DNS 记录类型

扫码查看

Resource records

TypeValue (decimal)Defining RFCDescriptionFunction
A
1RFC 1035Address recordReturns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host, but also used for DNSBLs, storing subnet masks in RFC 1101, etc.
AAAA
28RFC 3596IPv6 address recordReturns a 128-bit IPv6 address, most commonly used to map hostnames to an IP address of the host.
AFSDB
18RFC 1183AFS database recordLocation of database servers of an AFS cell. This record is commonly used by AFS clients to contact AFS cellsoutside their local domain. A subtype of this record is used by theobsolete DCE/DFS file system.
APL
42RFC 3123Address Prefix ListSpecify lists of address ranges, e.g. in CIDR format, for various address families. Experimental.
CAA
257RFC 6844Certification Authority AuthorizationCA pinning, constraining acceptable CAs for a host/domain
CERT
37RFC 4398Certificate recordStores PKIX, SPKI, PGP, etc.
CNAME5RFC 1035Canonical name recordAlias of one name to another: the DNS lookup will continue by retrying the lookup with the new name.
DHCID
49RFC 4701DHCP identifierUsed in conjunction with the FQDN option to DHCP
DLV
32769RFC 4431DNSSEC Lookaside Validation recordFor publishing DNSSEC trust anchors outside of the DNS delegation chain. Uses the same format as the DS record. RFC 5074 describes a way of using these records.
DNAME39RFC 2672Delegation NameDNAME creates an alias for a name and all its subnames, unlikeCNAME, which aliases only the exact name in its label. Like the CNAMErecord, the DNS lookup will continue by retrying the lookup with the new name.
DNSKEY
48RFC 4034DNS Key recordThe key record used in DNSSEC. Uses the same format as the KEY record.
DS
43RFC 4034Delegation signerThe record used to identify the DNSSEC signing key of a delegated zone
HIP55RFC 5205Host Identity ProtocolMethod of separating the end-point identifier and locator roles of IP addresses.
IPSECKEY
45RFC 4025IPsec KeyKey record that can be used with IPsec
KEY
25RFC 2535 and RFC 2930Key recordUsed only for SIG(0) (RFC 2931) and TKEY (RFC 2930). RFC 3445 eliminated their use for application keys and limited their use to DNSSEC. RFC 3755 designates DNSKEY as the replacement within DNSSEC. RFC 4025 designates IPSECKEY as the replacement for use with IPsec.
KX
36RFC 2230Key eXchanger recordUsed with some cryptographic systems (not including DNSSEC) toidentify a key management agent for the associated domain-name. Notethat this has nothing to do with DNS Security. It is Informationalstatus, rather than being on the IETF standards-track. It has always had limited deployment, but is still in use.
LOC29RFC 1876Location recordSpecifies a geographical location associated with a domain name
MX15RFC 1035Mail exchange recordMaps a domain name to a list of message transfer agents for that domain
NAPTR35RFC 3403Naming Authority PointerAllows regular expression based rewriting of domain names which can then be used as URIs, further domain names to lookups, etc.
NS
2RFC 1035Name server recordDelegates a DNS zone to use the given authoritative name servers
NSEC
47RFC 4034Next-Secure recordPart of DNSSEC—used to prove a name does not exist. Uses the same format as the (obsolete) NXT record.
NSEC3
50RFC 5155NSEC record version 3An extension to DNSSEC that allows proof of nonexistence for a name without permitting zonewalking
NSEC3PARAM
51RFC 5155NSEC3 parametersParameter record for use with NSEC3
PTR
12RFC 1035Pointer recordPointer to a canonical name. Unlike a CNAME, DNS processing does NOT proceed, just the name is returned. The most common use is for implementing reverse DNS lookups, but other uses include such things as DNS-SD.
RRSIG
46RFC 4034DNSSEC signatureSignature for a DNSSEC-secured record set. Uses the same format as the SIG record.
RP
17RFC 1183Responsible personInformation about the responsible person(s) for the domain. Usually an email address with the @ replaced by a .
SIG
24RFC 2535SignatureSignature record used in SIG(0) (RFC 2931) and TKEY (RFC 2930). RFC 3755 designated RRSIG as the replacement for SIG for use within DNSSEC.
SOA
6RFC 1035 and RFC 2308Start of [a zone of] authority recordSpecifies authoritative information about a DNS zone, including the primary name server, the email of the domainadministrator, the domain serial number, and several timers relating torefreshing the zone.
SPF99RFC 4408Sender Policy FrameworkSpecified as part of the SPF protocol as an alternative to storingSPF data in TXT records, using the same format. It was later found that the majority of SPF deployments lack proper support for this record type, and as of August 2013 it’s considered for obsolescence.
SRV33RFC 2782Service locatorGeneralized service location record, used for newer protocols instead of creating protocol-specific records such as MX.
SSHFP
44RFC 4255SSH Public Key FingerprintResource record for publishing SSH public host key fingerprints in the DNS System, in order to aid in verifying the authenticity of the host. RFC 6594 defines ECC SSH keys and SHA-256 hashes. See the IANA SSHFP RR parameters registry for details.
TA
32768N/ADNSSEC Trust AuthoritiesPart of a deployment proposal for DNSSEC without a signed DNS root. See the IANA database and Weiler Spec for details. Uses the same format as the DS record.
TKEY
249RFC 2930Secret key recordA method of providing keying material to be used with TSIG that is encrypted under the public key in an accompanying KEY RR.
TLSA
52RFC 6698TLSA certificate associationA record for DNS-based Authentication of Named Entities (DANE). RFC 6698 defines "The TLSA DNS resource record is used to associate a TLS server certificate or public key with the domain name where the record isfound, thus forming a 'TLSA certificate association'".
TSIG
250RFC 2845Transaction SignatureCan be used to authenticate dynamic updates as coming from an approved client, or to authenticate responses as coming from an approved recursive name server similar to DNSSEC.
TXT
16RFC 1035Text recordOriginally for arbitrary human-readable text in a DNS record. Since the early 1990s, however, this record more often carries machine-readable data, such as specified by RFC 1464, opportunistic encryption, Sender Policy Framework, DKIM, DMARC, DNS-SD, etc.

Other types and pseudo resource records

Other types of records simply provide some types of information (forexample, an HINFO record gives a description of the type of computer/OS a host uses), or others return data used in experimental features. The"type" field is also used in the protocol for various operations.

CodeNumberDefining RFCDescriptionFunction
*255RFC 1035All cached recordsReturns all records of all types known to the name server. If thename server does not have any information on the name, the request willbe forwarded on. The records returned may not be complete. For example,if there is both an A and an MX for a name, but the name server has only the A record cached, only the A record will be returned. Sometimesreferred to as "ANY", for example in Windows nslookup and Wireshark.
AXFR252RFC 1035Authoritative Zone TransferTransfer entire zone file from the master name server to secondary name servers.
IXFR
251RFC 1996Incremental Zone TransferRequests a zone transfer of the given zone but only differences from a previous serial number. This request may be ignored and a full (AXFR) sent in response if the authoritative server is unable to fulfill therequest due to configuration or lack of required deltas.
OPT
41RFC 6891OptionThis is a "pseudo DNS record type" needed to support EDNS
11-29 22:43
查看更多