[thirdparty/pdns.git] / docs / appendices / types.rst

Supported Record Types
======================

This chapter lists all record types PowerDNS supports, and how they are
stored in backends. The list is mostly alphabetical but some types are
grouped.

.. warning::
  Host names and the MNAME of a SOA records are NEVER
  terminated with a '.' in PowerDNS storage! If a trailing '.' is present
  it will inevitably cause problems, problems that may be hard to debug.
  Use ``pdnsutil check-zone`` to validate your zone data.

.. note::
  Whenever the storage format is mentioned, this relates only to
  the way the record should be stored in one of the :doc:`generic SQL <../backends/generic-sql>` backends. The other
  backends should use their *native* format.

The PowerDNS Recursor can serve and store all record types, regardless
of whether these are explicitly supported.

.. _types-a:

A
-

The A record contains an IP address. It is stored as a decimal dotted
quad string, for example: '203.0.113.210'.

.. _types-aaaa:

AAAA
----

The AAAA record contains an IPv6 address. An example:
'2001:DB8:2000:bf0::1'.

.. _types-afsdb:

AFSDB
-----

A specialised record type for the 'Andrew Filesystem'. Stored as:
'#subtype hostname', where subtype is a number.

.. _types-alias:

ALIAS
-----

.. versionadded:: 4.0.0

The ALIAS pseudo-record type is supported to provide
CNAME-like mechanisms on a zone's apex. See the :doc:`howto <../guides/alias>` for information
on how to configure PowerDNS to serve records synthesized from ALIAS
records.

.. _types-caa:

CAA
---

.. versionadded:: 4.0.0

The "Certification Authority Authorization" record,
specified in :rfc:`6844`, is used
to specify Certificate Authorities that may issue certificates for a
domain.

.. _types-cert:

CERT
----

Specialised record type for storing certificates, defined in :rfc:`2538`.

.. _types-cdnskey:

CDNSKEY
-------

.. versionadded:: 4.0.0

The CDNSKEY (:rfc:`Child DNSKEY <7344#section-3.2>`) type is supported.

.. _types-cds:

CDS
---

.. versionadded:: 4.0.0

The CDS (:rfc:`Child DS <7344#section-3.1>`) type is supported.

.. _types-cname:

CNAME
-----

The CNAME record specifies the canonical name of a record. It is stored
plainly. Like all other records, it is not terminated by a dot. A sample
might be 'webserver-01.yourcompany.com'.

.. _types-dnskey:

DNSKEY
------

The DNSKEY DNSSEC record type is fully supported, as described in :rfc:`4034`.
Enabling DNSSEC for domains can be done with :doc:`pdnsutil <../dnssec/pdnsutil>`.

.. _types-dname:

DNAME
-----

The DNAME record, as specified in :rfc:`6672` is supported. However,
:ref:`setting-dname-processing` has to be set to ``yes`` for PowerDNS to process these records.

.. _types-ds:

DS
--

The DS DNSSEC record type is fully supported, as described in :rfc:`4034`.
Enabling DNSSEC for domains can be done with :doc:`pdnsutil <../dnssec/pdnsutil>`.

.. _types-hinfo:

HINFO
-----

Hardware Info record, used to specify CPU and operating system. Stored
with a single space separating these two, example: 'i386 Linux'.

.. _types-key:

KEY
---

The KEY record is fully supported. For its syntax, see :rfc:`2535`.

.. _types-loc:

LOC
---

The LOC record is fully supported. For its syntax, see :rfc:`1876`.
A sample content would be: ``51 56 0.123 N 5 54 0.000 E 4.00m 1.00m 10000.00m 10.00m``

.. _types-mx:

MX
--

The MX record specifies a mail exchanger host for a domain. Each mail
exchanger also has a priority or preference. For example
``10 mx.example.net``. In the generic SQL backends, the ``10`` should go
in the 'priority field'.

.. _types-naptr:

NAPTR
-----

Naming Authority Pointer, :rfc:`2915`. Stored as follows:

::

    '100  50  "s"  "z3950+I2L+I2C"     ""  _z3950._tcp.gatech.edu'.

The fields are: order, preference, flags, service, regex, replacement.
Note that the replacement is not enclosed in quotes, and should not be.
The replacement may be omitted, in which case it is empty. See also :rfc:`2916`
for how to use NAPTR for ENUM (E.164) purposes.

