當前位置：首頁 > 编程资源 > 综合教程 >内容正文

综合教程

DNS RR代码和含义

發布時間：2023/12/13 综合教程 20 生活家

生活随笔收集整理的這篇文章主要介紹了 DNS RR代码和含义小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

記錄類型

代碼	號碼	定義的 RFC	描述	功能
A	1	RFC 1035	IP 地址記錄	傳回一個 32 比特的 IPv4 地址，最常用于映射主機名稱到 IP地址，但也用于DNSBL（RFC 1101）等。
AAAA	28	RFC 3596	IPv6 IP 地址記錄	傳回一個 128 比特的 IPv6 地址，最常用于映射主機名稱到 IP 地址。
AFSDB	18	RFC 1183	AFS文件系統	（Andrew File System）數據庫核心的位置，于域名以外的 AFS 客戶端常用來聯系 AFS 核心。這個記錄的子類型是被過時的的 DCE/DFS（DCE Distributed File System）所使用。
APL	42	RFC 3123	地址前綴列表	指定地址列表的范圍，例如：CIDR 格式為各個類型的地址（試驗性）。
CAA	257	RFC 6844	權威認證授權	DNS認證機構授權，限制主機/域的可接受的CA
CDNSKEY	60	RFC 7344	子關鍵記錄	關鍵記錄記錄的子版本，用于轉移到父級
CDS	59	RFC 7344	子委托簽發者	委托簽發者記錄的子版本，用于轉移到父級
CERT	37	RFC 4398	證書記錄	存儲 PKIX、SPKI、PGP等。
CNAME	5	RFC 1035	規范名稱記錄	一個主機名字的別名：域名系統將會繼續嘗試查找新的名字。
DHCID	49	RFC 4701	DHCP（動態主機設置協議）識別碼	用于將 FQDN 選項結合至 DHCP。
DLV	32769	RFC 4431	DNSSEC（域名系統安全擴展）來源驗證記錄	為不在DNS委托者內發布DNSSEC的信任錨點，與 DS 記錄使用相同的格式，RFC 5074 介紹了如何使用這些記錄。
DNAME	39	RFC 2672	代表名稱	DNAME 會為名稱和其子名稱產生別名，與 CNAME 不同，在其標簽別名不會重復。但與 CNAME 記錄相同的是，DNS將會繼續嘗試查找新的名字。
DNSKEY	48	RFC 4034	DNS 關鍵記錄	于DNSSEC內使用的關鍵記錄，與 KEY 使用相同格式。
DS	43	RFC 4034	委托簽發者	此記錄用于鑒定DNSSEC已授權區域的簽名密鑰。
HIP	55	RFC 5205	主機鑒定協議	將端點標識符及IP 地址定位的分開的方法。
IPSECKEY	45	RFC 4025	IPSEC 密鑰	與 IPSEC 同時使用的密鑰記錄。
KEY	25	RFC 2535^[1]RFC 2930^[2]	關鍵記錄	只用于 SIG(0)（RFC 2931）及 TKEY（RFC 2930）。^[3]RFC 3455 否定其作為應用程序鍵及限制DNSSEC的使用。^[4]RFC 3755 指定了 DNSKEY 作為DNSSEC的代替。^[5]
LOC記錄（LOC record）	29	RFC 1876	位置記錄	將一個域名指定地理位置。
MX記錄（MX record）	15	RFC 1035	電郵交互記錄	引導域名到該域名的郵件傳輸代理（MTA, Message Transfer Agents）列表。
NAPTR記錄（NAPTR record）	35	RFC 3403	命名管理指針	允許基于正則表達式的域名重寫使其能夠作為 URI、進一步域名查找等。
NS	2	RFC 1035	名稱服務器記錄	委托DNS區域（DNS zone）使用已提供的權威域名服務器。
NSEC	47	RFC 4034	下一代安全記錄	DNSSEC 的一部分 — 用來驗證一個未存在的服務器，使用與 NXT（已過時）記錄的格式。
NSEC3	50	RFC 5155	NSEC 記錄第三版	用作允許未經允許的區域行走以證明名稱不存在性的 DNSSEC 擴展。
NSEC3PARAM	51	RFC 5155	NSEC3 參數	與 NSEC3 同時使用的參數記錄。
OPENPGPKEY	61	RFC 7929	OpenPGP公鑰記錄	基于DNS的域名實體認證方法，用于使用OPENPGPKEY DNS資源記錄在特定電子郵件地址的DNS中發布和定位OpenPGP公鑰。
PTR	12	RFC 1035	指針記錄	引導至一個規范名稱（Canonical Name）。與 CNAME 記錄不同，DNS“不會”進行進程，只會傳回名稱。最常用來運行反向 DNS 查找，其他用途包括引作 DNS-SD。
RRSIG	46	RFC 4034	DNSSEC 證書	DNSSEC 安全記錄集證書，與 SIG 記錄使用相同的格式。
RP	17	RFC 1183	負責人	有關域名負責人的信息，電郵地址的 @ 通常寫為 a。
SIG	24	RFC 2535	證書	SIG(0)（RFC 2931）及 TKEY（RFC 2930）使用的證書。^[5]RFC 3755 designated RRSIG as the replacement for SIG for use within DNSSEC.^[5]
SOA	6	RFC 1035	權威記錄的起始	指定有關DNS區域的權威性信息，包含主要名稱服務器、域名管理員的電郵地址、域名的流水式編號、和幾個有關刷新區域的定時器。
SPF	99	RFC 4408	SPF 記錄	作為 SPF 協議的一部分，優先作為先前在 TXT 存儲 SPF 數據的臨時做法，使用與先前在 TXT 存儲的格式。
SRV記錄（SRV record）	33	RFC 2782	服務定位器	廣義為服務定位記錄，被新式協議使用而避免產生特定協議的記錄，例如：MX 記錄。
SSHFP	44	RFC 4255	SSH 公共密鑰指紋	DNS 系統用來發布 SSH 公共密鑰指紋的資源記錄，以用作輔助驗證服務器的真實性。
TA	32768	無	DNSSEC 信任當局	DNSSEC 一部分無簽訂 DNS 根目錄的部署提案，，使用與 DS 記錄相同的格式^[6]^[7]。
TKEY記錄（TKEY record）	249	RFC 2930	秘密密鑰記錄	為TSIG提供密鑰材料的其中一類方法，that is 在公共密鑰下加密的 accompanying KEY RR。^[8]
TSIG	250	RFC 2845	交易證書	用以認證動態更新（Dynamic DNS）是來自合法的客戶端，或與 DNSSEC 一樣是驗證回應是否來自合法的遞歸名稱服務器。^[9]
TXT	16	RFC 1035	文本記錄	最初是為任意可讀的文本 DNS 記錄。自1990年起，些記錄更經常地帶有機讀數據，以 RFC 1464 指定：機會性加密（opportunistic encryption）、Sender Policy Framework（雖然這個臨時使用的 TXT 記錄在 SPF 記錄推出后不被推薦）、DomainKeys、DNS-SD等。
URI	256	RFC 7553	統一資源標識符	可用于發布從主機名到URI的映射。

