An A-record is used to map hostnames to an IPv4 address of the host. Enter the .
An AAAA-record is used to map hostnames to an IPv6 address of the host. Enter the .
This record is generated automatically when creating a domain zone in DNS management Portal and contains its description. You cannot create or delete this record. An NS-record delegates a domain zone to use the given authoritative name servers. It can contain several servers, including the master one. Enter the of theDNS server.
An MX-record maps a domain name to a list of message transfer agents for that domain and its priority. The MX-record is used for mail routing. Enter the — a subdomain of the domain zone which is a mail gateway. — enter a figure. The larger value means the lower priority.
A TXT-record is a text string. TXT-records are used by some protocols. You can enter any information in .
An SRV-record is a generalized service location record. It allows using several servers for one domain. SRV-records are used only by some protocols, e.g. SIP and XMPP.
Enter a associated with the resource record.
Enter a andof the server. The larger the number, the higher the priority. The client first tries to connect to the server with the highest priority. If it is not accessible, it will try to connect to the next one, etc. If servers have the same priority, the request will be sent to the server with the largest weight. If only one server has a certain priority, its weight should be 0.
Enter a of the server the request will be sent to.
A CNAME-record defines an alias of one name to another. The DNS lookup will continue by retrying the lookup with the new name. Enter a to which the request will be redirected.
ALIAS-records are used to redirect a request to another domain alias name. In this case, unlike a CNAME-record, an alias domain name can have other resource records. Enter a to which the request will be redirected.
A DNAME-record is used to map or rename an entire sub-tree of the DNS name space to another domain. Enter a to which the request will be redirected.
A PTR-record is used to map IP addresses to domain names. This record is mostly used to track where an e-mail message originated. Most mail servers check that a PTR-record exists and matches the domain name that the email was sent from. If the verification fails, the email is considered spam, therefore is the PTR-record is not present, emails from that IP may be blocked. Enter a and that will be sent in the request for the PTR record of the domain name.
A CAA-record defines Certification Authorities (CAs) authorized to issue certificates for that domain. The purpose of the CAA record is to allow domain owners to declare which certificate authorities are allowed to issue a certificate for a domain. They also provide a means for indicating notification rules in case someone requests a certificate from a non-authorised certificate authority. If no CAA record is present, any CA is allowed to issue a certificate for the domain. If a CAA record is present, only the CA listed in the record can issue certificates for that hostname.
can be either 0 or 128. 128 is a critical property for CAs. If the CA doesn't know it, it is now allowed to issue certificates.
0 is a non-critical property. If the CAA doesn't understand the property, it still can issue a certificate.
Select a :
- issue — allows a domain owner specified in the record, to issue a certificate for the hostname;
- issuewild — allows a domain owner specified in the record, to issue a wildcard certificate for the hostname;
- iodef — allows specifying email or URL that can be used to report invalid certificate requests to the domain owner.
Enter a :
- "issue" or "issuewild" in the field: enter a CA domain name. You can enter additional parameters separated by the ";" symbol. E.g, " ca.example.net ; account=1", if the CA asks the client to specify the account number. Please note: specifying only the ";" symbol without an additional parameter in the CAA-record, all the CAs won't issue the certificate;
- "iodef" in the field: defines Email or URL of a feedback page, and cannot use additional parameters.
DS-records are used to secure delegations.
This DS-record references a DNSKEY-record in the sub-delegated zone. For more information please refer to the article Configuring DNSSEC . Enter a — a short numeric value which can help identify the KSK-key.
Select an that was used to generate the KSK-key.
Select a— the cryptographic hash algorithm used to create the Digest value.
— a cryptographic hash value of the KSK-key.
A TLSA record allows the domain owner to confirm the authenticity of a certificate or a digital signature using DNSSEC. With a TLSA record, you can save the fingerprint of a TLS or SSL certificate on your DNS server.
Example of TLSA record
_443._tcp.www.example.com IN TLSA 3 0 1 12B1B210D87C674F0C748E0E259CEB328C4A33A11F19467700EB2
Comments to the example
443 — TLS server port
tcp — TLS server protocol used
3 — method of using the TLS server certificate
0 — which part of the certificate is used when comparing its contents with the TLSA value
1 — method for comparing certificate data with TLSA data
12B1B210D87C674F0C748E0E259CEB328C4A33A11F19467700EB2 — certificate data
When adding a TLSA record, specify the following:
.1Record name in the format _port_.protocol or _port_.protocol.domain. For example, "_443 _.tcp" or "_443 _.tcp.www.example.com".
.2Method of using the TLS server certificate:
0 — CA limit — TLSA contains the information about the certificate of the Certification Authority (CA). The CA must be present in the validation chain when a TLS connection is established;
1 — certificate limit service — TLSA contains the information about the server certificate;
2 — trusted sources — TLSA contains the information about the root certificate;
3 — domain certificate — TLSA contains the information about the server certificate. This server must be the final certificate in the validation chain. This method allows using self-signed certificates.
.3Which part of the certificate is used when comparing its contents with the TLSA value:
0 — full certificate;
1 — open key.
.4Method for comparing certificate data with TLSA data:
0 — hash is not used — full perfect match;
1 — SHA-256 — SHA-256 hash function value match;
2 — SHA-512 — SHA-512 hash function value match.
.5Certificate data.