<P> This list of DNS record types is an overview of resource records (RRs) permissible in zone files of the Domain Name System (DNS). It also contains pseudo-RRs . </P> <Table> <Tr> <Th> Type </Th> <Th> Type id . (decimal) </Th> <Th> Defining RFC </Th> <Th> Description </Th> <Th> Function </Th> </Tr> <Tr> <Td> </Td> <Td> </Td> <Td> RFC 1035 </Td> <Td> Address record </Td> <Td> Returns a 32 - bit IPv4 address, most commonly used to map hostnames to an IP address of the host, but it is also used for DNSBLs, storing subnet masks in RFC 1101, etc . </Td> </Tr> <Tr> <Td> AAAA </Td> <Td> 28 </Td> <Td> RFC 3596 </Td> <Td> IPv6 address record </Td> <Td> Returns a 128 - bit IPv6 address, most commonly used to map hostnames to an IP address of the host . </Td> </Tr> <Tr> <Td> AFSDB </Td> <Td> 18 </Td> <Td> RFC 1183 </Td> <Td> AFS database record </Td> <Td> Location of database servers of an AFS cell . This record is commonly used by AFS clients to contact AFS cells outside their local domain . A subtype of this record is used by the obsolete DCE / DFS file system . </Td> </Tr> <Tr> <Td> APL </Td> <Td> 42 </Td> <Td> RFC 3123 </Td> <Td> Address Prefix List </Td> <Td> Specify lists of address ranges, e.g. in CIDR format, for various address families . Experimental . </Td> </Tr> <Tr> <Td> CAA </Td> <Td> 257 </Td> <Td> RFC 6844 </Td> <Td> Certification Authority Authorization </Td> <Td> DNS Certification Authority Authorization, constraining acceptable CAs for a host / domain </Td> </Tr> <Tr> <Td> CDNSKEY </Td> <Td> 60 </Td> <Td> RFC 7344 </Td> <Td> Child DNSKEY </Td> <Td> Child copy of DNSKEY record, for transfer to parent </Td> </Tr> <Tr> <Td> CDS </Td> <Td> 59 </Td> <Td> RFC 7344 </Td> <Td> Child DS </Td> <Td> Child copy of DS record, for transfer to parent </Td> </Tr> <Tr> <Td> CERT </Td> <Td> 37 </Td> <Td> RFC 4398 </Td> <Td> Certificate record </Td> <Td> Stores PKIX, SPKI, PGP, etc . </Td> </Tr> <Tr> <Td> CNAME </Td> <Td> 5 </Td> <Td> RFC 1035 </Td> <Td> Canonical name record </Td> <Td> Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name . </Td> </Tr> <Tr> <Td> DHCID </Td> <Td> 49 </Td> <Td> RFC 4701 </Td> <Td> DHCP identifier </Td> <Td> Used in conjunction with the FQDN option to DHCP </Td> </Tr> <Tr> <Td> DLV </Td> <Td> 32769 </Td> <Td> RFC 4431 </Td> <Td> DNSSEC Lookaside Validation record </Td> <Td> For publishing DNSSEC trust anchors outside of the DNS delegation chain . Uses the same format as the DS record . RFC 5074 describes a way of using these records . </Td> </Tr> <Tr> <Td> DNAME </Td> <Td> 39 </Td> <Td> RFC 6672 </Td> <Td> </Td> <Td> Alias for a name and all its subnames, unlike CNAME, which is an alias for only the exact name . Like a CNAME record, the DNS lookup will continue by retrying the lookup with the new name . </Td> </Tr> <Tr> <Td> DNSKEY </Td> <Td> 48 </Td> <Td> RFC 4034 </Td> <Td> DNS Key record </Td> <Td> The key record used in DNSSEC . Uses the same format as the KEY record . </Td> </Tr> <Tr> <Td> DS </Td> <Td> 43 </Td> <Td> RFC 4034 </Td> <Td> Delegation signer </Td> <Td> The record used to identify the DNSSEC signing key of a delegated zone </Td> </Tr> <Tr> <Td> HIP </Td> <Td> 55 </Td> <Td> RFC 8005 </Td> <Td> Host Identity Protocol </Td> <Td> Method of separating the end - point identifier and locator roles of IP addresses . </Td> </Tr> <Tr> <Td> IPSECKEY </Td> <Td> 45 </Td> <Td> RFC 4025 </Td> <Td> IPsec Key </Td> <Td> Key record that can be used with IPsec </Td> </Tr> <Tr> <Td> KEY </Td> <Td> 25 </Td> <Td> RFC 2535 and RFC 2930 </Td> <Td> Key record </Td> <Td> Used only for SIG (0) (RFC 2931) and TKEY (RFC 2930). RFC 3445 eliminated their use for application keys and limited their use to DNSSEC . RFC 3755 designates DNSKEY as the replacement within DNSSEC . RFC 4025 designates IPSECKEY as the replacement for use with IPsec . </Td> </Tr> <Tr> <Td> KX </Td> <Td> 36 </Td> <Td> RFC 2230 </Td> <Td> Key Exchanger record </Td> <Td> Used with some cryptographic systems (not including DNSSEC) to identify a key management agent for the associated domain - name . Note that this has nothing to do with DNS Security . It is Informational status, rather than being on the IETF standards - track . It has always had limited deployment, but is still in use . </Td> </Tr> <Tr> <Td> LOC </Td> <Td> 29 </Td> <Td> RFC 1876 </Td> <Td> Location record </Td> <Td> Specifies a geographical location associated with a domain name </Td> </Tr> <Tr> <Td> MX </Td> <Td> 15 </Td> <Td> RFC 1035 and RFC 7505 </Td> <Td> Mail exchange record </Td> <Td> Maps a domain name to a list of message transfer agents for that domain </Td> </Tr> <Tr> <Td> NAPTR </Td> <Td> 35 </Td> <Td> RFC 3403 </Td> <Td> Naming Authority Pointer </Td> <Td> Allows regular - expression - based rewriting of domain names which can then be used as URIs, further domain names to lookups, etc . </Td> </Tr> <Tr> <Td> NS </Td> <Td> </Td> <Td> RFC 1035 </Td> <Td> Name server record </Td> <Td> Delegates a DNS zone to use the given authoritative name servers </Td> </Tr> <Tr> <Td> NSEC </Td> <Td> 47 </Td> <Td> RFC 4034 </Td> <Td> Next Secure record </Td> <Td> Part of DNSSEC--used to prove a name does not exist . Uses the same format as the (obsolete) NXT record . </Td> </Tr> <Tr> <Td> NSEC3 </Td> <Td> 50 </Td> <Td> RFC 5155 </Td> <Td> Next Secure record version 3 </Td> <Td> An extension to DNSSEC that allows proof of nonexistence for a name without permitting zonewalking </Td> </Tr> <Tr> <Td> NSEC3PARAM </Td> <Td> 51 </Td> <Td> RFC 5155 </Td> <Td> NSEC3 parameters </Td> <Td> Parameter record for use with NSEC3 </Td> </Tr> <Tr> <Td> OPENPGPKEY </Td> <Td> 61 </Td> <Td> RFC 7929 </Td> <Td> OpenPGP public key record </Td> <Td> A DNS - based Authentication of Named Entities (DANE) method for publishing and locating OpenPGP public keys in DNS for a specific email address using an OPENPGPKEY DNS resource record . </Td> </Tr> <Tr> <Td> PTR </Td> <Td> 12 </Td> <Td> RFC 1035 </Td> <Td> Pointer record </Td> <Td> Pointer to a canonical name . Unlike a CNAME, DNS processing stops and just the name is returned . The most common use is for implementing reverse DNS lookups, but other uses include such things as DNS - SD . </Td> </Tr> <Tr> <Td> RRSIG </Td> <Td> 46 </Td> <Td> RFC 4034 </Td> <Td> DNSSEC signature </Td> <Td> Signature for a