全部博文(230)
分类: 网络与安全
2014-03-28 22:00:29
| Type | Value (decimal) | Defining RFC | Description | Function |
|---|---|---|---|---|
|
|
1 | Address record | Returns a 32-bit address, most commonly used to map to an IP address of the host, but also used for , storing in , etc. | |
|
|
28 | address record | Returns a 128-bit address, most commonly used to map to an IP address of the host. | |
|
|
18 | AFS database record | Location of database servers of an cell. This record is commonly used by AFS clients to contact AFS cells outside their local domain. A subtype of this record is used by the obsolete file system. | |
|
|
42 | Address Prefix List | Specify lists of address ranges, e.g. in format, for various address families. Experimental. | |
|
|
257 | Certification Authority Authorization | CA pinning, constraining acceptable CAs for a host/domain | |
|
|
37 | Certificate record | Stores , , , etc. | |
| 5 | Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name. | |||
|
|
49 | DHCP identifier | Used in conjunction with the FQDN option to | |
|
|
32769 | DNSSEC Lookaside Validation record | For publishing trust anchors outside of the DNS delegation chain. Uses the same format as the DS record. describes a way of using these records. | |
| 39 | Delegation Name | DNAME creates an alias for a name and all its subnames, unlike CNAME, which aliases only the exact name in its label. Like the CNAME record, the DNS lookup will continue by retrying the lookup with the new name. | ||
|
|
48 | DNS Key record | The key record used in . Uses the same format as the KEY record. | |
|
|
43 | Delegation signer | The record used to identify the DNSSEC signing key of a delegated zone | |
| 55 | Host Identity Protocol | Method of separating the end-point identifier and locator roles of . | ||
|
|
45 | IPsec Key | Key record that can be used with | |
|
|
25 | and | Key record | Used only for SIG(0) () and TKEY (). eliminated their use for application keys and limited their use to DNSSEC. designates DNSKEY as the replacement within DNSSEC. designates IPSECKEY as the replacement for use with IPsec. |
|
|
36 | Key eXchanger record | Used with some cryptographic systems (not including DNSSEC) to identify a key management agent for the associated domain-name. Note that this has nothing to do with DNS Security. It is Informational status, rather than being on the IETF standards-track. It has always had limited deployment, but is still in use. | |
| 29 | Location record | Specifies a geographical location associated with a domain name | ||
| 15 | Mail exchange record | Maps a domain name to a list of for that domain | ||
| 35 | Naming Authority Pointer | Allows regular expression based rewriting of domain names which can then be used as , further domain names to lookups, etc. | ||
|
|
2 | Name server record | Delegates a to use the given | |
|
|
47 | Next-Secure record | Part of DNSSEC—used to prove a name does not exist. Uses the same format as the (obsolete) NXT record. | |
|
|
50 | NSEC record version 3 | An extension to DNSSEC that allows proof of nonexistence for a name without permitting zonewalking | |
|
|
51 | NSEC3 parameters | Parameter record for use with NSEC3 | |
|
|
12 | Pointer record | Pointer to a . Unlike a CNAME, DNS processing does NOT proceed, just the name is returned. The most common use is for implementing , but other uses include such things as . | |
|
|
46 | DNSSEC signature | Signature for a DNSSEC-secured record set. Uses the same format as the SIG record. | |
|
|
17 | Responsible person | Information about the responsible person(s) for the domain. Usually an email address with the @ replaced by a . | |
|
|
24 | Signature | Signature record used in SIG(0) () and TKEY (). designated RRSIG as the replacement for SIG for use within DNSSEC. | |
|
|
6 | and | Start of [a zone of] authority record | Specifies authoritative information about a , including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone. |
| 99 | Sender Policy Framework | Specified as part of the SPF protocol as an alternative to storing SPF data in TXT records, using the same format. It was later found that the majority of SPF deployments lack proper support for this record type, and as of August 2013 it’s considered for obsolescence. | ||
| 33 | Service locator | Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX. | ||
|
|
44 | SSH Public Key Fingerprint | Resource record for publishing SSH public host key fingerprints in the DNS System, in order to aid in verifying the authenticity of the host. defines ECC SSH keys and SHA-256 hashes. See the for details. | |
|
|
32768 | N/A | DNSSEC Trust Authorities | Part of a deployment proposal for DNSSEC without a signed DNS root. See the and for details. Uses the same format as the DS record. |
|
|
249 | Secret key record | A method of providing keying material to be used with that is encrypted under the public key in an accompanying KEY RR. | |
|
|
52 | TLSA certificate association | A record for (DANE). defines "The TLSA DNS resource record is used to associate a TLS server certificate or public key with the domain name where the record is found, thus forming a 'TLSA certificate association'". | |
|
|
250 | Transaction Signature | Can be used to authenticate as coming from an approved client, or to authenticate responses as coming from an approved recursive name server similar to DNSSEC. | |
|
|
16 | Text record | Originally for arbitrary human-readable text in a DNS record. Since the early 1990s, however, this record more often carries machine-readable data, such as specified by , , , , , , etc. |
Other types of records simply provide some types of information (for example, an HINFO record gives a description of the type of computer/OS a host uses), or others return data used in experimental features. The "type" field is also used in the protocol for various operations.
| Code | Number | Defining RFC | Description | Function |
|---|---|---|---|---|
| * | 255 | All cached records | Returns all records of all types known to the name server. If the name server does not have any information on the name, the request will be forwarded on. The records returned may not be complete. For example, if there is both an A and an MX for a name, but the name server has only the A record cached, only the A record will be returned. Sometimes referred to as "ANY", for example in Windows nslookup and Wireshark. | |
| 252 | Authoritative Zone Transfer | Transfer entire zone file from the master name server to secondary name servers. | ||
|
|
251 | Incremental Zone Transfer | Requests a zone transfer of the given zone but only differences from a previous serial number. This request may be ignored and a full (AXFR) sent in response if the authoritative server is unable to fulfill the request due to configuration or lack of required deltas. | |
|
|
41 | Option | This is a "pseudo DNS record type" needed to support |