其他類型及偽資源記錄

其他類型的資源記錄簡單地提供一些類型的消息（如：HINFO 記錄提供電腦或操作系統的類型），或傳回實驗中之功能的數據。“type”字段也使用于其他協議作各種操作。

代碼	號碼	定義的 RFC	描述	功能
*	255	RFC 1035	所有緩存的記錄	傳回所有服務器已知類型的記錄。如果服務器未有任何關于名稱的記錄，該請求將被轉發。而傳回的記錄未必完全完成，例如：當一個名稱有 A 及 MX 類型的記錄時，但服務器已緩存了 A 記錄，就只有 A 記錄會被傳回。
AXFR	252	RFC 1035	全域轉移	由主域名服務器轉移整個區域文件至二級域名服務器。
IXFR	251	RFC 1995	增量區域轉移	請求只有與先前流水式編號不同的特定區域的區域轉移。此請求有機會被拒絕，如果權威服務器由于配置或缺乏必要的數據而無法履行請求，一個完整的（AXFR）會被發送以作回應。
OPT	41	RFC 2671	選項	這是一個“偽 DNS記錄類型”以支持 EDNS。

過時的記錄類型

發展呈現廢棄一些最初定義的記錄類型。從 IANA 的記錄可見，一些記錄類型由于一些原因而被限制其使用、一些被標示為明顯過時的、有些是為了隱藏的服務、有些是為了舊版本的服務、有的有特別記錄指出它們是“不正確的”。

