Cheat Sheet
DNS Record Types Cheat Sheet
Quick reference for all common DNS record types used in system administration, networking, and cloud infrastructure.
Quick Reference
Most common record
A
IPv6 record
AAAA
Mail routing
MX
Name alias
CNAME
Text / SPF / DKIM
TXT
Authoritative servers
NS
Tip: DNS record types are case-insensitive.
A, a, and a all refer to the same record type. TTL (Time To Live) controls how long resolvers cache a record — lower TTL means faster propagation after changes.
Address Records
Records that map a hostname to an IP address. These are the most fundamental DNS records.
| Type | Full name | Maps to | Example value | Use case |
|---|---|---|---|---|
A | Address | IPv4 address | 192.0.2.1 | Point domain to server IP |
AAAA | IPv6 Address | IPv6 address | 2001:db8::1 | Point domain to IPv6 server |
CNAME | Canonical Name | Another hostname | www.example.com | Alias — redirect one name to another |
ALIAS | Alias (ANAME) | Another hostname | example.com | Root domain alias (not all providers) |
CNAME restriction: A CNAME record cannot coexist with other records for the same name. You cannot use CNAME at the zone apex (root domain like
example.com) — only on subdomains like www.example.com.
Mail Records
Records that control email routing and authentication for a domain.
| Type | Full name | Purpose | Example value |
|---|---|---|---|
MX | Mail Exchanger | Routes email to mail server | 10 mail.example.com |
TXT | Text (SPF) | Defines authorized senders | v=spf1 include:_spf.google.com ~all |
TXT | Text (DKIM) | Email signature verification | v=DKIM1; k=rsa; p=MIGf... |
TXT | Text (DMARC) | Email policy enforcement | v=DMARC1; p=reject; rua=mailto:... |
MX priority: Lower number = higher priority.
10 mail1.example.com is preferred over 20 mail2.example.com. Multiple MX records provide redundancy.
Infrastructure Records
Records that define the DNS zone structure and infrastructure configuration.
| Type | Full name | Purpose | Example value |
|---|---|---|---|
NS | Name Server | Authoritative name servers for zone | ns1.example.com |
SOA | Start of Authority | Zone metadata and primary NS | ns1.example.com admin.example.com 2024... |
PTR | Pointer | Reverse DNS — IP to hostname | server.example.com |
SRV | Service | Service location (port + host) | 10 5 443 server.example.com |
CAA | Cert Authority Auth | Which CAs may issue SSL certs | 0 issue "letsencrypt.org" |
All DNS Record Types — Full Reference
Complete reference table of all common DNS record types sorted by category.
| Type | Full name | RFC | Description |
|---|---|---|---|
A | Address | RFC 1035 | Maps hostname to IPv4 address |
AAAA | IPv6 Address | RFC 3596 | Maps hostname to IPv6 address |
CNAME | Canonical Name | RFC 1035 | Alias from one name to another |
MX | Mail Exchanger | RFC 1035 | Mail server for the domain |
TXT | Text | RFC 1035 | Arbitrary text — SPF, DKIM, DMARC, verification |
NS | Name Server | RFC 1035 | Authoritative name servers for zone |
SOA | Start of Authority | RFC 1035 | Zone metadata, serial, TTL defaults |
PTR | Pointer | RFC 1035 | Reverse DNS — IP address to hostname |
SRV | Service | RFC 2782 | Service port and host location |
CAA | Cert Authority Auth | RFC 6844 | Authorized certificate authorities |
NAPTR | Naming Authority Pointer | RFC 3403 | Rewriting rules — used in VoIP/SIP |
TLSA | TLS Authentication | RFC 6698 | Binds TLS certificate to domain (DANE) |
DS | Delegation Signer | RFC 4034 | DNSSEC — links child zone to parent |
DNSKEY | DNS Key | RFC 4034 | DNSSEC public key for zone |
SSHFP | SSH Fingerprint | RFC 4255 | SSH public key fingerprint |
HINFO | Host Info | RFC 1035 | CPU and OS type (rarely used) |
SRV Record Format
SRV records define the location of services. The format is more complex than other record types.
_service._proto.name TTL IN SRV priority weight port target
| Field | Description | Example |
|---|---|---|
_service | Service name (e.g. _https, _sip) | _https |
_proto | Protocol (_tcp or _udp) | _tcp |
priority | Lower = higher priority | 10 |
weight | Load balancing weight | 5 |
port | TCP/UDP port number | 443 |
target | Target hostname | server.example.com |
Real example:
_sip._tcp.example.com 3600 IN SRV 10 5 5060 sip.example.com — routes SIP traffic to port 5060.
Frequently Asked Questions
What is the difference between A and CNAME records?
An
A record maps a hostname directly to an IPv4 address. A CNAME record is an alias that maps one hostname to another hostname. CNAMEs are useful for subdomains that should follow the same IP as the root domain, but they cannot be used at the zone apex (root domain).Why can’t I use a CNAME at the root domain?
The DNS specification (RFC 1035) prohibits CNAME records from coexisting with other record types at the same name. Since the zone apex always has at least SOA and NS records, a CNAME is not allowed there. Use ALIAS or ANAME records (provider-specific) or an A record instead.
What is TTL and what value should I use?
TTL (Time To Live) is measured in seconds and controls how long DNS resolvers cache a record. Use lower values (300–900 seconds) before planned changes, and higher values (3600–86400 seconds) for stable records to reduce DNS lookup overhead. Common values: 300 (5 min), 3600 (1 hour), 86400 (24 hours).
How do I verify a DNS record was applied?
Use
nslookup example.com, dig example.com A, or Resolve-DnsName example.com in PowerShell. Online tools like MXToolbox or Google Admin Toolbox also show current DNS records. Remember that propagation can take up to the TTL value of the previous record.What is reverse DNS and when do I need it?
Reverse DNS (PTR records) maps an IP address back to a hostname. It is primarily used by mail servers to verify sender identity — many spam filters reject mail from IPs without a matching PTR record. Reverse DNS is managed by your IP address provider, not your domain registrar.