Overview

Last change on 2025-10-07 • Created on 2025-10-07 • ID: NE-6C82C

Record types

ℹ   Difference between A / AAAA and HTTPS
HTTPS records are relevant if a client tries to access example.com for the first time and doesn't specify "https://" or "http://" at the beginning.

  • No HTTPS record available in DNS zone
    For the initial request, the browser tries plaintext HTTP because it has the best chance to succeed.
  • HTTPS record available in DNS zone
    For the initial request, the browser directly tries HTTPS. If the HTTPS record includes an IP hint, it will connect to that IP address. If the HTTPS record doesn't include an IP hint, it will look for an A / AAAA record and connect to that IP address via HTTPS.
Note: The browser has to support HTTPS records. If a browser doesn't support HTTPS records, it won't check if an HTTPS record is available and all requests are treated as if there is no HTTPS record — even if there is. For this reason, you should always add an A record, even if your HTTPS record includes an IPv4 hint.

Record types that resolve domain requests:

Points (sub)domain to Example
A IPv4 203.0.113.1
AAAA IPv6 2001:db8:5678::1
HTTPS Domain and, optionally, IP
Allows additional parameters		 Value: example.com
Param: ipv4hint=203.0.113.1 alpn="h3,h2"
SVCB Domain and, optionally, IP
Allows additional parameters		 Value: example.com
Param: ipv4hint=203.0.113.1 alpn="h3,h2"
CNAME Domain redirect.example.com
MX Domain (mail server) mail.example.com
NS Domain (name server) oxygen.ns.hetzner.com
Points service to Example
SRV Domain and port Host: _minecraft._tcp.mc.example.com
Value: mc.example.com
Port: 25565

Other record types:

Value Example
TXT plain text ACME challenge
SPF
CAA issue CAs that are allowed to create normal SSL/TLS certificates letsencrypt.org
issuewild CAs that are allowed to create wildcard SSL/TLS certificates letsencrypt.org
issuemail CAs that are allowed to create S/MIME certificates digicert.com
issuevmc CAs that are allowed to create VMC and BIMI certificates digicert.com
contactemail / contactphone Cert contact holu@example.com
iodef Report invalid cert requests mailto:security@example.com
DS Key used to sign DNS records (DNSSec-signed zones) <public_ed25519_key>
PTR Returns a domain BUT does not forward the request example.com
TLSA Original or hashed TLS certificate/public key A9A70E866BC9A...

Record types that provide additional information to the client:

Value Example
HINFO CPU "Intel"
Operating system "Ubuntu"
RP Responsible person admin@example.com
SOA Primary name server, the zone file serial number, and several timers relating to refreshing the zone. hydrogen.ns.hetzner.com. . 2025040303dns.hetzner.com 86400 10800 3600000 3600

Example

Server 1
IP

🌐
📧
203.0.113.1

example.com
mail.example.com
Server 2
IP

🎓
💬
🔒
198.51.100.1

example.edu
chat.example.edu
secure.example.edu

  • example.com

    Type (Sub)Domain Points to / Value Description
    A example.com 203.0.113.1
    A mail.example.com 203.0.113.1
    MX example.com mail.example.com When you send an email, the sender will look up the MX record for the domain that follows after the @ sign. If the email address is admin@example.com, for example, the sender will look up the MX record for example.com.
    CNAME study.example.com example.edu

  • example.edu

    Type (Sub)Domain Points to / Value
    A example.edu 198.51.100.1
    A chat.example.edu 198.51.100.1
    SRV _ejabberd._tcp.chat.example.edu chat.example.edu 5222
    HTTPS secure.example.edu . ipv4hint=198.51.100.1
Table of Contents