Back to Learn

DNS Zone File Record Types | NOC.org

DNS Record Types Overview

A DNS zone file contains records that map domain names to IP addresses, define mail routing, establish aliases, and store metadata. Each record type serves a specific purpose in the domain name system. This guide covers the most common record types you'll encounter when managing authoritative DNS.

A Record (Address)

The A record maps a hostname to an IPv4 address. It is the most fundamental DNS record — without it, browsers cannot find your server.

example.com.    3600    IN    A    93.184.216.34
www.example.com. 3600   IN    A    93.184.216.34

A domain can have multiple A records pointing to different IP addresses for load balancing or redundancy. The resolver will return all records and the client typically connects to the first one.

AAAA Record (IPv6 Address)

The AAAA record is the IPv6 equivalent of the A record. As IPv6 adoption grows, having AAAA records ensures your domain is reachable by IPv6-only clients.

example.com.    3600    IN    AAAA    2606:2800:220:1::248

CNAME Record (Canonical Name)

A CNAME record creates an alias from one hostname to another. Instead of duplicating A records, you point the alias to the canonical name and let DNS resolve the chain.

blog.example.com.    3600    IN    CNAME    example.com.
shop.example.com.    3600    IN    CNAME    mystore.shopify.com.

Important restrictions:

  • A CNAME cannot coexist with other record types for the same hostname
  • The zone apex (bare domain like example.com) cannot have a CNAME — use an A record or ALIAS/ANAME if your provider supports it
  • CNAME records add an extra DNS lookup, which slightly increases resolution time

MX Record (Mail Exchange)

MX records direct email for a domain to the correct mail servers. Each MX record has a priority value — lower numbers are tried first.

example.com.    3600    IN    MX    10    mail1.example.com.
example.com.    3600    IN    MX    20    mail2.example.com.

In this example, mail is delivered to mail1 first. If it's unavailable, the sending server falls back to mail2. MX records must point to hostnames with A/AAAA records, not IP addresses or CNAMEs.

TXT Record (Text)

TXT records store arbitrary text data associated with a hostname. They are heavily used for domain verification and email security:

; SPF — authorize mail servers
example.com.    3600    IN    TXT    "v=spf1 include:_spf.google.com ~all"

; Domain verification
example.com.    3600    IN    TXT    "google-site-verification=abc123..."

; DKIM — email signing
selector._domainkey.example.com. 3600 IN TXT "v=DKIM1; k=rsa; p=MIGf..."

For email-specific TXT records, see DNS Email Security Records.

NS Record (Nameserver)

NS records declare which servers are authoritative for a zone. Every domain needs at least two NS records for redundancy.

example.com.    86400    IN    NS    ns1.noc.org.
example.com.    86400    IN    NS    ns2.noc.org.

NS records at the zone apex must match the nameservers configured at your domain registrar. NS records can also be used to delegate subdomains to different nameservers.

SOA Record (Start of Authority)

The SOA record is required in every zone and contains metadata about the zone itself:

example.com.  86400  IN  SOA  ns1.noc.org. admin.example.com. (
    2024030601  ; Serial
    3600        ; Refresh
    900         ; Retry
    604800      ; Expire
    86400       ; Minimum TTL
)

The serial number must increment with every zone change — secondary nameservers use it to determine if they need to pull updates.

SRV Record (Service)

SRV records define the location of specific services, including the port number, priority, and weight. They are commonly used for SIP, XMPP, LDAP, and Microsoft services.

_sip._tcp.example.com. 3600 IN SRV 10 60 5060 sip.example.com.

The format is: _service._protocol.domain TTL IN SRV priority weight port target

CAA Record (Certificate Authority Authorization)

CAA records specify which Certificate Authorities are allowed to issue SSL/TLS certificates for your domain. This prevents unauthorized CAs from issuing certificates.

example.com.  3600  IN  CAA  0 issue "letsencrypt.org"
example.com.  3600  IN  CAA  0 issuewild "letsencrypt.org"
example.com.  3600  IN  CAA  0 iodef "mailto:security@example.com"
  • issue — Authorizes a CA for standard certificates
  • issuewild — Authorizes a CA for wildcard certificates
  • iodef — Where to send violation reports

PTR Record (Pointer)

PTR records provide reverse DNS lookup — mapping an IP address back to a hostname. They are managed by the IP address owner (usually your hosting provider) rather than in your domain's zone file.

34.216.184.93.in-addr.arpa. 3600 IN PTR example.com.

PTR records are important for email deliverability. Mail servers often check that the sending IP's PTR record matches the HELO/EHLO hostname.

Record Type Summary

RecordPurposePoints To
AIPv4 address mappingIP address
AAAAIPv6 address mappingIPv6 address
CNAMEAlias to another hostnameHostname
MXMail routingMail server hostname
TXTText data / verificationText string
NSAuthoritative nameserversNameserver hostname
SOAZone authority metadataPrimary NS + parameters
SRVService locationHost + port + priority
CAACA authorizationCA domain
PTRReverse lookupHostname

Related Topics