]>
Commit | Line | Data |
---|---|---|
0e2063c3 PL |
1 | Supported Record Types |
2 | ====================== | |
3 | ||
4 | This chapter lists all record types PowerDNS supports, and how they are | |
5 | stored in backends. The list is mostly alphabetical but some types are | |
6 | grouped. | |
7 | ||
8 | .. warning:: | |
9 | Host names and the MNAME of a SOA records are NEVER | |
10 | terminated with a '.' in PowerDNS storage! If a trailing '.' is present | |
11 | it will inevitably cause problems, problems that may be hard to debug. | |
12 | Use ``pdnsutil check-zone`` to validate your zone data. | |
13 | ||
6def4610 | 14 | .. note:: |
0e2063c3 PL |
15 | Whenever the storage format is mentioned, this relates only to |
16 | the way the record should be stored in one of the :doc:`generic SQL <../backends/generic-sql>` backends. The other | |
17 | backends should use their *native* format. | |
18 | ||
19 | The PowerDNS Recursor can serve and store all record types, regardless | |
20 | of whether these are explicitly supported. | |
21 | ||
22 | .. _types-a: | |
23 | ||
24 | A | |
25 | - | |
26 | ||
27 | The A record contains an IP address. It is stored as a decimal dotted | |
28 | quad string, for example: '203.0.113.210'. | |
29 | ||
30 | .. _types-aaaa: | |
31 | ||
32 | AAAA | |
33 | ---- | |
34 | ||
35 | The AAAA record contains an IPv6 address. An example: | |
36 | '2001:DB8:2000:bf0::1'. | |
37 | ||
38 | .. _types-afsdb: | |
39 | ||
40 | AFSDB | |
41 | ----- | |
42 | ||
43 | A specialised record type for the 'Andrew Filesystem'. Stored as: | |
44 | '#subtype hostname', where subtype is a number. | |
45 | ||
46 | .. _types-alias: | |
47 | ||
48 | ALIAS | |
49 | ----- | |
50 | ||
51 | .. versionadded:: 4.0.0 | |
52 | ||
53 | The ALIAS pseudo-record type is supported to provide | |
54 | CNAME-like mechanisms on a zone's apex. See the :doc:`howto <../guides/alias>` for information | |
55 | on how to configure PowerDNS to serve records synthesized from ALIAS | |
56 | records. | |
57 | ||
58 | .. _types-caa: | |
59 | ||
60 | CAA | |
61 | --- | |
62 | ||
63 | .. versionadded:: 4.0.0 | |
64 | ||
65 | The "Certification Authority Authorization" record, | |
66 | specified in :rfc:`6844`, is used | |
67 | to specify Certificate Authorities that may issue certificates for a | |
68 | domain. | |
69 | ||
70 | .. _types-cert: | |
71 | ||
72 | CERT | |
73 | ---- | |
74 | ||
75 | Specialised record type for storing certificates, defined in :rfc:`2538`. | |
76 | ||
77 | .. _types-cdnskey: | |
78 | ||
79 | CDNSKEY | |
80 | ------- | |
81 | ||
82 | .. versionadded:: 4.0.0 | |
83 | ||
84 | The CDNSKEY (:rfc:`Child DNSKEY <7344#section-3.2>`) type is supported. | |
85 | ||
86 | .. _types-cds: | |
87 | ||
88 | CDS | |
89 | --- | |
90 | ||
91 | .. versionadded:: 4.0.0 | |
92 | ||
93 | The CDS (:rfc:`Child DS <7344#section-3.1>`) type is supported. | |
94 | ||
95 | .. _types-cname: | |
96 | ||
97 | CNAME | |
98 | ----- | |
99 | ||
100 | The CNAME record specifies the canonical name of a record. It is stored | |
101 | plainly. Like all other records, it is not terminated by a dot. A sample | |
102 | might be 'webserver-01.yourcompany.com'. | |
103 | ||
104 | .. _types-dnskey: | |
105 | ||
106 | DNSKEY | |
107 | ------ | |
108 | ||
109 | The DNSKEY DNSSEC record type is fully supported, as described in :rfc:`4034`. | |
110 | Enabling DNSSEC for domains can be done with :doc:`pdnsutil <../dnssec/pdnsutil>`. | |
111 | ||
112 | .. _types-dname: | |
113 | ||
114 | DNAME | |
115 | ----- | |
116 | ||
117 | The DNAME record, as specified in :rfc:`6672` is supported. However, | |
118 | :ref:`setting-dname-processing` has to be set to ``yes`` for PowerDNS to process these records. | |
119 | ||
120 | .. _types-ds: | |
121 | ||
122 | DS | |
123 | -- | |
124 | ||
125 | The DS DNSSEC record type is fully supported, as described in :rfc:`4034`. | |
126 | Enabling DNSSEC for domains can be done with :doc:`pdnsutil <../dnssec/pdnsutil>`. | |
127 | ||
128 | .. _types-hinfo: | |
129 | ||
130 | HINFO | |
131 | ----- | |
132 | ||
133 | Hardware Info record, used to specify CPU and operating system. Stored | |
