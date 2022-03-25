DNS record types

This page provides reference information about the different types of DNS records. For guidance on adding DNS records, refer to Manage DNS records .

​​ IP address resolution

At least one IP address resolution record is required for each domain on Cloudflare. These records are the only ones you can proxy through Cloudflare.

​​ A and AAAA

A and AAAA records External link icon Open external link direct browser requests to an origin web server (A for IPv4 addresses and AAAA for IPv6 addresses).

These records include the following fields:

Name : A subdomain or the root domain, which must: Be 63 characters or less Start with a letter and end with a letter or digit Only contain letters, digits, or hyphens (underscores allowed but discouraged)

: A subdomain or the root domain, which must: IPv4/IPv6 address : Your origin web server address (cannot be a Cloudflare IP External link icon Open external link )

: Your origin web server address (cannot be a ) TTL : Time to live, which controls how long DNS resolvers should cache a response before revalidating it. If the Proxy Status is Proxied , this value defaults to Auto , which is 300 seconds. If the Proxy Status is DNS Only , you can customize the value.

: Time to live, which controls how long DNS resolvers should cache a response before revalidating it. Proxy status: For more details, refer to Proxied DNS records .

CNAME records External link icon Open external link direct browser requests to an origin web server, but — unlike an A or AAAA record — do so via a hostname like example.com instead of an IP address.

These records include the following fields:

Name : A subdomain or the root domain, which must: Be 63 characters or less Start with a letter and end with a letter or digit Only contain letters, digits, or hyphens (underscores are allowed but discouraged)

: A subdomain or the root domain, which must: Target : The hostname where traffic should be directed ( example.com ).

: The hostname where traffic should be directed ( ). TTL : Time to live, which controls how long DNS resolvers should cache a response before revalidating it. If the Proxy Status is Proxied , this value defaults to Auto , which is 300 seconds. If the Proxy Status is DNS Only , you can customize the value.

: Time to live, which controls how long DNS resolvers should cache a response before revalidating it. Proxy status: For more details, refer to Proxied DNS records .

You can use CNAME records to point to other CNAME records ( www.example2.com –> www.example1.com –> www.example.com ), but the final record must point to a hostname with a valid IP address (and therefore a valid A or AAAA record) if this hostname is meant to proxy traffic.

​​ Email authentication

These records are recommended regardless of whether your domain sends email messages. Creating secure email records External link icon Open external link can help protect your domain against email spoofing.

If your domain is not used to send email messages, learn more about creating recommended restrictive records External link icon Open external link .

A mail exchange (MX) record is required to deliver email to a mail server.

A DomainKeys Identified Mail (DKIM) record ensures email authenticity by cryptographically signing emails:

A Sender Policy Framework (SPF) record lists authorized IP addresses and domains that can send email on behalf of your domain.

A Domain-based Message Authentication Reporting and Conformance (DMARC) record helps generate aggregate reports about your email traffic and provide clear instructions for how email receivers should treat non-conforming emails.

​​ Specialized records

A text (TXT) record External link icon Open external link lets you enter text into the DNS system.

At Cloudflare, these are most commonly used to demonstrate domain ownership prior to issuing SSL/TLS certificates for your domain or an SSL for SaaS domain .

You could also use these to create email authentication records, but we recommend that you use our Email Security Wizard instead. The Content for TXT records at Cloudflare must be 2048 characters or less.

A Certificate Authority Authorization (CAA) record specifies which Certificate Authorities (CAs) are allowed to issue certificates for a domain.

A service record (SRV) External link icon Open external link specifies a host and port for specific services like voice over IP (VOIP), instant messaging, and more.

A pointer (PTR) record External link icon Open external link specifies the allowed hosts for a given IP address.

Within Cloudflare, PTR records are used for reverse DNS lookups and should preferably be added to reverse zones .

A start of authority (SOA) External link icon Open external link record stores information about your domain such as admin email address, when the domain was last updated, and more.

If you are using Cloudflare for your authoritative DNS , you do not need to create an SOA record. Cloudflare creates this record automatically when you start using Cloudflare’s authoritative nameservers.

A nameserver (NS) record External link icon Open external link indicates which server should be used for authoritative DNS.

You only need to add NS records when you are creating custom or vanity nameservers or delegating subdomains outside of Cloudflare External link icon Open external link .

​​ DS and DNSKEY

DS and DNSKEY External link icon Open external link records help implement DNSSEC, which cryptographically signs DNS records to prevent domain spoofing.

Most Cloudflare domains do not need to add these records and should instead follow our DNSSEC setup guide .