| Code | Number | Defining RFC | Description | Function |
| A |
1 |
RFC 1035 |
address record |
Returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host, but also used for DNSBLs, storing subnet masks in RFC 1101, etc. |
| AAAA |
28 |
RFC 3596 |
IPv6 address record |
Returns a 128-bit IPv6 address, most commonly used to map hostnames to an IP address of the host. |
| AFSDB |
18 |
RFC 1183 |
AFS database record |
Location of database servers of an AFS cell. This record is commonly used by AFS clients to contact AFS cells outside their local domain. A subtype of this record is used by the obsolete DCE/DFS file system. |
| CERT |
37 |
RFC 4398 |
Certificate record |
Stores PKIX, SPKI, PGP, etc. |
| CNAME |
5 |
RFC 1035 |
Canonical name record |
Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name. |
| DHCID |
49 |
RFC 4701 |
DHCP identifier |
Used in conjunction with the FQDN option to DHCP |
| DLV |
32769 |
RFC 4431 |
DNSSEC Lookaside Validation record |
For publishing DNSSEC trust anchors outside of the DNS delegation chain. Uses the same format as the DS record. RFC 5074 describes a way of using these records. |
| DNAME |
39 |
RFC 2672 |
delegation name |
DNAME will delegate an entire portion of the DNS tree under a new name. In contrast, the CNAME record creates an alias of a single name. Like the CNAME record, the DNS lookup will continue by retrying the lookup with the new name. |
| DNSKEY |
48 |
RFC 4034 |
DNS Key record |
The key record used in DNSSEC. Uses the same format as the KEY record. |
| DS |
43 |
RFC 4034 |
Delegation signer |
The record used to identify the DNSSEC signing key of a delegated zone |
| HIP |
55 |
RFC 5205 |
Host Identity Protocol |
Method of separating the end-point identifier and locator roles of IP addresses. |
| IPSECKEY |
45 |
RFC 4025 |
IPSEC Key |
Key record that can be used with IPSEC |
| KEY |
25 |
RFC 4034 |
Key record |
Used only for TKEY (RFC 2930). Before RFC 3755 was published, this was also used for DNSSEC, but DNSSEC now uses DNSKEY. |
| LOC |
29 |
RFC 1876 |
Location record |
Specifies a geographical location associated with a domain name |
| MX |
15 |
RFC 1035 |
mail exchange record |
Maps a domain name to a list of mail exchange servers for that domain |
| NAPTR |
35 |
RFC 3403 |
Naming Authority Pointer |
Allows regular expression based rewriting of domain names which can then be used as URIs, further domain names to lookups, etc. |
| NS |
2 |
RFC 1035 |
name server record |
Delegates a DNS zone to use the given authoritative name servers |
| NSEC |
47 |
RFC 4034 |
Next-Secure record |
Part of DNSSEC—used to prove a name does not exist. Uses the same format as the (obsolete) NXT record. |
| NSEC3 |
50 |
RFC 5155 |
NSEC record version 3 |
An extension to DNSSEC that allows proof of nonexistence for a name without permitting zonewalking |
| NSEC3PARAM |
51 |
RFC 5155 |
NSEC3 parameters |
Parameter record for use with NSEC3 |
| PTR |
12 |
RFC 1035 |
pointer record |
Pointer to a canonical name. Unlike a CNAME, DNS processing does NOT proceed, just the name is returned. The most common use is for implementing reverse DNS lookups, but other uses include such things as DNS-SD. |
| RRSIG |
46 |
RFC 4034 |
DNSSEC signature |
Signature for a DNSSEC-secured record set. Uses the same format as the SIG record. |
| SIG |
24 |
RFC 2535 |
Signature |
Signature record used in SIG(0) (RFC 2931). Until RFC 3755 was published, the SIG record was part of DNSSEC; now RRSIG is used for that. |
| SOA |
6 |
RFC 1035 |
start of authority record |
Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone. |
| SPF |
99 |
RFC 4408 |
SPF record |
Specified as part of the SPF protocol, as an alternative to storing SPF data in TXT records. Uses the same format as the TXT record. |
| SRV |
33 |
RFC 2782 |
Service locator |
Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX. |
| SSHFP |
44 |
RFC 4255 |
SSH Public Key Fingerprint |
Resource record for publishing SSH public host key fingerprints in the DNS System, in order to aid in verifying the authenticity of the host. |
| TA |
32768 |
None |
DNSSEC Trust Authorities |
Part of a deployment proposal for DNSSEC without a signed DNS root. See the IANA database and Weiler Spec] for details. Uses the same format as the DS record. |
| TXT |
16 |
RFC 1035 |
Text record |
Originally for arbitrary human-readable text in a DNS record. Since the early 1990s, however, this record more often carries machine-readable data, such as specified by RFC 1464, opportunistic encryption, Sender Policy Framework (deprecated), DomainKeys, DNS-SD, etc. |