134 | with a single space separating these two, example: 'i386 Linux'. | |
135 | ||
136 | .. _types-key: | |
137 | ||
138 | KEY | |
139 | --- | |
140 | ||
141 | The KEY record is fully supported. For its syntax, see :rfc:`2535`. | |
142 | ||
143 | .. _types-loc: | |
144 | ||
145 | LOC | |
146 | --- | |
147 | ||
148 | The LOC record is fully supported. For its syntax, see :rfc:`1876`. | |
149 | A sample content would be: ``51 56 0.123 N 5 54 0.000 E 4.00m 1.00m 10000.00m 10.00m`` | |
150 | ||
151 | .. _types-mx: | |
152 | ||
153 | MX | |
154 | -- | |
155 | ||
156 | The MX record specifies a mail exchanger host for a domain. Each mail | |
157 | exchanger also has a priority or preference. For example | |
158 | ``10 mx.example.net``. In the generic SQL backends, the ``10`` should go | |
159 | in the 'priority field'. | |
160 | ||
161 | .. _types-naptr: | |
162 | ||
163 | NAPTR | |
164 | ----- | |
165 | ||
166 | Naming Authority Pointer, :rfc:`2915`. Stored as follows: | |
167 | ||
168 | :: | |
169 | ||
170 | '100 50 "s" "z3950+I2L+I2C" "" _z3950._tcp.gatech.edu'. | |
171 | ||
172 | The fields are: order, preference, flags, service, regex, replacement. | |
173 | Note that the replacement is not enclosed in quotes, and should not be. | |
174 | The replacement may be omitted, in which case it is empty. See also :rfc:`2916` | |
175 | for how to use NAPTR for ENUM (E.164) purposes. | |
176 | ||
177 | .. _types-ns: | |
178 | ||
179 | NS | |
180 | -- | |
181 | ||
182 | Nameserver record. Specifies nameservers for a domain. Stored plainly: | |
183 | ``ns1.powerdns.com``, as always without a terminating dot. | |
184 | ||
185 | NSEC, NSEC3, NSEC3PARAM | |
186 | ----------------------- | |
187 | ||
188 | The NSEC, NSEC3 and NSEC3PARAM DNSSEC record type are fully supported, | |
189 | as described in :rfc:`4034`. | |
190 | Enabling DNSSEC for domains can be done with :doc:`pdnsutil <../dnssec/pdnsutil>`. | |
191 | ||
192 | .. _types-openpgpkey: | |
193 | ||
194 | OPENPGPKEY | |
195 | ---------- | |
196 | ||
197 | The OPENPGPKEY records, specified in :rfc:`7929`, are | |
198 | used to bind OpenPGP certificates to email addresses. | |
199 | ||
200 | .. _types-ptr: | |
201 | ||
202 | PTR | |
203 | --- | |
204 | ||
205 | Reverse pointer, used to specify the host name belonging to an IP or | |
206 | IPv6 address. Name is stored plainly: ``www.powerdns.com``. As always, | |
207 | no terminating dot. | |
208 | ||
209 | .. _types-rp: | |
210 | ||
211 | RP | |
212 | -- | |
213 | ||
214 | Responsible Person record, as described in :rfc:`1183`. Stored with a single space | |
215 | between the mailbox name and the more-information pointer. Example: | |
216 | ``peter.powerdns.com peter.people.powerdns.com``, to indicate that | |
217 | ``peter@powerdns.com`` is responsible and that more information about | |
218 | peter is available by querying the TXT record of | |
219 | peter.people.powerdns.com. | |
220 | ||
221 | .. _types-rrsig: | |
222 | ||
223 | RRSIG | |
224 | ----- | |
225 | ||
226 | The RRSIG DNSSEC record type is fully supported, as described in :rfc:`4034`. | |
227 | ||
228 | .. _types-soa: | |
229 | ||
230 | SOA | |
231 | --- | |
232 | ||
233 | The Start of Authority record is one of the most complex available. It | |
234 | specifies a lot about a domain: the name of the master nameserver ('the | |
235 | primary'), the hostmaster and a set of numbers indicating how the data | |
236 | in this domain expires and how often it needs to be checked. Further | |
237 | more, it contains a serial number which should rise on each change of | |
238 | the domain. | |
239 | ||
240 | The stored format is: | |
241 | ||
242 | :: | |
243 | ||
244 | primary hostmaster serial refresh retry expire default_ttl | |
245 | ||
246 | Besides the primary and the hostmaster, all fields are numerical. | |
247 | PowerDNS has a set of default values: | |
248 | ||
249 | - primary: :ref:`setting-default-soa-name` | |
250 | configuration option | |
251 | - hostmaster: ``hostmaster@domain-name`` | |
252 | - serial: 0 | |
253 | - refresh: 10800 (3 hours) | |
254 | - retry: 3600 (1 hour) | |
255 | - expire: 604800 (1 week) | |