.. _types-ns:

NS
--

Nameserver record. Specifies nameservers for a domain. Stored plainly:
``ns1.powerdns.com``, as always without a terminating dot.

NSEC, NSEC3, NSEC3PARAM
-----------------------

The NSEC, NSEC3 and NSEC3PARAM DNSSEC record type are fully supported,
as described in :rfc:`4034`.
Enabling DNSSEC for domains can be done with :doc:`pdnsutil <../dnssec/pdnsutil>`.

.. _types-openpgpkey:

OPENPGPKEY
----------

The OPENPGPKEY records, specified in :rfc:`7929`, are
used to bind OpenPGP certificates to email addresses.

.. _types-ptr:

PTR
---

Reverse pointer, used to specify the host name belonging to an IP or
IPv6 address. Name is stored plainly: ``www.powerdns.com``. As always,
no terminating dot.

.. _types-rp:

RP
--

Responsible Person record, as described in :rfc:`1183`. Stored with a single space
between the mailbox name and the more-information pointer. Example:
``peter.powerdns.com peter.people.powerdns.com``, to indicate that
``peter@powerdns.com`` is responsible and that more information about
peter is available by querying the TXT record of
peter.people.powerdns.com.

.. _types-rrsig:

RRSIG
-----

The RRSIG DNSSEC record type is fully supported, as described in :rfc:`4034`.

.. _types-soa:

SOA
---

The Start of Authority record is one of the most complex available. It
specifies a lot about a domain: the name of the master nameserver ('the
primary'), the hostmaster and a set of numbers indicating how the data
in this domain expires and how often it needs to be checked. Further
more, it contains a serial number which should rise on each change of
the domain.

The stored format is:

::

     primary hostmaster serial refresh retry expire default_ttl

Besides the primary and the hostmaster, all fields are numerical.
PowerDNS has a set of default values:

-  primary: :ref:`setting-default-soa-name`
   configuration option
-  hostmaster: ``hostmaster@domain-name``
-  serial: 0
-  refresh: 10800 (3 hours)
-  retry: 3600 (1 hour)
-  expire: 604800 (1 week)
-  default_ttl: 3600 (1 hour)

The fields have complicated and sometimes controversial meanings. The
'serial' field is special. If left at 0, the default, PowerDNS will
perform an internal list of the domain to determine highest change_date
field of all records within the zone, and use that as the zone serial
number. This means that the serial number is always raised when changes
are made to the zone, as long as the change_date field is being set.
Make sure to check whether your backend of choice supports Autoserial.

.. _types-spf:

SPF
---

SPF records can be used to store Sender Policy Framework details (:rfc:`4408`).

.. _types-sshfp:

SSHFP
-----

The SSHFP record type, used for storing Secure Shell (SSH) fingerprints,
is fully supported. A sample from :rfc:`4255` is::

  2 1 123456789abcdef67890123456789abcdef67890

.. _types-srv:

SRV
---

SRV records can be used to encode the location and port of services on a
domain name. When encoding, the priority field is used to encode the
priority. For example,
``_ldap._tcp.dc._msdcs.conaxis.ch SRV 0 100 389 mars.conaxis.ch`` would
be encoded with ``0`` in the priority field and
``100 389 mars.conaxis.ch`` in the content field.

TKEY, TSIG
----------

The TKEY (:rfc:`2930`) and TSIG records (:rfc:`2845`), used for
key-exchange and authenticated AXFRs, are supported. See the :doc:`../tsig`
and `DNS update <../dnsupdate>` documentation for more information.

.. _types-tlsa:

TLSA
----

Since 3.0. The TLSA records, specified in :rfc:`6698`, are used to bind SSL/TLS
certificate to named hosts and ports.

.. _types-smimea:

SMIMEA
------

Since 4.1. The SMIMEA record type, specified in :rfc:`8162`, is used to bind S/MIME
certificates to domains.

.. _types-txt:

TXT
---

The TXT field can be used to attach textual data to a domain. Text is
stored plainly, PowerDNS understands content not enclosed in quotes.
However, all quotes characters (``"``) in the TXT content must be
preceded with a backslash (``\``).:

::

    "This \"is\" valid"

For a literal backslash in the TXT record, escape it:

::

    "This is also \\ valid"

Unicode characters can be added in two ways, either by adding the
character itself or the escaped variant to the content field. e.g.
``"ç"`` is equal to ``"\195\167"``.

