DNS Records Explained: Record Types and Uses
The domain name system is the system responsible for translating domain names into IP addresses, making websites easily accessible to all users. But DNS has several essential components of its own, including a number of DNS records. DNS records contain valuable information about a domain's DNS configuration. In this article, learn what a DNS record is, the role they play in site functionality, and the most common types of DNS records, including SPF records, CNAME records, and MX records.
What is a DNS record?
The domain name system, or DNS, is a global system that translates website names into their respective IP addresses so users can easily navigate between webpages on the Internet. DNS records, then, are simply pieces of information that are stored in a DNS database and used to map a URL to an IP address. Every time you surf the Internet, you're using DNS records. When you enter a URL into a browser, like google.com, the DNS records retrieve the associated IP address and serve you the correct website.
Essentially, DNS records are the data components of the DNS system. They keep the Internet working in the way that we expect. These records are kept on DNS servers, and every website has DNS records, whatever type of records they may be.
Purpose of DNS records
Domain name system records hold information about domain names and their associated IP address. They pair an IP address to a domain name so that you don't need to remember the numeric code associated with a domain.
The DNS system uses these records to map between domain names and IP addresses. The records also contain other important information, such as the record's time-to-live (TTL), which determines how long DNS servers will cache a record.
Five components of a DNS record
Domain name system records are made up of several components that define the properties of the record. These components include:
- Name: The domain name is the readable name that a record is associated with, such as whatismyip.com.
- Type: The record type determines the purpose of the DNS record. Each record has a unique purpose.
- Time-to-live (TTL): The TTL value determines how long a DNS resolver should cache the DNS record before it needs a refresh. This helps to reduce DNS lookup times and network traffic.
- Data: This refers to the actual data associated with the DNS record, such as an IP address or mail servers.
- Value: The value of a DNS record depends on its type. For example, an A record contains the value of the IP address that the domain name should map to. But a TXT record's value is the arbitrary text data associated with the domain.
Common DNS records
There are different kinds of DNS records, each with their own purpose. Understanding them is crucial, especially when you need to change something regarding your domain. Below are the most common types of DNS records and what they do.
A records are the most common DNS record type used to translate domain names into IP addresses. A records map domain names to IPv4 addresses. Web browsers, email clients, and other applications use A records to connect to servers and services associated with a domain.
By specifying an A record, domain owners can ensure that their website or service is accessible to users around the world by allowing DNS resolvers to correctly identify their IPs.
AAAA records are similar to A records, but AAAA records map domain names to IPv6 addresses. Their purpose is to provide a way for users to connect to servers and services using the newer IPv6 protocol, which uses longer and more complex addresses than the older IPv4 protocol. AAAA records support the transition from IPv4 to IPv6 and ensure that websites are accessible to users on both types of networks.
MX records, or Mail Exchange records, specify the mail server responsible for handling a domain's email. They aim to enable email messages to correctly arrive at a given domain's server. Without MX records, email messages wouldn't properly send, resulting in delivery failure errors.
CNAME records, or canonical name records, create aliases for domain names. They map one domain name to another, allowing users to access a website or other resource using multiple domain names.
CNAME records commonly create subdomains - separate sections of a website accessible using a unique domain name.
TXT records are a form of domain name system record that contain textual information about a domain name. They provide additional information about a domain name to various services, like email servers and spam filters.
DNS TXT records can contain any arbitrary text data, but they commonly store information like SPF (Sender Policy Framework) records, DKIM (DomainKeys Identified Mail) keys, and DMARC (Domain-based Message Authentication, Reporting, and Conformance) policies. The records improve the security and functionality of various Internet services. Common uses for TXT records include SPF records for email authentication and verification for services like Google Search Console.
NS (name server) records identify the authoritative name servers for a domain. Their primary role is to allow DNS resolvers to determine which servers are responsible for handling queries related to a domain. In general, because DNS NS records allow resolvers to locate the authoritative name servers for domains, they are not able to resolve domain-related queries.
A DS record (Delegation Signer record) is a type of DNS record that secures the delegation of a domain name to a child zone. It connects the parent zone and the child zone, ensuring that only authorized changes are made to the DNS records in the child zone.
For instance, if a domain name registrar wants to delegate a subdomain to a different DNS provider, they can use a DS record to securely transfer the delegation and ensure that the new DNS provider has the necessary keys to manage the subdomain's DNS records.