由 RFC 973 定義為過時：MD(3)、MF (4)、MAILA (254)
為了發布郵件列表訂戶的 DNS 記錄：MB(7)、MG(8)、MR(9)、MINFO(14)、MAILB (253)。在 RFC 883 標明的意圖是為了讓 MB 代替 SMTP VRFY 指令、MG 代替 SMTP EXPN 指令、及讓 MR 代替“551 User Not Local”SMTP 錯誤。其后，RFC 2505 提議將 VRFY 及 EXPN 指令兩者停用，使利用 MB 及 MG 永遠不可能獲得通過。
在 RFC 1123 不提議使用“not to be relied upon”（RFC 1127 有更多的信息）：WKS(11)^[10]
錯誤: NB(32)、NBSTAT(33)（自 RFC 1002）；號碼現已分配給 NIMLOC 及 SRV。
由 RFC 1035 定義為過時：NULL(10)（RFC 883 定義“完成查詢”（操作碼二及可能是三）有在使用此記錄，后來 RFC 1035 重新分配操作碼二為“狀態”及保留操作碼三）。
定義為早期的 IPv6 但其后由 RFC 3363 降級為試驗性：A6(38)
由 DNSSEC 更新（RFC 3755）定義為過時：NXT(30)。同一時間，為 KEY 及 SIG 域名的適用性限制為不包括 DNSSEC。
第一版 DNSSEC（RFC 2230、RFC 2065）的一部分，現已過時：KX(36)
目前沒有任何顯著的應用程序使用：HINFO(13)、RP(17)、X25(19)、ISDN(20)、RT(21)、NSAP(22)、NSAP-PTR(23)、PX(26)、EID(31)、NIMLOC(32)、ATMA(34)、APL(42)
由 Kitchen Sink 互聯網草案，但從未達至 RFC 水平：SINK(40)
一個 LOC 記錄更有限的早期版本：GPOS(27)
IANA 保留，及后未有 RFC 記錄它們 [1] 而支持已由 BIND 于九零年初移除：UINFO(100), UID(101)、GID(102)、UNSPEC(103)

RP(17) 可能被使用于有關指定的主機的不同聯系點、子網域其他 SOA 記錄不包含的域名級別的人類可讀信息。

From wiki :

