Common DNS Records

Wednesday, August 12, 2015 7:30:44 PM

CNAME Record

Canonical Name record

Specify a domain as an alias for an actual Canonical domain name.

If someone requests an alias, the DNS resolver will encounter the related CNAME record, and will then restart its query using the canonical name.

Example:

Key (Alias)	Value (Canonical Name)
www.bigfont.ca	bigfont1.azurewebsites.net

A Record (or AAAA)

Address record

Specify an IPv4 address for a domain name.

(An AAAA record does the same for IPv6.)

Example:

Key (Domain)	Value (IP Address)
bigfont.ca	70.85.232.2

MX Record

Mail Exchanger record

Specify a mail server responsible for accepting email messages on behalf of a domain.

Key	Value
bigfont.ca	8be46537a874bf4aadf6ca90d0ef82.pamx1.hotmail.com [10]

SRV Record

Service record

Specify the hostname and port number of servers for certain services.

TXT Record

Text record

Specify arbitrary human/machine-readable records.

The following common ones prevent email forgery.

SPF

Sender Policy Framework

Specify the authorized mail servers for a domain.

Example: “Use SPF version one, include the SPF policies from hotmail.com, and do a soft fail for everything that that policy does not match.”

Key (Domain)	Value (SPF Policy)
bigfont.ca	v=spf1 include:hotmail.com ~all

Example: “Use SPF version one, authorize senders whose IP matches either the A record or the MX record. Do a soft fail for the rest.”

Key (Domain)	Value (SPF Policy)
ingridhauss.com	v=spf1 a mx ~all

Meaning

v indicates the version of SPF to use
the remaining items specify mechanisms that determine authorized servers.

Common Mechanisms

a – match if the domain A record resolves to the sender’s address.
all – always match (useful for soft fails)
include – include the SPF policy from another domain.
mx – match if the domain MX record resolves to the sender’s address.

Common Qualifiers

~ – perform a soft fail instead of a complete fail

DKIM

Domain Keys Identified Email

Specify a public key that must match the digital signature of the outgoing email from a domain.

DMARC

Domain-based Message Authentication, Reporting, and Conformance

Specify that emails from a domain are protected by SPF and/or DKIM. Also specify how to handle fraudulent emails.

FWD Record

This is NOT an actual DNS record. Rather, some domain name registrars use this as a more flexible CNAME record. CNAME records must point to a fully-qualified domain names (FQND) whereas Namespro.ca, for instance, offers a FWD record that can point to other URIs.