A resource record is the main unit of information in a DNS. Using resource records, you determine where to route queries that come to specific domain names. Resource records have the following parameters:
- Domain name.
- Record type.
- Record time to live (TTL) in seconds before updating the record value.
- Record value.
Resource records only support ASCII characters.
Cloud DNS uses record sets. A set may contain a single record or a collection of resource records with the same name and type but different values.
Sample record set:
You can update record sets by adding or deleting records.
All the records in a single set have the same TTL value.
Cloud DNS supports the following types of resource records.
A: Points a domain name to an IPv4 address. For example, requesting the
www.example.com A record should return an IPv4 address in
For more information about A records, see RFC-1035.
AAAA: Points a domain name to an IPv6 address. Operates in a similar way to an A record.
For more information about AAAA records, see RFC-3596.
CAA (Certification Authority Authorization): Identifies which certification authorities are authorized to issue certificates for a particular zone and its subzones.
A record consists of the following parts:
FLAG: A single-byte unsigned integer that may take two values:
0: Indicates a noncritical record. The certification authority may issue a certificate at its discretion.
128: Indicates a critical record. The certification authority should not issue a certificate for an FQDN if the corresponding CAA record contains a critical property for an unknown or unsupported tag.
TAG: A string that consists of Latin characters and numbers and identifies the purpose of a record:
issue: Determines which certification authority is authorized to issue certificates for a zone or subzone.
issuewild: Determines which certification authority is authorized to issue certificates for a zone and all of its subzones (wildcard,
- Contact information that the certification authority should use to notify zone owners about receiving a request to issue a certificate in violation of the rules defined in CAA records:
iodef: The phone number, website, or email address in any format.
contactemail: The email address.
contactphone: The phone number.
If the server fails to process an unknown tag, the flag value is parsed:
0: The tag is ignored.
128: Regardless of the value in the
VALUEfield, the record prohibits the issuance of certificates for the specified zone.
VALUE: A record enclosed in double quotes:
"". This field value is handled based on the tag value.
|example.com.||CAA||600||128 issue "ca.example.net"||Only the
|example.com.||CAA||600||0 issuewild "ca.example.net"||The
|example.com.||CAA||600||0 issue ";"||Certification authorities are not authorized to issue certificates for the
|example.com.||CAA||600||0 iodef "mailto:firstname.lastname@example.org"||If any of the conditions described in CAA records is violated, contact the owner of the
|example.com.||CAA||600||0 iodef "https://security.example.com/"||If any of the conditions described in CAA records is violated, contact the owner of the
For more information about CAA records, see RFC-8659.
CNAME: Creates an alias for an FQDN. You can use CNAME records to access different services running on the same IP address. For example, CNAME records like
second.example.com may point to the same
host.example.com A record.
For more information about CNAME records, see RFC-1035.
MX: The name of a server that processes emails, such as
A record consists of two parts:
PREFERENCE: A 16-bit integer that specifies the host priority. The lower the value, the higher the host preference.
EXCHANGE: The FQDN of the host that processes emails in the specified zone. This field value must point to an A or AAAA record.
For more information about MX records, see RFC-1035.
NS: A record that stores the address of the name server that handles the specified zone.
For more information about NS records, see RFC-1035.
PTR: Resolves an IP address to a domain name.
For more information about PTR records, see RFC-1035.
SOA: A record with basic information about a zone. Created automatically.
It consists of the following parts:
MNAME: The domain name of the server that handles the zone. Default:
ns.internal.: For internal zones.
ns1.yandexcloud.net.: For public zones.
RNAME: The domain name of the mail server that handles the zone. The default value is
SERIAL: An unsigned 32-bit integer that points to the number of a zone copy. When synchronizing data between DNS servers, the value in the
SERIALfield is checked. The larger it is, the more recent the data. The default value is
The Cloud DNS service doesn't change the
SERIALfield value in SOA records when editing zone resource records. If you want to forcibly update the cache of the DNS servers that store information about your resource records, increase the value in this field manually.
REFRESH: The time, in seconds, between updates of information about zone resource records. The default value is
RETRY: The time, in seconds, before retrying to update information about zone resource records if the previous attempt failed. The default value is
EXPIRE: The time, in seconds, after which the zone will no longer be authoritative. The default value is
MINIMUM: The minimum TTL value, in seconds, for any resource record exported from the zone. The default value is
|example.com.||SOA||3600||ns1.yandexcloud.net. mx.cloud.yandex.net. 1 10800 900 604800 86400|
|example.com.||SOA||3600||ns.internal. mx.cloud.yandex.net. 1 10800 900 604800 86400|
For more information about SOA records, see RFC-1035.
SRV: A record that specifies the hostname and port number of the server for a particular service. An SRV record must point to an A or AAAA record.
It consists of the following parts:
Priority: A 16-bit unsigned integer that specifies the host priority. The lower the value, the higher the host preference.
Weight: A 16-bit unsigned integer that specifies the weight for hosts with the same priority. The closer the field value is to 0, the less likely it is that this host will be selected. If the service is only running on a single host, set the field value to
Port: A 16-bit unsigned integer that specifies the port used by the service.
Target: The FQDN of the host for the service.
The client accesses the server with the lowest priority. If multiple servers have the same priority, the load is distributed according to the weight. Specify the server priority and the weight of records to distribute the load both between and within groups of servers.
|_sip._tcp.example.com.||SRV||600||10 70 8080 host.example.com.|
|_postgresql._tcp.example.com.||SRV||600||10 60 6432 pg-master.example.com.|
|_postgresql._tcp.example.com.||SRV||600||10 30 6432 pg-repl1.example.com.|
|_postgresql._tcp.example.com.||SRV||600||10 10 6432 pg-repl2.example.com.|
The Cloud DNS service only supports
IN class SRV records. When creating records, there is no need to specify the
For more information about SRV records, see RFC-2782.
TXT is a free-form record that can store human-readable text or structured machine-readable data.
Mostly used to verify:
TXT record implementation in Yandex Cloud DNS has the following special features and limitations:
The service uses MASTER FILES format. According to the format specifications, a
;indicates the beginning of a comment, meaning that any content following it is ignored. If you wish to use the
;character in a TXT record, enclose the string containing it in double quotes (
A TXT record can store several strings: no more than 255 each and no more than 1024 characters total.
The space character serves as separator. If an input string has spaces, it will be perceived as several strings.
For example, the following string is entered:
Long string "string with spaces in quotes" #1 and_without_spaces
When saving, this string will not change, but will be processed as 5 strings:
"Long" "string" "string with spaces in quotes" "#1" "and_without_spaces"
If you need to save the spaces, enclose the entire string in double quotes (
|example.com.||TXT||600||"v=DMARC1; p=none; sp=quarantine; pct=100; rua=mailto: email@example.com;"|
|big-email._domainkey.example.com||TXT||6000||"v=DKIM1; p=76E629F05F70 9EF665853333 EEC3F5ADE69A 2362BECE4065 8267AB2FC3CB 6CBE"|
|example.com.||TXT||6000||"v=spf1 ip4=192.0.2.0 ip4=192.0.2.1 include:examplesender.email -all"|