
An ALIAS record could be useful if you want your domain name (not its subdomains) to point to a hostname.
ImportantYou must end your domain with a trailing dot as this disables domain search, using only the complete domain name you have given.
Not ending your domain name with a trailing dot results in your domain being tried with a domain name appended to it, or even a list of domain names until one resolves.
For example, if you want mydomain.com
to point to mynewdomain.com
, you must write mynewdomain.com.
in the Hostname field. Otherwise, the CNAME record will direct your users to mynewdomain.com.mynewdomain.com
.
CAA record stands for Certification Authority Authorization record. It allows domain owners to specify which certificate authorities (CAs) are authorized to issue SSL/TLS certificates for their domain.
This adds an extra layer of security, as it reduces the risk of unauthorized or fraudulent SSL/TLS certificates being issued by untrustworthy certificate authorities.
The CAA record provided with Domains and DNS includes the following components:
-
Tags: Tags indicate the type of property being defined.
-
issue: This tag specifies the certificate authorities that are allowed to issue certificates for the domain.
-
issuewild: This tag specifies which certificate authorities are allowed to issue wildcard certificates for the domain.
-
iodef: This tag specifies the email address to which CAA-related issue reports should be sent.
-
Target Auth: This value specifies the domain names of the allowed certificate authorities.
-
Flags: Flags are a single-byte value that indicates the CAA record’s properties.
-
0 or None: This flag means that any unrecognized tags in your record will be ignored, and other requests will be processed.
-
128 or Issuer critical: This flag means that any unrecognized tags will halt the certificate issuance, assuming the issuer is compliant to standards.
CNAME record stands for Canonical name record. It is used to point subdomains to a hostname. A CNAME record does not directly resolve to an IP address. Instead, it refers to whether the domain is an absolute or relative domain.
ImportantYou must end your domain with a trailing dot as this disables domain search, using only the complete domain name you have given.
Not ending your domain name with a trailing dot results in your domain being tried with a domain name appended to it, or even a list of domain names until one resolves.
For example, if you want mydomain.com
to point to mynewdomain.com
, you must write mynewdomain.com.
in the Hostname field. Otherwise, the CNAME record will direct your users to mynewdomain.com.mynewdomain.com
.
DNAME record stands for Delegation name record. It is used for domain name redirection and renaming. Unlike other DNS record types that map domain names to IP addresses, a DNAME record allows you to redirect an entire domain and all of its subdomains to a different domain name.
You should configure a DNAME record if you want to rename or restructure a domain while ensuring that all of its subdomains are automatically redirected to the new domain.
ImportantYou must end your domain with a trailing dot as this disables domain search, using only the complete domain name you have given.
Not ending your domain name with a trailing dot results in your domain being tried with a domain name appended to it, or even a list of domain names until one resolves.
For example, if you want mydomain.com
to point to mynewdomain.com
, you must write mynewdomain.com.
in the Hostname field. Otherwise, the CNAME record will direct your users to mynewdomain.com.mynewdomain.com
.
MX record stands for Mail exchange record. It is used to specify the mail servers responsible for receiving and handling emails for a specific domain. For example, when sending an email to an address within your domain my@domain.com
, your email server needs to determine where to deliver the emails. Your MX record provides this information by pointing to the receiver domain’s mail servers that are designated to accept incoming emails.
ImportantYou must end your domain with a trailing dot as this disables domain search, using only the complete domain name you have given.
Not ending your domain name with a trailing dot results in your domain being tried with a domain name appended to it, or even a list of domain names until one resolves.
For example, if you want mydomain.com
to point to mynewdomain.com
, you must write mynewdomain.com.
in the Hostname field. Otherwise, the CNAME record will direct your users to mynewdomain.com.mynewdomain.com
.
NAPTR record stands for Naming Authority Pointer record. It provides instructions for translating a specific type of data into a different format. NAPTR records help devices and services such as Voice over Internet Protocol systems, find the appropriate servers or services to connect to. They essentially act as a guide, pointing out how to transform certain data to match what is needed for communication or service interaction.
