सामग्री पर जाएँ

डोमेन नाम प्रणाली के रिकॉर्ड प्रकारों की सूची

डोमेन नाम प्रणाली के रिकॉर्ड प्रकारों की सूची डोमेन नाम प्रणाली (DNS) के ज़ोन फ़ाइलों में अनुमत संसाधन रिकॉर्ड (RR) का अवलोकन है। इसमें छद्म आरआर (RR) भी शामिल हैं।

संसाधन रिकॉर्ड

Type Type id. (decimal) Defining RFC Description Function
A
1 RFC 1035[1]Address record Returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host, but it is also used for DNSBLs, storing subnet masks in RFC 1101, etc.
AAAA
28 RFC 3596[2]IPv6 address record Returns a 128-bit IPv6 address, most commonly used to map hostnames to an IP address of the host.
AFSDB
18 RFC 1183AFS database record Location of database servers of an AFS cell. This record is commonly used by AFS clients to contact AFS cells outside their local domain. A subtype of this record is used by the obsolete DCE/DFS file system.
APL
42 RFC 3123Address Prefix List Specify lists of address ranges, e.g. in CIDR format, for various address families. Experimental.
CAA
257 RFC 6844Certification Authority Authorization DNS Certification Authority Authorization, constraining acceptable CAs for a host/domain
CDNSKEY
60 RFC 7344Child copy of DNSKEY record, for transfer to parent
CDS
59 RFC 7344Child DS Child copy of DS record, for transfer to parent
CERT
37 RFC 4398Certificate record Stores PKIX, SPKI, PGP, etc.
CNAME 5 RFC 1035Canonical name record Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name.
CSYNC
62 RFC 7477Child-to-Parent Synchronization Specify a synchronization mechanism between a child and a parent DNS zone. Typical example is declaring the same NS records in the parent and the child zone
DHCID
49 RFC 4701DHCP identifier Used in conjunction with the FQDN option to DHCP
DLV
32769 RFC 4431DNSSEC Lookaside Validation record For publishing DNSSEC trust anchors outside of the DNS delegation chain. Uses the same format as the DS record. RFC 5074 describes a way of using these records.
DNAME
39 RFC 6672Delegation name record Alias for a name and all its subnames, unlike CNAME, which is an alias for only the exact name. Like a CNAME record, the DNS lookup will continue by retrying the lookup with the new name.
DNSKEY
48 RFC 4034DNS Key record The key record used in DNSSEC. Uses the same format as the KEY record.
DS
43 RFC 4034Delegation signer The record used to identify the DNSSEC signing key of a delegated zone
EUI48 108 RFC 7043MAC address (EUI-48) A 48-bit IEEE Extended Unique Identifier.
EUI64 109 RFC 7043MAC address (EUI-64) A 64-bit IEEE Extended Unique Identifier.
HINFO
13 RFC 8482Host Information Providing Minimal-Sized Responses to DNS Queries That Have QTYPE=ANY
HIP
55 RFC 8005Host Identity Protocol Method of separating the end-point identifier and locator roles of IP addresses.
IPSECKEY
45 RFC 4025IPsec Key Key record that can be used with IPsec
KEY
25 RFC 2535[3] and RFC 2930[4]Key record Used only for SIG(0) (RFC 2931) and TKEY (RFC 2930).[5] RFC 3445 eliminated their use for application keys and limited their use to DNSSEC.[6] RFC 3755 designates DNSKEY as the replacement within DNSSEC.[7] RFC 4025 designates IPSECKEY as the replacement for use with IPsec.[8]
KX
36 RFC 2230Key Exchanger record Used with some cryptographic systems (not including DNSSEC) to identify a key management agent for the associated domain-name. Note that this has nothing to do with DNS Security. It is Informational status, rather than being on the IETF standards-track. It has always had limited deployment, but is still in use.
LOC 29 RFC 1876Location record Specifies a geographical location associated with a domain name
MX 15 RFC 1035 and RFC 7505Mail exchange record Maps a domain name to a list of message transfer agents for that domain
NAPTR 35 RFC 3403Naming Authority Pointer Allows regular-expression-based rewriting of domain names which can then be used as URIs, further domain names to lookups, etc.
NS
2 RFC 1035Name server record Delegates a DNS zone to use the given authoritative name servers
NSEC
47 RFC 4034Next Secure record Part of DNSSEC—used to prove a name does not exist. Uses the same format as the (obsolete) NXT record.
NSEC3
50 RFC 5155Next Secure record version 3 An extension to DNSSEC that allows proof of nonexistence for a name without permitting zonewalking
NSEC3PARAM
51 RFC 5155NSEC3 parameters Parameter record for use with NSEC3
OPENPGPKEY 61 RFC 7929OpenPGP public key record A DNS-based Authentication of Named Entities (DANE) method for publishing and locating OpenPGP public keys in DNS for a specific email address using an OPENPGPKEY DNS resource record.
PTR
12 RFC 1035PTR Resource Record [de]Pointer to a canonical name. Unlike a CNAME, DNS processing stops and just the name is returned. The most common use is for implementing reverse DNS lookups, but other uses include such things as DNS-SD.
RRSIG
46 RFC 4034DNSSEC signature Signature for a DNSSEC-secured record set. Uses the same format as the SIG record.
RP
17 RFC 1183Responsible Person Information about the responsible person(s) for the domain. Usually an email address with the @ replaced by a .
SIG
24 RFC 2535Signature Signature record used in SIG(0) (RFC 2931) and TKEY (RFC 2930). RFC 3755 designated RRSIG as the replacement for SIG for use within DNSSEC.
SMIMEA 53 RFC 8162[9]S/MIME cert association[10]Associates an S/MIME certificate with a domain name for sender authentication.
SOA 6 RFC 1035 and RFC 2308[11]Start of [a zone of] authority record Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.
SRV 33 RFC 2782Service locator Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX.
SSHFP
44 RFC 4255SSH Public Key Fingerprint Resource record for publishing SSH public host key fingerprints in the DNS System, in order to aid in verifying the authenticity of the host. RFC 6594 defines ECC SSH keys and SHA-256 hashes. See the IANA SSHFP RR parameters registry for details.
TA
32768DNSSEC Trust Authorities Part of a deployment proposal for DNSSEC without a signed DNS root. See the IANA database and Weiler Spec for details. Uses the same format as the DS record.
TKEY
249 RFC 2930Transaction Key record A method of providing keying material to be used with TSIG that is encrypted under the public key in an accompanying KEY RR.[12]
TLSA
52 RFC 6698TLSA certificate association A record for DANE. RFC 6698 defines "The TLSA DNS resource record is used to associate a TLS server certificate or public key with the domain name where the record is found, thus forming a 'TLSA certificate association'".
TSIG
250 RFC 2845Transaction Signature Can be used to authenticate dynamic updates as coming from an approved client, or to authenticate responses as coming from an approved recursive name server[13] similar to DNSSEC.
TXT
16 RFC 1035Text record Originally for arbitrary human-readable text in a DNS record. Since the early 1990s, however, this record more often carries machine-readable data, such as specified by RFC 1464, opportunistic encryption, Sender Policy Framework, DKIM, DMARC, DNS-SD, etc.
URI
256 RFC 7553Uniform Resource Identifier Can be used for publishing mappings from hostnames to URIs.
ZONEMD
63 TBA Assigned by IANA although the RFC is in draft status.
SVCB 64 IETF DraftService Binding RR that improves performance for clients that need to resolve many resources to access a domain. More info in this IETF Draft by DNSOP Working group and Akamai technologies.
HTTPS 65 IETF DraftHTTPS Binding RR that improves performance for clients that need to resolve many resources to access a domain. More info in this IETF Draft by DNSOP Working group and Akamai technologies.

