DNS Record Types Table
Introduction
This page provides an overview of the different DNS record types, their operational usage, and their compliance with official standards. Links to the relevant RFC pages are available at the bottom of this document.
Table of Contents
- Address Resolution (Web / Network)
- Mail Services and TLS Governance
- DNSSEC – Integrity and Validation
- Services and Applications (VoIP, SIP, Service Discovery)
- Zone Administration and Infrastructure
- Rare Types
- Non-standard / Proprietary
- Summary Table
- RFC Datatracker Links
Address Resolution (Web / Network)
| Type | Primary Function | RFC / Status |
|---|---|---|
| A | Name → IPv4 | RFC 10351 |
| AAAA | Name → IPv6 | RFC 35962 |
| CNAME | Alias to canonical name | RFC 10351 |
| DNAME | Alias for subtrees | RFC 66723 |
| HTTPS / SVCB | Modern HTTP service discovery | RFC 9460 / vendor-specific4 |
Notes
- CNAME / DNAME: Provide aliasing flexibility; a CNAME cannot coexist with other record types on the same name.
- HTTPS / SVCB: Recently standardized, replacing certain CNAME-based practices for HTTPS.
Mail Services and TLS Governance
| Type | Usage | RFC / Status |
|---|---|---|
| MX | Email routing | RFC 10351 |
| TXT | SPF, DKIM, DMARC via TXT records | RFC 10351 + RFC dédiées |
| CAA | Authorized certification authorities | RFC 86595 |
DNSSEC – Integrity and Validation
| Type | Role | RFC / Status |
|---|---|---|
| DNSKEY | DNSSEC public key | RFC 40346 |
| RRSIG | RRset signature | RFC 40346 |
| DS | Parent → child DNSSEC linkage | RFC 40346 |
| NSEC / NSEC3 | Proof of non-existence | RFC 4034 / 515567 |
| TLSA | DNS-based TLS authentication (DANE) | RFC 66988 |
Services and Applications (VoIP, SIP, Service Discovery)
| Type | Usage | RFC / Status |
|---|---|---|
| SRV | Service location + port (VoIP, SIP, XMPP) | RFC 27829 |
| NAPTR | URI rewriting and mapping (ENUM, SIP) | RFC 340310 |
| SSHFP | SSH server key fingerprints | RFC 425511 |
| LOC | Geographic coordinates | RFC 187612 |
| URI | URI resource mapping | RFC 755313 |
| SMIMEA | S/MIME certificate via DNS | RFC 816214 |
Zone Administration and Infrastructure
| Type | Usage | RFC / Status |
|---|---|---|
| SOA | Zone metadata (admin, timers) | RFC 10351 |
| NS | Authoritative name servers | RFC 10351 |
| PTR | Reverse DNS (IP → name) | RFC 10351 |
Rare Types
| Type | Usage | RFC |
|---|---|---|
| AFSDB | AFS Database | RFC 118315 |
| CERT | Generic certificate | RFC 439816 |
| RP | Responsible Person | RFC 118315 |
| APL | Address Prefix List | RFC 312317 |
| HINFO | Host information | RFC 10351 |
Non-standard / Proprietary
| Type | Usage |
|---|---|
| ANAME / ALIAS | Apex-level aliasing, provider-resolved (non-RFC) |
| SVCB / HTTPS | Modern service bindings, progressive adoption |
Summary Table
The table below aggregates all DNS record types detailed in the previous sections, indicating their primary usage, DNS standard compliance, and corresponding RFC references.
| Type | Primary Usage | Standard | RFC / Status |
|---|---|---|---|
| A | Name → IPv4 | Yes | RFC 10351 |
| AAAA | Name → IPv6 | Yes | RFC 35962 |
| CNAME | Alias to canonical name | Yes | RFC 10351 |
| MX | Mail routing | Yes | RFC 10351 |
| TXT | Arbitrary data (SPF, DKIM, DMARC…) | Yes | RFC 10351 |
| NS | Authoritative DNS servers | Yes | RFC 10351 |
| SOA | Zone metadata | Yes | RFC 10351 |
| PTR | Reverse DNS | Yes | RFC 10351 |
| SRV | Service + port | Yes | RFC 27829 |
| CAA | Authorized certification authorities | Yes | RFC 86595 |
| DS | DNSSEC chaining (parent → child) | Yes | RFC 40346 |
| DNSKEY | DNSSEC public keys | Yes | RFC 40346 |
| RRSIG | DNSSEC signature | Yes | RFC 40346 |
| NSEC / NSEC3 | DNSSEC proof of non-existence | Yes | RFC 4034 / 515567 |
| TLSA | DANE (TLS via DNSSEC) | Yes | RFC 66988 |
| NAPTR | Rewriting + service discovery | Yes | RFC 340310 |
| LOC | Geographic coordinates | Yes | RFC 187612 |
| SSHFP | SSH key fingerprints | Yes | RFC 425511 |
| HTTPS / SVCB | Modern HTTPS service discovery | Yes | RFC 9460 / vendor-specific4 |
| ANAME | Apex alias | No | Vendor-specific |
| ALIAS | Apex alias | No | Vendor-specific |
RFC Datatracker Links
RFC 1035 – Domain Names – Implementation and Specification
RFC 3596 – DNS Extensions to Support IPv6
RFC 6672 – DNAME Redirection in the DNS
RFC 9460 – Service Binding (SVCB) and HTTPS RR
RFC 8659 – Certification Authority Authorization (CAA)
RFC 4034 – Resource Records for the DNS Security Extensions
RFC 5155 – DNSSEC NSEC3
RFC 6698 – The DNS-Based Authentication of Named Entities (DANE) Protocol
RFC 2782 – A DNS RR for Specifying the Location of Services
RFC 3403 – Naming Authority Pointer (NAPTR) RR
RFC 4255 – Using DNS to Securely Publish SSH Key Fingerprints
RFC 1876 – DNS Encoding of Geographic Locations
RFC 7553 – The URI DNS Resource Record
RFC 8162 – S/MIME Certificate Distribution via DNS
RFC 1183 – AFSDB / Responsible Person (RP)
RFC 4398 – CERT RR – Certification Authority RR
RFC 3123 – Address Prefix List (APL)