When a TXT record is longer than 255 characters/bytes (excluding
possible enclosing quotes), PowerDNS will cut up the content into 255
character/byte chunks for transmission to the client.

.. _types-uri:

URI
---

The URI record, specified in :rfc:`7553`, is used to publish
mappings from hostnames to URIs.

Other types
-----------

The following, rarely used or obsolete record types, are also supported:

-  A6 (:rfc:`2874`, obsolete)
-  DHCID (:rfc:`4701`)
-  DLV (:rfc:`4431`)
-  EUI48/EUI64 (:rfc:`7043`)
-  IPSECKEY (:rfc:`4025`)
-  KEY (:rfc:`2535`, obsolete)
-  KX (:rfc:`2230`)
-  MAILA (:rfc:`1035`)
-  MAILB (:rfc:`1035`)
-  MINFO (:rfc:`1035`)
-  MR (:rfc:`1035`)
-  RKEY (`draft-reid-dnsext-rkey-00.txt <https://tools.ietf.org/html/draft-reid-dnsext-rkey-00>`__)
-  SIG (:rfc:`2535`, obsolete)
-  WKS (:rfc:`1035`)
Commit	Line	Data
0e2063c3 PL	1	Supported Record Types
	2	======================
	3
	4	This chapter lists all record types PowerDNS supports, and how they are
	5	stored in backends. The list is mostly alphabetical but some types are
	6	grouped.
	7
	8	.. warning::
	9	Host names and the MNAME of a SOA records are NEVER
	10	terminated with a '.' in PowerDNS storage! If a trailing '.' is present
	11	it will inevitably cause problems, problems that may be hard to debug.
	12	Use ``pdnsutil check-zone`` to validate your zone data.
	13
6def4610	14	.. note::
0e2063c3 PL	15	Whenever the storage format is mentioned, this relates only to
	16	the way the record should be stored in one of the :doc:`generic SQL <../backends/generic-sql>` backends. The other
	17	backends should use their native format.
	18
	19	The PowerDNS Recursor can serve and store all record types, regardless
	20	of whether these are explicitly supported.
	21
	22	.. _types-a:
	23
	24	A
	25	-
	26
	27	The A record contains an IP address. It is stored as a decimal dotted
	28	quad string, for example: '203.0.113.210'.
	29
	30	.. _types-aaaa:
	31
	32	AAAA
	33	----
	34
	35	The AAAA record contains an IPv6 address. An example:
	36	'2001:DB8:2000:bf0::1'.
	37
	38	.. _types-afsdb:
	39
	40	AFSDB
	41	-----
	42
	43	A specialised record type for the 'Andrew Filesystem'. Stored as:
	44	'#subtype hostname', where subtype is a number.
	45
	46	.. _types-alias:
	47
	48	ALIAS
	49	-----
	50
	51	.. versionadded:: 4.0.0
	52
	53	The ALIAS pseudo-record type is supported to provide
	54	CNAME-like mechanisms on a zone's apex. See the :doc:`howto <../guides/alias>` for information
	55	on how to configure PowerDNS to serve records synthesized from ALIAS
	56	records.
	57
	58	.. _types-caa:
	59
	60	CAA
	61	---
	62
	63	.. versionadded:: 4.0.0
	64
	65	The "Certification Authority Authorization" record,
	66	specified in :rfc:`6844`, is used
	67	to specify Certificate Authorities that may issue certificates for a
	68	domain.
	69
	70	.. _types-cert:
	71
	72	CERT
	73	----
	74
	75	Specialised record type for storing certificates, defined in :rfc:`2538`.
	76
	77	.. _types-cdnskey:
	78
79	CDNSKEY
80	-------
81
82	.. versionadded:: 4.0.0
83
84	The CDNSKEY (:rfc:`Child DNSKEY <7344#section-3.2>`) type is supported.
85
86	.. _types-cds:
87
88	CDS
89	---
90
91	.. versionadded:: 4.0.0
92
93	The CDS (:rfc:`Child DS <7344#section-3.1>`) type is supported.
94
95	.. _types-cname:
96
97	CNAME
98	-----
99
100	The CNAME record specifies the canonical name of a record. It is stored
101	plainly. Like all other records, it is not terminated by a dot. A sample
102	might be 'webserver-01.yourcompany.com'.
103
104	.. _types-dnskey:
105
106	DNSKEY
107	------
108
109	The DNSKEY DNSSEC record type is fully supported, as described in :rfc:`4034`.
110	Enabling DNSSEC for domains can be done with :doc:`pdnsutil <../dnssec/pdnsutil>`.
111
112	.. _types-dname:
113
114	DNAME