DNSSEC - secured record set . Uses the same format as the SIG record . </Td> </Tr> <Tr> <Td> RP </Td> <Td> 17 </Td> <Td> RFC 1183 </Td> <Td> Responsible Person </Td> <Td> Information about the responsible person (s) for the domain . Usually an email address with the @ replaced by a . </Td> </Tr> <Tr> <Td> SIG </Td> <Td> 24 </Td> <Td> RFC 2535 </Td> <Td> Signature </Td> <Td> Signature record used in SIG (0) (RFC 2931) and TKEY (RFC 2930). RFC 3755 designated RRSIG as the replacement for SIG for use within DNSSEC . </Td> </Tr> <Tr> <Td> SOA </Td> <Td> 6 </Td> <Td> RFC 1035 and RFC 2308 </Td> <Td> Start of (a zone of) authority record </Td> <Td> Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone . </Td> </Tr> <Tr> <Td> SRV </Td> <Td> 33 </Td> <Td> RFC 2782 </Td> <Td> Service locator </Td> <Td> Generalized service location record, used for newer protocols instead of creating protocol - specific records such as MX . </Td> </Tr> <Tr> <Td> SSHFP </Td> <Td> 44 </Td> <Td> RFC 4255 </Td> <Td> SSH Public Key Fingerprint </Td> <Td> Resource record for publishing SSH public host key fingerprints in the DNS System, in order to aid in verifying the authenticity of the host . RFC 6594 defines ECC SSH keys and SHA - 256 hashes . See the IANA SSHFP RR parameters registry for details . </Td> </Tr> <Tr> <Td> TA </Td> <Td> 32768 </Td> <Td> N / A </Td> <Td> DNSSEC Trust Authorities </Td> <Td> Part of a deployment proposal for DNSSEC without a signed DNS root . See the IANA database and Weiler Spec for details . Uses the same format as the DS record . </Td> </Tr> <Tr> <Td> TKEY </Td> <Td> 249 </Td> <Td> RFC 2930 </Td> <Td> Transaction Key record </Td> <Td> A method of providing keying material to be used with TSIG that is encrypted under the public key in an accompanying KEY RR . </Td> </Tr> <Tr> <Td> TLSA </Td> <Td> 52 </Td> <Td> RFC 6698 </Td> <Td> TLSA certificate association </Td> <Td> A record for DANE . RFC 6698 defines "The TLSA DNS resource record is used to associate a TLS server certificate or public key with the domain name where the record is found, thus forming a' TLSA certificate association"'. </Td> </Tr> <Tr> <Td> TSIG </Td> <Td> 250 </Td> <Td> RFC 2845 </Td> <Td> Transaction Signature </Td> <Td> Can be used to authenticate dynamic updates as coming from an approved client, or to authenticate responses as coming from an approved recursive name server similar to DNSSEC . </Td> </Tr> <Tr> <Td> TXT </Td> <Td> 16 </Td> <Td> RFC 1035 </Td> <Td> Text record </Td> <Td> Originally for arbitrary human - readable text in a DNS record . Since the early 1990s, however, this record more often carries machine - readable data, such as specified by RFC 1464, opportunistic encryption, Sender Policy Framework, DKIM, DMARC, DNS - SD, etc . </Td> </Tr> <Tr> <Td> URI </Td> <Td> 256 </Td> <Td> RFC 7553 </Td> <Td> Uniform Resource Identifier </Td> <Td> Can be used for publishing mappings from hostnames to URIs . </Td> </Tr> </Table> <Tr> <Th> Type </Th> <Th> Type id . (decimal) </Th> <Th> Defining RFC </Th> <Th> Description </Th> <Th> Function </Th> </Tr>

Which record type on a dns server represents an ipv6 host