CAA records are responsible for providing additional confirmation for the Certification Authority (CA) when validating an SSL certificate.
The record lets domain owners control which CAs can issue certificates for their domains, thereby reducing the risk of fraudulent or unauthorized certificates.
DNSKEY is a DNS record type that contains a public signing key. If you want to migrate a DNSSEC signed zone to another DNS operator, you need to see the DNSKEY records. It enables DNS resolvers to verify the authenticity of DNS responses received from authoritative name servers.
Because they contain the public key, the DNSKEY record is used to verify signatures created by the corresponding private key. This proves secure, unaltered responses.
A SRV record, or service record, is a DNS record that speficies the location of servers for a particular service within a domain. It enables you to discover the location of a specific service, such as a mail server or a web server, without having to know the server's IP address.
PTR records, also known as pointer records, resolve IP addresses into domain names, They do exactly the opposite of what A records do. DNS PTR records are mostly used in reverse DNS lookups, which determine the domain name associated with an IP address.
DNS SOA (start of authority) records store administrative information about domains or zones. This includes the primary name server, the time a server should wait between refreshes, and the last time a domain updated. They're useful with zone transfers because all DNS zones require this record to conform to IETF standards. SOA records are typically the first DNS records returned in responses to domain name queries.
Other DNS records
Though the records above are most common, there are many other types of DNS records that you may encounter.
An HTTPS DNS record enables secure communication between web servers and web browsers. Therefore, it helps ensure that you visit authentic websites that encrypt your data. If your website has an HTTPS DNS record, the DNS server responds with the IP address. It also indicates that the website supports HTTPS.
In the DNS system, a LOC record provides physical location for a domain name. It contains latitude, longitude, and altitude data as well a location accuracy and host physical size.
This record works with applications that require location-based services, like mapping or geolocation. However, LOC records aren't widely used because they aren't supported by all clients and servers.
NAPTR records say publicly what protocols a certain domain implements. An NAPTR record connects domain names to various URIs, like Session Initiation Protocol. It also contains regular expressions that define how a hostname should transform into a URI. VoIP (Voice over Internet Protocol) and other communication applications that require the resolution of domain names to URIs primarily use this record.
SMIMEA records publish S/MIME certificate information for a domain. These records contain a hash of the domain's certificate and specifies how to validate the certificate. The record therefore allows email clients to automatically validate the digital signature of incoming email messages from the domain. They offer an additional layer of security for email address communications, especially for organizations that rely heavily on email in their day-to-day operations.
A SPF (Sender Policy Framework) record identifies which mail servers have the authorization to send email on behalf of a particular domain. The record contains a list of IP addresses and hostnames of mail servers that have permission to send email for the domain.
This helps prevent phishing attacks; email receivers can check SPF records to verify a sender's identity. If the email isn't coming from an authorized mail server, then the receiver may reject it or mark it as spam.
SSHFP records, or Secure Shell Fingerprint records, store the public key fingerprints of Secure Shell (SSH) host and user keys. This record type provides a way for SSH clients to verify the authenticity of the SSH server they connect to.
The SVCB (Service Binding) record provides information about the available protocols and configuration options for a particular domain. RFC 8499 defines them, and they can work in conjunction with other records, like A, AAAA, and SRV records, to provide additional information about the available services linked to a domain.
The TLSA record links the public key and the domain name. It also specifies the certificate or public key for use in secure communication with a domain. However, only trust TLSA records on a domain with DNSSEC enabled.
The URI records are defined in RFC 7553. They provide a means to publish mappings from domain names to URLs. With the URI record, you learn additional information about a service associated with a domain, such as the location of a page or a service endpoint.
Frequently asked questions
What are some common DNS record errors?
Common DNS record errors include incorrect IP addresses, misconfigured MX records, and missing or invalid SPF records. Users can typically fix these errors by editing the domain name system records through the web-based control panel provided by the domain registrar.
Can hackers change DNS records?
Yes, hackers can alter domain name system records. These can result in several types of DNS attacks, including man-in-the-middle attacks and DNS hijacking.
How are DNS records created?
DNS records come through a web-base control panel provided by a domain registrar or hosting provider. You can create, edit, or delete records as needed to configure the DNS settings for your domain.
How long does it take for DNS records to propagate?
Domain name system records can take anywhere from a few minutes to several hours to propagate throughout the Internet. It depends on several factors, including the TTL, the value specified in the record, and the DNS caching behaviors of local DNS servers.