Skip to main content
NSD supports a comprehensive set of DNS resource record (RR) types. This page documents all supported record types with syntax and examples.

Basic Record Types

A - IPv4 Address

Maps a domain name to an IPv4 address. Format: <name> [<ttl>] IN A <ipv4-address> 
example.com.     IN  A  192.0.2.1
www.example.com. IN  A  192.0.2.2
mail.example.com. IN  A  192.0.2.10

AAAA - IPv6 Address

Maps a domain name to an IPv6 address. Format: <name> [<ttl>] IN AAAA <ipv6-address> 
example.com.     IN  AAAA  2001:db8::1
www.example.com. IN  AAAA  2001:db8::2

NS - Name Server

Delegates a DNS zone to use the specified authoritative name server. Format: <name> [<ttl>] IN NS <nameserver> 
example.com.  IN  NS  ns1.example.com.
example.com.  IN  NS  ns2.example.com.

CNAME - Canonical Name

Creates an alias from one name to another. Format: <name> [<ttl>] IN CNAME <target> 
www.example.com.  IN  CNAME  example.com.
ftp.example.com.  IN  CNAME  example.com.
A CNAME record cannot coexist with other record types at the same name (except DNSSEC records like RRSIG and NSEC).

PTR - Pointer

Maps an IP address to a domain name (reverse DNS). Format: <reverse-ip> [<ttl>] IN PTR <hostname> 
1.2.0.192.in-addr.arpa.  IN  PTR  example.com.
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. IN PTR example.com.

MX - Mail Exchange

Specifies mail servers for the domain. Format: <name> [<ttl>] IN MX <priority> <mailserver> 
example.com.  IN  MX  10  mail1.example.com.
example.com.  IN  MX  20  mail2.example.com.
example.com.  IN  MX  30  mail3.example.com.
Lower priority values are preferred.

TXT - Text

Stores arbitrary text data, often used for SPF, DKIM, verification, etc. Format: <name> [<ttl>] IN TXT <text> 
example.com.  IN  TXT  "v=spf1 mx -all"
example.com.  IN  TXT  "google-site-verification=abc123"
_dmarc.example.com.  IN  TXT  "v=DMARC1; p=reject; rua=mailto:[email protected]"
Multiple strings can be specified: 
example.com.  IN  TXT  "string 1" "string 2"

Service Location

SRV - Service

Specifies location of services. Format: <service>.<proto>.<name> [<ttl>] IN SRV <priority> <weight> <port> <target> 
_http._tcp.example.com.    IN  SRV  10  60  80   server1.example.com.
_http._tcp.example.com.    IN  SRV  10  40  80   server2.example.com.
_foobar._tcp.example.com.  IN  SRV  0   1   9    old-slow-box.example.com.
_foobar._tcp.example.com.  IN  SRV  0   3   9    new-fast-box.example.com.
Fields:
  • Priority: Lower values preferred (like MX)
  • Weight: Relative weight for same priority
  • Port: TCP/UDP port number
  • Target: Hostname providing the service

NAPTR - Naming Authority Pointer

Provides rules for rewriting domain names, often used in ENUM and SIP. Format: <name> [<ttl>] IN NAPTR <order> <preference> <flags> <service> <regexp> <replacement> 
example.com.  IN  NAPTR  100  10  "u"  "sip+E2U"  "!^.*$!sip:[email protected]!"  .

DNSSEC Records

Public key for DNSSEC validation.Format: <name> [<ttl>] IN DNSKEY <flags> <protocol> <algorithm> <public-key>
example.com.  IN  DNSKEY  256  3  8  AwEAAa79LdJa...
example.com.  IN  DNSKEY  257  3  8  AwEAAZ0aqu1r...
Flags:
  • 256: Zone Signing Key (ZSK)
  • 257: Key Signing Key (KSK)
Algorithms:
  • 8: RSASHA256
  • 13: ECDSAP256SHA256
  • 15: ED25519

Security and Certificates

TLSA - TLS Authentication

Associates a TLS server certificate with the domain (DANE). Format: <name> [<ttl>] IN TLSA <usage> <selector> <matching-type> <certificate-data> 
_443._tcp.example.com.  IN  TLSA  3  1  1  1234567890ABCDEF...
Usage values:
  • 0: CA constraint
  • 1: Service certificate constraint
  • 2: Trust anchor assertion
  • 3: Domain-issued certificate

