4 This chapter lists all record types PowerDNS supports, and how they are
5 stored in backends. The list is mostly alphabetical but some types are
9 Host names and the MNAME of a SOA records are NEVER
10 terminated with a '.' in PowerDNS storage! If a trailing '.' is present
11 it will inevitably cause problems, problems that may be hard to debug.
12 Use ``pdnsutil check-zone`` to validate your zone data.
15 Whenever the storage format is mentioned, this relates only to
16 the way the record should be stored in one of the :doc:`generic SQL <../backends/generic-sql>` backends. The other
17 backends should use their *native* format.
19 The PowerDNS Recursor can serve and store all record types, regardless
20 of whether these are explicitly supported.
27 The A record contains an IP address. It is stored as a decimal dotted
28 quad string, for example: '203.0.113.210'.
35 The AAAA record contains an IPv6 address. An example:
36 '2001:DB8:2000:bf0::1'.
43 A specialised record type for the 'Andrew Filesystem'. Stored as:
44 '#subtype hostname', where subtype is a number.
51 The ALIAS pseudo-record type is supported to provide
52 CNAME-like mechanisms on a zone's apex. See the :doc:`howto <../guides/alias>` for information
53 on how to configure PowerDNS to serve records synthesized from ALIAS
61 The APL record, specified in :rfc:`3123`, is used to specify a DNS RR type "APL" for address prefix lists.
68 The "Certification Authority Authorization" record,
69 specified in :rfc:`6844`, is used
70 to specify Certificate Authorities that may issue certificates for a
78 Specialised record type for storing certificates, defined in :rfc:`2538`.
85 The CDNSKEY (:rfc:`Child DNSKEY <7344#section-3.2>`) type is supported.
92 The CDS (:rfc:`Child DS <7344#section-3.1>`) type is supported.
99 The CNAME record specifies the canonical name of a record. It is stored
100 plainly. Like all other records, it is not terminated by a dot. A sample
101 might be 'webserver-01.yourcompany.com'.
108 The CSYNC record is used for 'Child-to-Parent Synchronization in DNS', as described in :rfc:`7477`.
109 Right now it is only supported as zone content; no special processing is implemented.
110 Note that SOA-EDIT is not applied to serial numbers in CSYNC content.
117 The DNSKEY DNSSEC record type is fully supported, as described in :rfc:`4034`.
118 Enabling DNSSEC for domains can be done with :doc:`pdnsutil <../dnssec/pdnsutil>`.
125 The DNAME record, as specified in :rfc:`6672` is supported. However,
126 :ref:`setting-dname-processing` has to be set to ``yes`` for PowerDNS to process these records.
133 The DS DNSSEC record type is fully supported, as described in :rfc:`4034`.
134 Enabling DNSSEC for domains can be done with :doc:`pdnsutil <../dnssec/pdnsutil>`.
141 Hardware Info record, used to specify CPU and operating system. Stored
142 with a single space separating these two, example: 'i386 Linux'.
149 See :ref:`SVCB <types-svcb>` for more information.
156 The KEY record is fully supported. For its syntax, see :rfc:`2535`.
163 The LOC record is fully supported. For its syntax, see :rfc:`1876`.
164 A sample content would be: ``51 56 0.123 N 5 54 0.000 E 4.00m 1.00m 10000.00m 10.00m``
171 The MX record specifies a mail exchanger host for a domain. Each mail
172 exchanger also has a priority or preference. For example
173 ``10 mx.example.net``. In the generic SQL backends, the ``10`` should go
174 in the 'priority field'.
181 Naming Authority Pointer, :rfc:`2915`. Stored as follows:
185 '100 50 "s" "z3950+I2L+I2C" "" _z3950._tcp.gatech.edu'.
187 The fields are: order, preference, flags, service, regex, replacement.
188 Note that the replacement is not enclosed in quotes, and should not be.
189 The replacement may be omitted, in which case it is empty. See also :rfc:`2916`
190 for how to use NAPTR for ENUM (E.164) purposes.
197 Nameserver record. Specifies nameservers for a domain. Stored plainly:
198 ``ns1.powerdns.com``, as always without a terminating dot.
200 NSEC, NSEC3, NSEC3PARAM
201 -----------------------
203 The NSEC, NSEC3 and NSEC3PARAM DNSSEC record type are fully supported,
204 as described in :rfc:`4034`.
205 Enabling DNSSEC for domains can be done with :doc:`pdnsutil <../dnssec/pdnsutil>`.
207 .. _types-openpgpkey:
212 The OPENPGPKEY records, specified in :rfc:`7929`, are
213 used to bind OpenPGP certificates to email addresses.