NAPTR records allow you to specify a series of transformations or replacements that need to be applied to a specific domain name before it can be used for a particular service.
NAPTR records are more complex and specialized than standard DNS records. They are typically used in advanced networking scenarios, especially in the context of SIP-based VoIP services and ENUM to map telephone numbers to domain names for IP-based communication.
The NAPTR record provided with Domains and DNS includes the following components:
-
Order: An integer value (0 to 65535) that determines the order in which NAPTR records should be processed. Lower values indicate higher priority.
-
Preference: An integer value (0-65535) used to prioritize NAPTR records with the same order value. Records with lower preference values are prioritized.
-
Flags: Flags provide instructions on how to interpret the subsequent fields in the record. Flags can indicate things like case-insensitivity, whether the rule should be applied to both the original and transformed names, etc.
-
The S flag: This flag indicates that after processing this NAPTR record the visitor’s system should look for an SRV record for the domain entered in the Domain replacement field.
-
The A flag: This flag indicates that after processing this NAPTR record the visitor’s system should look for an A record or an AAAA record for the domain entered in the Domain replacement field.
-
The U flag: This flag indicates that after processing this NAPTR record the visitor’s system should not look for another DNS record but instead, needs to look at the output in the Regular expression field.
-
The P flag: This flag indicates that the visitor’s system needs to continue according to the rules of the protocol that is entered in the Services field.
-
Services: String that specifies the service or protocol for which the NAPTR record is intended. Common values include SIP+D2U
for SIP URI information and E2U+sip
for ENUM services.
-
Regular expression: A regular expression that defines the transformation to be applied to the domain name.
-
Replacement domain: A replacement string that is used to replace the matched portion of the domain name based on the regular expression.
NS record stands for Name server record. It is used to designate the authoritative name servers for a specific domain.
When a DNS query is made for a domain’s information (like its IP address), DNS resolvers will follow the NS records to determine which authoritative name servers to contact for that domain.
The authoritative name servers then provide the necessary DNS information to complete the query.
ImportantYou must end your domain with a trailing dot as this disables domain search, using only the complete domain name you have given.
Not ending your domain name with a trailing dot results in your domain being tried with a domain name appended to it, or even a list of domain names until one resolves.
For example, if you want mydomain.com
to point to mynewdomain.com
, you must write mynewdomain.com.
in the Hostname field. Otherwise, the CNAME record will direct your users to mynewdomain.com.mynewdomain.com
.
SRV record stands for Service record. It provides information about specific network services offered by a domain.
It includes details like the service’s protocol, port number, priority, weight, and the domain name of the server offering the service. SRV records help devices locate and connect to the right servers for specific services on the internet such as chat or phone services.
ImportantYou must end your domain with a trailing dot as this disables domain search, using only the complete domain name you have given.
Not ending your domain name with a trailing dot results in your domain being tried with a domain name appended to it, or even a list of domain names until one resolves.
For example, if you want mydomain.com
to point to mynewdomain.com
, you must write mynewdomain.com.
in the Hostname field. Otherwise, the CNAME record will direct your users to mynewdomain.com.mynewdomain.com
.
TLSA record stands for Transport Layer Security Authentication record. It is used to associate a TLS certificate or public key with the specified domain name.
TLSA records allow you to improve the security of encrypted connections by specifying how clients should verify the authenticity of the server’s certificate when establishing a TLS connection.
When a client connects to a server using TLS and encounters a TLSA record, it can use the information in the record to verify that the presented certificate matches the expected one. This adds an extra layer of security by making sure that encrypted connections are established with legitimate servers.
TXT record stand for Text record. It consists of plain text data, and its content can be human-readable or machine-interpretable, depending on its intended purpose.
TXT records can be used for various purposes such as adding information, verification, authentication, and configuration settings to a domain.