Standard Mapping & Routing
A / AAAA
IPv4 / IPv6Maps a domain to a physical IP address. A uses 32-bit (IPv4), AAAA uses 128-bit (IPv6).
example.com. 3600 IN A 192.0.2.1
CNAME
Canonical NameAn alias for another domain. Important: CNAMEs cannot coexist with other records for the same name (except DNSSEC).
www.example.com. 3600 IN CNAME example.com.
ALIAS / ANAME
Pseudo-recordA virtual record that acts like a CNAME but works at the root (apex) level. The provider resolves it to an A/AAAA record at request time.
Use Case: Pointing root domain (example.com) to a Load Balancer or PaaS.
NS
NameserverDelegates a subdomain or zone to a specific set of authoritative nameservers.
example.com. 86400 IN NS ns1.provider.com.
Mail Delivery & Authentication
MX (Mail Exchange)
Defines incoming mail servers. Priority (0-65535) dictates the order of delivery attempts.
10 aspmx.l.google.com.
SPF (via TXT)
Policy listing authorized IP ranges/domains permitted to send mail for your domain.
v=spf1 include:_spf.google.com ~all
DMARC (via TXT)
Instructions for mail servers on how to handle failed SPF/DKIM checks (none, quarantine, reject).
v=DMARC1; p=reject; adkim=s;
Infastructure & Encryption
CAA
Restricts SSL/TLS certificate issuance to specific CAs.
0 issue "letsencrypt.org"
DS (Delegation Signer)
The glue record for DNSSEC. Published at the registrar to link your signed zone to the parent TLD.
Crucial for building the DNSSEC Chain of Trust.
TLSA
DANE (DNS-based Authentication of Named Entities). Pins a specific SSL certificate or CA to a service via DNS.
Commonly used for securing SMTP/mail server connections.
SRV (Service)
Service discovery record. Format: _service._proto.target.
Includes: Priority, Weight, Port, and Target.
Metadata & Zone Control
SOA (Start of Authority)
The mandatory header for every DNS zone. Contains the primary NS, admin email (formatted with a dot), and the zone serial number.
PTR (Pointer)
Reverse DNS. Maps an IP address back to a hostname. Typically managed by the entity that owns the IP space (ISP/Host).