आगे के लेख पढ़ने के लिए

  1. Paul Mockapetris (November 1987). "RFC 1035: Domain Names - Implementation and Specification". Network Working Group of the IETF (Internet Engineering Task Force). पृ॰ 12.
  2. "RFC 3596: DNS Extensions to Support IP Version 6". The Internet Society. October 2003.
  3. RFC 2535, §3
  4. RFC 3445, §1. "The KEY RR was defined in RFC 2930..."
  5. RFC 2931, §2.4. "SIG(0) on the other hand, uses public key authentication, where the public keys are stored in DNS as KEY RRs and a private key is stored at the signer."
  6. RFC 3445, §1. "DNSSEC will be the only allowable sub-type for the KEY RR..."
  7. RFC 3755, §3. "DNSKEY will be the replacement for KEY, with the mnemonic indicating that these keys are not for application use, per RFC3445. RRSIG (Resource Record SIGnature) will replace SIG, and NSEC (Next SECure) will replace NXT. These new types completely replace the old types, except that SIG(0) RFC2931 and TKEY RFC2930 will continue to use SIG and KEY."
  8. RFC 4025, Abstract. "This record replaces the functionality of the sub-type #4 of the KEY Resource Record, which has been obsoleted by RFC 3445."
  9. "RFC 8162 - Using Secure DNS to Associate Certificates with Domain Names for S/MIME". Internet Engineering Task Force. May 2017. अभिगमन तिथि 17 October 2018.
  10. "Domain Name System (DNS) Parameters". Internet Assigned Numbers Authority. September 2018. अभिगमन तिथि 17 October 2018.
  11. The minimum field of SOA record is redefined to be the TTL of NXDOMAIN reply in RFC 2308.
  12. RFC 2930, §6. "... the keying material is sent within the key data field of a TKEY RR encrypted under the public key in an accompanying KEY RR RFC 2535."
  13. RFC 2845, abstract