CERT : Certificate record ( RFC 4398)
Stores PKIX, SPKI, PGP, etc. |
TKEY : Transaction Key ( RFC 2930)
One way of providing a key to be used with TSIG |
RRSIG : DNSSEC signature ( RFC 4034)
Signature for a DNSSEC-secured record set. Uses the same format as the SIG record. |
SPF : SPF record ( RFC 4408)
Specified as part of the SPF protocol, as an alternative to storing SPF data in TXT records. Uses the same format as the TXT record. |
NSEC3PARAM : NSEC3 parameters ( RFC 5155)
Parameter record for use with NSEC3 |
KEY : Key record ( RFC 4034)
Used only for TKEY (RFC 2930). Before RFC 3755 was published, this was also used for DNSSEC, but DNSSEC now uses DNSKEY. |
NSEC3 : NSEC record version 3 ( RFC 5155)
An extension to DNSSEC that allows proof of nonexistence for a name without permitting zonewalking |
NAPTR : Naming Authority Pointer ( RFC 3403)
Allows regular expression based rewriting of domain names which can then be used as URIs, further domain names to lookups, etc. |
AFSDB : AFS database record ( RFC 1183)
Location of database servers of an AFS cell. This record is commonly used by AFS clients to contact AFS cells outside their local domain. A subtype of this record is used by the obsolete DCE/DFS file system. |
DS : Delegation signer ( RFC 4034)
The record used to identify the DNSSEC signing key of a delegated zone |
DLV : DNSSEC Lookaside Validation record ( RFC 4431)
For publishing DNSSEC trust anchors outside of the DNS delegation chain. Uses the same format as the DS record. RFC 5074 describes a way of using these records. |
MX : mail exchange record ( RFC 1035)
Maps a domain name to a list of mail exchange servers for that domain |
SSHFP : SSH Public Key Fingerprint ( RFC 4255)
Resource record for publishing SSH public host key fingerprints in the DNS System, in order to aid in verifying the authenticity of the host. |
OPT : Option ( RFC 2671)
This is a 'pseudo DNS record type' needed to support EDNS |
PTR : pointer record ( RFC 1035)
Pointer to a canonical name. Unlike a CNAME, DNS processing does NOT proceed, just the name is returned. The most common use is for implementing reverse DNS lookups, but other uses include such things as DNS-SD. |
AXFR : Full Zone Transfer ( RFC 1035)
Transfer entire zone file from the master name server to secondary name servers. |
TSIG : Transaction Signature ( RFC 2845)
Record that supports one set of security mechanisms for DNS. Used to secure communication between DNS resolvers and Name servers, in contrast to DNSSEC, which secures the actual DNS records from the authoritative name server. |
SOA : start of authority record ( RFC 1035)
Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone. |