SSHFP - SSH Fingerprint

Publishes SSH host key fingerprints. Format: <name> [<ttl>] IN SSHFP <algorithm> <fp-type> <fingerprint> 
server.example.com.  IN  SSHFP  1  1  1234567890ABCDEF...
server.example.com.  IN  SSHFP  2  1  FEDCBA0987654321...
Algorithms:
  • 1: RSA
  • 2: DSA
  • 3: ECDSA
  • 4: Ed25519

CAA - Certification Authority Authorization

Specifies which CAs are allowed to issue certificates for the domain. Format: <name> [<ttl>] IN CAA <flags> <tag> <value> 
example.com.  IN  CAA  0  issue "letsencrypt.org"
example.com.  IN  CAA  0  issuewild ";"
example.com.  IN  CAA  0  iodef "mailto:[email protected]"

CERT - Certificate

Stores certificates. Format: <name> [<ttl>] IN CERT <type> <key-tag> <algorithm> <certificate> 
example.com.  IN  CERT  PKIX  0  0  MIIC...

Modern Standards

SVCB - Service Binding

Provides alternative endpoints for services with connection parameters. Format: <name> [<ttl>] IN SVCB <priority> <target> <params> 
example.com.  IN  SVCB  0  example.com.
example.com.  IN  SVCB  1  svc.example.com. alpn="h2,h3" ipv4hint=192.0.2.1

HTTPS - HTTPS Binding

Specialized SVCB for HTTPS. Format: <name> [<ttl>] IN HTTPS <priority> <target> <params> 
example.com.  IN  HTTPS  1  . alpn="h2,h3"

Legacy and Experimental

Start of Authority (required for every zone).
example.com.  IN  SOA  ns.example.com. admin.example.com. (
    2020080302  ; Serial
    7200        ; Refresh
    3600        ; Retry
    1209600     ; Expire
    3600 )      ; Negative TTL

Additional Record Types

AFSDB - AFS Database

example.com.  IN  AFSDB  1  afsdb.example.com.

KX - Key Exchanger

example.com.  IN  KX  10  kx.example.com.

RT - Route Through

example.com.  IN  RT  10  relay.example.com.

DHCID - DHCP Identifier

host.example.com.  IN  DHCID  AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=

OPENPGPKEY - OpenPGP Key

hash._openpgpkey.example.com.  IN  OPENPGPKEY  mQENBE...

URI - Uniform Resource Identifier

_ftp._tcp.example.com.  IN  URI  10  1  "ftp://ftp.example.com/public"

EUI48 / EUI64 - MAC Addresses

device.example.com.  IN  EUI48  01-23-45-67-89-ab
device.example.com.  IN  EUI64  01-23-45-67-89-ab-cd-ef

Special Query Types

These types are used in queries but not stored in zone files:
  • AXFR (252): Zone transfer request
  • IXFR (251): Incremental zone transfer request
  • ANY (255): Request for all records

Record Type Reference Table

TypeNumberPurposeRFC
A1IPv4 addressRFC 1035
NS2Name serverRFC 1035
CNAME5Canonical nameRFC 1035
SOA6Start of authorityRFC 1035
PTR12PointerRFC 1035
MX15Mail exchangeRFC 1035
TXT16TextRFC 1035
AAAA28IPv6 addressRFC 3596
SRV33ServiceRFC 2762
NAPTR35Naming authority pointerRFC 2915
DS43Delegation signerRFC 4034
SSHFP44SSH fingerprintRFC 4255
RRSIG46DNSSEC signatureRFC 4034
NSEC47Next secureRFC 4034
DNSKEY48DNS public keyRFC 4034
NSEC350Next secure v3RFC 5155
TLSA52TLS authenticationRFC 6698
SVCB64Service bindingRFC 9460
HTTPS65HTTPS bindingRFC 9460
CAA257Certification authorityRFC 6844

See Also

Build docs developers (and LLMs) love

Get started for freeTalk to us