220 Reverse pointer, used to specify the host name belonging to an IP or
221 IPv6 address. Name is stored plainly: ``www.powerdns.com``. As always,
229 Responsible Person record, as described in :rfc:`1183`. Stored with a single space
230 between the mailbox name and the more-information pointer. Example:
231 ``peter.powerdns.com peter.people.powerdns.com``, to indicate that
232 ``peter@powerdns.com`` is responsible and that more information about
233 peter is available by querying the TXT record of
234 peter.people.powerdns.com.
241 The RRSIG DNSSEC record type is fully supported, as described in :rfc:`4034`.
248 The Start of Authority record is one of the most complex available. It
249 specifies a lot about a domain: the name of the master nameserver ('the
250 primary'), the hostmaster and a set of numbers indicating how the data
251 in this domain expires and how often it needs to be checked. Further
252 more, it contains a serial number which should rise on each change of
255 The stored format is:
259 primary hostmaster serial refresh retry expire minimum
261 Besides the primary and the hostmaster, all fields are numerical.
262 The fields have complicated and sometimes controversial meanings.
269 SPF records can be used to store Sender Policy Framework details (:rfc:`4408`).
276 The SSHFP record type, used for storing Secure Shell (SSH) fingerprints,
277 is fully supported. A sample from :rfc:`4255` is::
279 2 1 123456789abcdef67890123456789abcdef67890
286 SRV records can be used to encode the location and port of services on a
287 domain name. When encoding, the priority field is used to encode the
288 priority. For example,
289 ``_ldap._tcp.dc._msdcs.conaxis.ch SRV 0 100 389 mars.conaxis.ch`` would
290 be encoded with ``0`` in the priority field and
291 ``100 389 mars.conaxis.ch`` in the content field.
297 .. versionadded:: 4.4.0
299 SVCB records, defined in
300 (`draft-ietf-dnsop-svcb-https-07
301 <https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-07.html>`__)
302 are used to facilitate the lookup of information needed to make
303 connections to network services. SVCB records allow a service to be
304 provided from multiple alternative endpoints, each with associated
305 parameters (such as transport protocol configuration and keys for
306 encrypting the TLS ClientHello). They also enable aliasing of apex
307 domains, which is not possible with CNAME. The HTTPS RR is a variation
308 of SVCB for HTTPS and HTTP origins.
310 Additional processing is supported for these types.
311 Some :doc:`PowerDNS extensions <../guides/svcb>` for automatic IP address hints exist as well.
316 The TKEY (:rfc:`2930`) and TSIG records (:rfc:`2845`), used for
317 key-exchange and authenticated AXFRs, are supported. See the :doc:`../tsig`
318 and `DNS update <../dnsupdate>` documentation for more information.
325 Since 3.0. The TLSA records, specified in :rfc:`6698`, are used to bind SSL/TLS
326 certificate to named hosts and ports.
333 Since 4.1. The SMIMEA record type, specified in :rfc:`8162`, is used to bind S/MIME
334 certificates to domains.
341 The TXT field can be used to attach textual data to a domain. Text is
342 stored plainly, PowerDNS understands content not enclosed in quotes.
343 However, all quotes characters (``"``) in the TXT content must be
344 preceded with a backslash (``\``).:
350 For a literal backslash in the TXT record, escape it:
354 "This is also \\ valid"
356 Unicode characters can be added in two ways, either by adding the
357 character itself or the escaped variant to the content field. e.g.
358 ``"รง"`` is equal to ``"\195\167"``.
360 When a TXT record is longer than 255 characters/bytes (excluding
361 possible enclosing quotes), PowerDNS will cut up the content into 255
362 character/byte chunks for transmission to the client.
369 The URI record, specified in :rfc:`7553`, is used to publish
370 mappings from hostnames to URIs.
375 The ZONEMD record, specified in :rfc:`8976`, is used to validate zones.
380 The following, rarely used or obsolete record types, are also supported:
382 - DHCID (:rfc:`4701`)
384 - EUI48/EUI64 (:rfc:`7043`)
385 - IPSECKEY (:rfc:`4025`)
386 - KEY (:rfc:`2535`, obsolete)
391 - MINFO (:rfc:`1035`)
394 - RKEY (`draft-reid-dnsext-rkey-00.txt <https://tools.ietf.org/html/draft-reid-dnsext-rkey-00>`__)
398 Unknown DNS Resource Record (RR) Types
399 --------------------------------------
401 PowerDNS supports (:rfc:`3597`) syntax for serving unknown record types. For example
405 e.example. IN TYPE1 \# 4 0A000001
407 Beware that PowerDNS will attempt to parse known record types even if written in this syntax.
408 This bug will be fixed in future release.