DescriptionThe most used DNS record types are explained here. In the Leaseweb Customer Portal, when adding/editing a DNS record, you need to select the correct DNS type.
Text (TXT) records are used often with other protocols or systems. For instance, the SPF system uses TXT records to hold its information. Another use is for domain verification. Sometimes when a website needs to validate the owner of a domain, they ask the owner to create a TXT record with some information in it. It is then checked, and if the correct record is found, the domain owner can be verified.
Sender Policy Framework (SPF) records are used as anti-spam measure. They are used to list which servers are allowed to send emails from the domain. This way, when an email is sent, the mail servers will check the SPF record to check if the server that has sent the email is allowed to send it.
You will have to put the SPF record into a TXT record (within quotes).
An SPF record usually looks like this:
v=spf1 include:mh-spf.leaseweb.com ~all
Explaining what the values mean in the above example:
What does it mean ?
This means the SPF version being used is version 1.
This means that the IPv4 address '220.127.116.11' is allowed to send email from this domain.
This means that the IPv4 range 18.104.22.168 through 22.214.171.124 is allowed to send email from this domain.
|ip6:2001:1af8:4100:2::40||This means that the IPv6 address '2001:1af8:4100:2::40' is allowed to send email from this domain.|
|ip6:2001:1af8:4100:2::/64||This means that the IPv6 range specified is allowed to send email from this domain.|
The IP address behind the A record of mail.Leaseweb.com is allowed to send email from this domain.
This means that all the MX records for this domain are allowed to send emails.
If you put this at the end of the SPF rule, it means that if an email does not match this rule, we ask the receiving mail server not to throw it away but to keep it under SPAM folder. If we were to change this to '-all' (note the - sign), we ask it to instead throw away all email not matching this rule.
This record is a DNS TXT record published in a domain's DNS database that tells receiving mail servers what to do with messages that don't align or authenticate with SPF and DKIM. The DMARC record enables reports to be sent back to the domain owner about which messages are authenticating and why.
SOA records are part of the DNS infrastructure. They are generated automatically and are not editable.
A Start of Authority (SOA) resource record is the information stored in a Domain Name System (DNS) zone about that zone and other DNS records. A DNS zone is the part of a domain for which an individual DNS server is responsible. Each zone contains a single SOA record.
The SOA record stores the following information about a zone:
- Administrator of the zone
- Current version of the data file
- Default number of seconds for the Time to Live (TTL) file on resource records
Please note that a CNAME is not a redirect. If you create a CNAME for a website, it will not redirect it to another domain. It will point the CNAME record to the IP listed at the original record.
Canonical Name (CNAME) records are used to create aliases for other DNS records.
This is convenient when running multiple services (such as an FTP server and a web server - each running on different ports) from a single IP address. For example, you can point ftp.example.com and www.example.com to the A record server.example.com, which in turn points to the IP address.
If you ever need to change the IP address, you only have to change it in one place. CNAME records must always be pointed to another domain name, never to an IP address. A CNAME must always be a sub-domain record.
Mail Exchanger (MX) records are used to help mail servers that are trying to send emails to your domain, and find the servers that are accepting emails for your domain. It is recommended to have more than one MX record for your domain. You can add MX records to your full domain or for sub domains. For example, I can add MX records for test.domain.com and for domain.com. Emails sent to test.domain.com will go to the MX records created for that domain.
It is recommended to have multiple mail servers for each domain - and priority plays a critical role in this. For each MX records you add, you will have to enter a priority. This determines which mail server gets picked first. The MX record with the lowest priority will always be the first mail server where emails will be sent. If that server is down or fails for some other reason, the next mail server is picked. For example:
|mailfilter1.Leaseweb.com||10||This mail server will always be tried first. If this mail servers does not work, the next one in the list will be tried.|
|mailfilter2.Leaseweb.com||10||If the first mail servers does not work for some reason, these mail server(s) will be tried. You can see that we have placed 2 servers with the same priority. This means that DNS will pick one of the two at random. This is called Round Robin DNS, for more information on this, please visit this page.|
Priority can be any number. In the example above, we have used increments of 10, but you could also use the values 1,2,3,4.
Pointing your MX record to your server.
If you wish to point your MX record(s) to your server you make sure to
- Create an A record e.g. "mail.example.com" with your server's IP.
- Create an MX record with "mail.example.com" as the target.
Address (A) records are the most basic of DNS records. They provide a way to translate host name into IP addresses. When creating an A record, you can fill in any sub-domain for your domain, and after the host name, you can fill in any IP address (either internal or external).
Adding more than one record per subdomain
It is possible to add more than one record to any sub-domain. For example, if you have the domain "example.com", and you have added two A records:
When a user requests the IP address for "test.example.com", it will get 127.0.0.1. When another user requests the same host name, it will get 127.0.0.2, the next one will get 127.0.0.1 again, and this continues. This method is called Round Robin DNS. For more information on this, please visit this page.
IPv6 Address (AAAA) records work the same as an A record. The difference is that an A record is used for IPv4 addresses, while the AAAA record is used for IPv6 addresses.
For more information on the new IPv6 protocol, please visit DNS Record Types.
Service (SRV) records provide information on available services for your systems. A SRV record has a unique system for naming.
The SRV record also has the following fields:
- Name – The naming system is an underscore followed by the name of the service, a period, an underscore, the protocol, a dot, and then the name of the domain (the name of the domain you do not need to include in DNS Made Easy of course).
- Host – The system that will receive the service.
- Priority – This acts the same way as the MX Level / preference in the MX record. The lower the number in the priority field, the more desirable the associated target. 0 is the highest priority (lowest number).
- Weight – Allows the zone administrators to distribute load to multiple targets (load balance). It is basically used to determine relative capacity and load between two SRV fields within the priority. Hits will be assigned proportionately by weight. This allows the administrators to have a powerful and a weak server, and share the appropriate loads between those systems. 0 is the lowest load.
- Port – the actual port of the service offered.
(Delegation Signer): This records are used to secure delegations (DNSSEC). A DS record with the name of the sub-delegated zone is placed in the parent zone along with the delegating NS Records. This DS record references a DNSKEY record in the sub-delegated zone
(Name Server Record): This record identifies the authoritative name servers for a domain.
(Pointer Record): This records maps an IP address to a domain name.
(DNS Public Key Record): This stores the public key used for DNSSEC (Domain Name System Security Extensions), which is used to add an extra layer of security to DNS queries.
(Certification Authority Authorization): This records allow domain owners to declare which certificate authorities are allowed to issue a certificate for a domain. They also provide a means of indicating notification rules in case someone requests a certificate from an unauthorized certificate authority. If no CAA record is present, any CA is allowed to issue a certificate for the domain. If a CAA record is present, only the CAs listed in the record(s) are allowed to issue certificates for that hostname.
The TLS Authentication record (TLSA) is used to associate a TLS server certificate or public key with the domain name where the record is found. With a TLSA record, you can store the fingerprint of a TLS/SSL certificate in the DNS of your domain. TLSA records can only be trusted if DNSSEC is enabled on your domain.