DNS Record Types in BIND Zone Files
What common records do and how to write them in master file syntax
BIND zone files store DNS resource records in a compact text format. The owner name comes first, followed by optional TTL, class, record type, and record-specific data. Most internet zones use a small set of record types repeatedly.
Common Record Types
| Type | Purpose | Example |
|---|---|---|
SOA | Defines zone authority, serial, and secondary refresh timing. | @ IN SOA ns1.example.test. hostmaster.example.test. (...) |
NS | Lists authoritative nameservers for the zone. | @ IN NS ns1.example.test. |
A | Maps a name to an IPv4 address. | www IN A 192.0.2.20 |
AAAA | Maps a name to an IPv6 address. | www IN AAAA 2001:db8::20 |
CNAME | Creates an alias to another canonical name. | www IN CNAME example.test. |
MX | Declares mail exchangers and their priorities. | @ IN MX 10 mail.example.test. |
TXT | Stores text used for SPF, DKIM, DMARC, and verification records. | @ IN TXT "v=spf1 mx -all" |
SRV | Publishes service location, priority, weight, port, and target. | _sip._tcp IN SRV 10 60 5060 sip.example.test. |
CAA | Restricts which certificate authorities may issue certificates. | @ IN CAA 0 issue "letsencrypt.org" |
PTR | Maps an address back to a hostname in a reverse zone. | 20 IN PTR host.example.test. |
DS | Publishes a delegated zone's DNSSEC key digest in the parent zone. | child IN DS 12345 13 2 ... |
Address Records
Use A for IPv4 and AAAA for IPv6. Do not place an IPv6 address in an A record or an IPv4 address in an AAAA record.
@ IN A 192.0.2.20
www IN A 192.0.2.21
@ IN AAAA 2001:db8::20Aliases and CNAME Restrictions
A CNAME owner name cannot have any other record type at the same name. This means www cannot be both a CNAME and an A record. The zone apex also cannot normally be a CNAME because it already has SOA and NS records.
; Valid alias
www IN CNAME example.test.
; Invalid if www also has A, AAAA, MX, TXT, or any other dataRecords with Target Names
NS, CNAME, MX, SRV, PTR, and many other records contain DNS names as values. Add a trailing dot when you mean a fully qualified name. Without it, BIND appends the current origin.
Records named-checkzone Cannot Fully Judge
The validator can check whether a CAA, DS, SPF TXT, or DMARC TXT record is syntactically valid as DNS data. It does not guarantee that a certificate authority, registrar, mail receiver, or DNSSEC validator will treat the policy as intended. For policy records, combine zone validation with protocol-specific tests.
Testing new record types? Validate the zone file before publishing the changes.
Open the Validator