115	-----
116
117	The DNAME record, as specified in :rfc:`6672` is supported. However,
118	:ref:`setting-dname-processing` has to be set to ``yes`` for PowerDNS to process these records.
119
120	.. _types-ds:
121
122	DS
123	--
124
125	The DS DNSSEC record type is fully supported, as described in :rfc:`4034`.
126	Enabling DNSSEC for domains can be done with :doc:`pdnsutil <../dnssec/pdnsutil>`.
127
128	.. _types-hinfo:
129
130	HINFO
131	-----
132
133	Hardware Info record, used to specify CPU and operating system. Stored
134	with a single space separating these two, example: 'i386 Linux'.
135
136	.. _types-key:
137
138	KEY
139	---
140
141	The KEY record is fully supported. For its syntax, see :rfc:`2535`.
142
143	.. _types-loc:
144
145	LOC
146	---
147
148	The LOC record is fully supported. For its syntax, see :rfc:`1876`.
149	A sample content would be: ``51 56 0.123 N 5 54 0.000 E 4.00m 1.00m 10000.00m 10.00m``
150
151	.. _types-mx:
152
153	MX
154	--
155
156	The MX record specifies a mail exchanger host for a domain. Each mail
157	exchanger also has a priority or preference. For example
158	``10 mx.example.net``. In the generic SQL backends, the ``10`` should go
159	in the 'priority field'.
160
161	.. _types-naptr:
162
163	NAPTR
164	-----
165
166	Naming Authority Pointer, :rfc:`2915`. Stored as follows:
167
168	::
169
170	'100 50 "s" "z3950+I2L+I2C" "" _z3950._tcp.gatech.edu'.
171
172	The fields are: order, preference, flags, service, regex, replacement.
173	Note that the replacement is not enclosed in quotes, and should not be.
174	The replacement may be omitted, in which case it is empty. See also :rfc:`2916`
175	for how to use NAPTR for ENUM (E.164) purposes.
176
177	.. _types-ns:
178
179	NS
180	--
181
182	Nameserver record. Specifies nameservers for a domain. Stored plainly:
183	``ns1.powerdns.com``, as always without a terminating dot.
184
185	NSEC, NSEC3, NSEC3PARAM
186	-----------------------
187
188	The NSEC, NSEC3 and NSEC3PARAM DNSSEC record type are fully supported,
189	as described in :rfc:`4034`.
190	Enabling DNSSEC for domains can be done with :doc:`pdnsutil <../dnssec/pdnsutil>`.
191
192	.. _types-openpgpkey:
193
194	OPENPGPKEY
195	----------
196
197	The OPENPGPKEY records, specified in :rfc:`7929`, are
198	used to bind OpenPGP certificates to email addresses.
199
200	.. _types-ptr:
201
202	PTR
203	---
204
205	Reverse pointer, used to specify the host name belonging to an IP or
206	IPv6 address. Name is stored plainly: ``www.powerdns.com``. As always,
207	no terminating dot.
208
209	.. _types-rp:
210
211	RP
212	--
213
214	Responsible Person record, as described in :rfc:`1183`. Stored with a single space
215	between the mailbox name and the more-information pointer. Example:
216	``peter.powerdns.com peter.people.powerdns.com``, to indicate that
217	``peter@powerdns.com`` is responsible and that more information about
218	peter is available by querying the TXT record of
219	peter.people.powerdns.com.
220
221	.. _types-rrsig:
222
223	RRSIG
224	-----
225
226	The RRSIG DNSSEC record type is fully supported, as described in :rfc:`4034`.
227
228	.. _types-soa:
229
230	SOA
231	---
232
233	The Start of Authority record is one of the most complex available. It
234	specifies a lot about a domain: the name of the master nameserver ('the
235	primary'), the hostmaster and a set of numbers indicating how the data
236	in this domain expires and how often it needs to be checked. Further
237	more, it contains a serial number which should rise on each change of
238	the domain.
239
240	The stored format is:
241
242	::
243
244	primary hostmaster serial refresh retry expire default_ttl
245
246	Besides the primary and the hostmaster, all fields are numerical.
247	PowerDNS has a set of default values:
248
249	- primary: :ref:`setting-default-soa-name`
250	configuration option
251	- hostmaster: ``hostmaster@domain-name``
252	- serial: 0
253	- refresh: 10800 (3 hours)
254	- retry: 3600 (1 hour)
255	- expire: 604800 (1 week)
256	- default_ttl: 3600 (1 hour)
257
258	The fields have complicated and sometimes controversial meanings. The
259	'serial' field is special. If left at 0, the default, PowerDNS will
260	perform an internal list of the domain to determine highest change_date
261	field of all records within the zone, and use that as the zone serial
262	number. This means that the serial number is always raised when changes
263	are made to the zone, as long as the change_date field is being set.
264	Make sure to check whether your backend of choice supports Autoserial.
265
266	.. _types-spf:
267
268	SPF
269	---
270
271	SPF records can be used to store Sender Policy Framework details (:rfc:`4408`).
272
273	.. _types-sshfp:
274
275	SSHFP
276	-----
277
278	The SSHFP record type, used for storing Secure Shell (SSH) fingerprints,
279	is fully supported. A sample from :rfc:`4255` is::
280
281	2 1 123456789abcdef67890123456789abcdef67890
282
283	.. _types-srv:
284
285	SRV
286	---
287
288	SRV records can be used to encode the location and port of services on a
289	domain name. When encoding, the priority field is used to encode the
290	priority. For example,
291	``_ldap._tcp.dc._msdcs.conaxis.ch SRV 0 100 389 mars.conaxis.ch`` would
292	be encoded with ``0`` in the priority field and
293	``100 389 mars.conaxis.ch`` in the content field.
294
295	TKEY, TSIG
296	----------
297
298	The TKEY (:rfc:`2930`) and TSIG records (:rfc:`2845`), used for
299	key-exchange and authenticated AXFRs, are supported. See the :doc:`../tsig`
300	and `DNS update <../dnsupdate>` documentation for more information.
301
302	.. _types-tlsa:
303
304	TLSA
305	----
306
307	Since 3.0. The TLSA records, specified in :rfc:`6698`, are used to bind SSL/TLS
308	certificate to named hosts and ports.
309
310	.. _types-smimea:
311
312	SMIMEA
313	------
314
315	Since 4.1. The SMIMEA record type, specified in :rfc:`8162`, is used to bind S/MIME
316	certificates to domains.
317
318	.. _types-txt:
319
320	TXT
321	---
322
323	The TXT field can be used to attach textual data to a domain. Text is
324	stored plainly, PowerDNS understands content not enclosed in quotes.
325	However, all quotes characters (``"``) in the TXT content must be
326	preceded with a backslash (``\``).:
327
328	::
329
330	"This \"is\" valid"
331
332	For a literal backslash in the TXT record, escape it:
333
334	::
335
336	"This is also \\ valid"
337
338	Unicode characters can be added in two ways, either by adding the
339	character itself or the escaped variant to the content field. e.g.
340	``"ç"`` is equal to ``"\195\167"``.
341
342	When a TXT record is longer than 255 characters/bytes (excluding
343	possible enclosing quotes), PowerDNS will cut up the content into 255
344	character/byte chunks for transmission to the client.
345
346	.. _types-uri:
347
348	URI
349	---
350
351	The URI record, specified in :rfc:`7553`, is used to publish
352	mappings from hostnames to URIs.
353
354	Other types
355	-----------
356
357	The following, rarely used or obsolete record types, are also supported:
358
359	- A6 (:rfc:`2874`, obsolete)
360	- DHCID (:rfc:`4701`)
361	- DLV (:rfc:`4431`)
362	- EUI48/EUI64 (:rfc:`7043`)
363	- IPSECKEY (:rfc:`4025`)
364	- KEY (:rfc:`2535`, obsolete)
365	- KX (:rfc:`2230`)
366	- MAILA (:rfc:`1035`)
367	- MAILB (:rfc:`1035`)
368	- MINFO (:rfc:`1035`)
369	- MR (:rfc:`1035`)
370	- RKEY (`draft-reid-dnsext-rkey-00.txt <https://tools.ietf.org/html/draft-reid-dnsext-rkey-00>`__)
371	- SIG (:rfc:`2535`, obsolete)
372	- WKS (:rfc:`1035`)