256 | - default_ttl: 3600 (1 hour) | |
257 | ||
258 | The fields have complicated and sometimes controversial meanings. The | |
259 | 'serial' field is special. If left at 0, the default, PowerDNS will | |
260 | perform an internal list of the domain to determine highest change_date | |
261 | field of all records within the zone, and use that as the zone serial | |
262 | number. This means that the serial number is always raised when changes | |
263 | are made to the zone, as long as the change_date field is being set. | |
264 | Make sure to check whether your backend of choice supports Autoserial. | |
265 | ||
266 | .. _types-spf: | |
267 | ||
268 | SPF | |
269 | --- | |
270 | ||
271 | SPF records can be used to store Sender Policy Framework details (:rfc:`4408`). | |
272 | ||
273 | .. _types-sshfp: | |
274 | ||
275 | SSHFP | |
276 | ----- | |
277 | ||
278 | The SSHFP record type, used for storing Secure Shell (SSH) fingerprints, | |
279 | is fully supported. A sample from :rfc:`4255` is:: | |
280 | ||
281 | 2 1 123456789abcdef67890123456789abcdef67890 | |
282 | ||
283 | .. _types-srv: | |
284 | ||
285 | SRV | |
286 | --- | |
287 | ||
288 | SRV records can be used to encode the location and port of services on a | |
289 | domain name. When encoding, the priority field is used to encode the | |
290 | priority. For example, | |
291 | ``_ldap._tcp.dc._msdcs.conaxis.ch SRV 0 100 389 mars.conaxis.ch`` would | |
292 | be encoded with ``0`` in the priority field and | |
293 | ``100 389 mars.conaxis.ch`` in the content field. | |
294 | ||
295 | TKEY, TSIG | |
296 | ---------- | |
297 | ||
298 | The TKEY (:rfc:`2930`) and TSIG records (:rfc:`2845`), used for | |
299 | key-exchange and authenticated AXFRs, are supported. See the :doc:`../tsig` | |
300 | and `DNS update <../dnsupdate>` documentation for more information. | |
301 | ||
302 | .. _types-tlsa: | |
303 | ||
304 | TLSA | |
305 | ---- | |
306 | ||
307 | Since 3.0. The TLSA records, specified in :rfc:`6698`, are used to bind SSL/TLS | |
308 | certificate to named hosts and ports. | |
309 | ||
310 | .. _types-smimea: | |
311 | ||
312 | SMIMEA | |
313 | ------ | |
314 | ||
315 | Since 4.1. The SMIMEA record type, specified in :rfc:`8162`, is used to bind S/MIME | |
316 | certificates to domains. | |
317 | ||
318 | .. _types-txt: | |
319 | ||
320 | TXT | |
321 | --- | |
322 | ||
323 | The TXT field can be used to attach textual data to a domain. Text is | |
324 | stored plainly, PowerDNS understands content not enclosed in quotes. | |
325 | However, all quotes characters (``"``) in the TXT content must be | |
326 | preceded with a backslash (``\``).: | |
327 | ||
328 | :: | |
329 | ||
330 | "This \"is\" valid" | |
331 | ||
332 | For a literal backslash in the TXT record, escape it: | |
333 | ||
334 | :: | |
335 | ||
336 | "This is also \\ valid" | |
337 | ||
338 | Unicode characters can be added in two ways, either by adding the | |
339 | character itself or the escaped variant to the content field. e.g. | |
340 | ``"รง"`` is equal to ``"\195\167"``. | |
341 | ||
342 | When a TXT record is longer than 255 characters/bytes (excluding | |
343 | possible enclosing quotes), PowerDNS will cut up the content into 255 | |
344 | character/byte chunks for transmission to the client. | |
345 | ||
346 | .. _types-uri: | |
347 | ||
348 | URI | |
349 | --- | |
350 | ||
351 | The URI record, specified in :rfc:`7553`, is used to publish | |
352 | mappings from hostnames to URIs. | |
353 | ||
354 | Other types | |
355 | ----------- | |
356 | ||
357 | The following, rarely used or obsolete record types, are also supported: | |
358 | ||
359 | - A6 (:rfc:`2874`, obsolete) | |
360 | - DHCID (:rfc:`4701`) | |
361 | - DLV (:rfc:`4431`) | |
362 | - EUI48/EUI64 (:rfc:`7043`) | |
363 | - IPSECKEY (:rfc:`4025`) | |
364 | - KEY (:rfc:`2535`, obsolete) | |
365 | - KX (:rfc:`2230`) | |
366 | - MAILA (:rfc:`1035`) | |
367 | - MAILB (:rfc:`1035`) | |
368 | - MINFO (:rfc:`1035`) | |
369 | - MR (:rfc:`1035`) | |
370 | - RKEY (`draft-reid-dnsext-rkey-00.txt <https://tools.ietf.org/html/draft-reid-dnsext-rkey-00>`__) | |
371 | - SIG (:rfc:`2535`, obsolete) | |
372 | - WKS (:rfc:`1035`) |