Resource records

Type	Type id. (decimal)	Defining RFC	Description	Function
A	1	RFC 1035^[1]	Address record	Returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host, but it is also used for DNSBLs, storing subnet masks in RFC 1101, etc.
AAAA	28	RFC 3596^[2]	IPv6 address record	Returns a 128-bit IPv6 address, most commonly used to map hostnames to an IP address of the host.
AFSDB	18	RFC 1183	AFS database record	Location of database servers of an AFS cell. This record is commonly used by AFS clients to contact AFS cells outside their local domain. A subtype of this record is used by the obsolete DCE/DFS file system.
APL	42	RFC 3123	Address Prefix List	Specify lists of address ranges, e.g. in CIDR format, for various address families. Experimental.
CAA	257	RFC 6844	Certification Authority Authorization	DNS Certification Authority Authorization, constraining acceptable CAs for a host/domain
CDNSKEY	60	RFC 7344	Child DNSKEY	Child copy of DNSKEY record, for transfer to parent
CDS	59	RFC 7344	Child DS	Child copy of DS record, for transfer to parent
CERT	37	RFC 4398	Certificate record	Stores PKIX, SPKI, PGP, etc.
CNAME	5	RFC 1035^[1]	Canonical name record	Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name.
DHCID	49	RFC 4701	DHCP identifier	Used in conjunction with the FQDN option to DHCP
DLV	32769	RFC 4431	DNSSEC Lookaside Validation record	For publishing DNSSEC trust anchors outside of the DNS delegation chain. Uses the same format as the DS record. RFC 5074 describes a way of using these records.
DNAME	39	RFC 6672		Alias for a name and all its subnames, unlike CNAME, which is an alias for only the exact name. Like a CNAME record, the DNS lookup will continue by retrying the lookup with the new name.
DNSKEY	48	RFC 4034	DNS Key record	The key record used in DNSSEC. Uses the same format as the KEY record.
DS	43	RFC 4034	Delegation signer	The record used to identify the DNSSEC signing key of a delegated zone
HIP	55	RFC 8005	Host Identity Protocol	Method of separating the end-point identifier and locator roles of IP addresses.
IPSECKEY	45	RFC 4025	IPsec Key	Key record that can be used with IPsec
KEY	25	RFC 2535^[3] and RFC 2930^[4]	Key record	Used only for SIG(0) (RFC 2931) and TKEY (RFC 2930).^[5] RFC 3445 eliminated their use for application keys and limited their use to DNSSEC.^[6] RFC 3755 designates DNSKEY as the replacement within DNSSEC.^[7] RFC 4025 designates IPSECKEY as the replacement for use with IPsec.^[8]
KX	36	RFC 2230	Key Exchanger record	Used with some cryptographic systems (not including DNSSEC) to identify a key management agent for the associated domain-name. Note that this has nothing to do with DNS Security. It is Informational status, rather than being on the IETF standards-track. It has always had limited deployment, but is still in use.
LOC	29	RFC 1876	Location record	Specifies a geographical location associated with a domain name
MX	15	RFC 1035^[1] and RFC 7505	Mail exchange record	Maps a domain name to a list of message transfer agents for that domain
NAPTR	35	RFC 3403	Naming Authority Pointer	Allows regular-expression-based rewriting of domain names which can then be used as URIs, further domain names to lookups, etc.
NS	2	RFC 1035^[1]	Name server record	Delegates a DNS zone to use the given authoritative name servers
NSEC	47	RFC 4034	Next Secure record	Part of DNSSEC—used to prove a name does not exist. Uses the same format as the (obsolete) NXT record.
NSEC3	50	RFC 5155	Next Secure record version 3	An extension to DNSSEC that allows proof of nonexistence for a name without permitting zonewalking
NSEC3PARAM	51	RFC 5155	NSEC3 parameters	Parameter record for use with NSEC3
OPENPGPKEY	61	RFC 7929	OpenPGP public key record	A DNS-based Authentication of Named Entities (DANE) method for publishing and locating OpenPGP public keys in DNS for a specific email address using an OPENPGPKEY DNS resource record.
PTR	12	RFC 1035^[1]	Pointer record	Pointer to a canonical name. Unlike a CNAME, DNS processing stops and just the name is returned. The most common use is for implementing reverse DNS lookups, but other uses include such things as DNS-SD.
RRSIG	46	RFC 4034	DNSSEC signature	Signature for a DNSSEC-secured record set. Uses the same format as the SIG record.
RP	17	RFC 1183	Responsible Person	Information about the responsible person(s) for the domain. Usually an email address with the @ replaced by a .
SIG	24	RFC 2535	Signature	Signature record used in SIG(0) (RFC 2931) and TKEY (RFC 2930).^[7] RFC 3755 designated RRSIG as the replacement for SIG for use within DNSSEC.^[7]
SOA	6	RFC 1035^[1] and RFC 2308^[9]	Start of [a zone of] authority record	Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.
SRV	33	RFC 2782	Service locator	Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX.
SSHFP	44	RFC 4255	SSH Public Key Fingerprint	Resource record for publishing SSH public host key fingerprints in the DNS System, in order to aid in verifying the authenticity of the host. RFC 6594 defines ECC SSH keys and SHA-256 hashes. See the IANA SSHFP RR parameters registry for details.
TA	32768	N/A	DNSSEC Trust Authorities	Part of a deployment proposal for DNSSEC without a signed DNS root. See the IANA database and Weiler Spec for details. Uses the same format as the DS record.
TKEY	249	RFC 2930	Transaction Key record	A method of providing keying material to be used with TSIG that is encrypted under the public key in an accompanying KEY RR.^[10]
TLSA	52	RFC 6698	TLSA certificate association	A record for DANE. RFC 6698 defines "The TLSA DNS resource record is used to associate a TLS server certificate or public key with the domain name where the record is found, thus forming a 'TLSA certificate association'".
TSIG	250	RFC 2845	Transaction Signature	Can be used to authenticate dynamic updates as coming from an approved client, or to authenticate responses as coming from an approved recursive name server^[11] similar to DNSSEC.
TXT	16	RFC 1035^[1]	Text record	Originally for arbitrary human-readable text in a DNS record. Since the early 1990s, however, this record more often carries machine-readable data, such as specified by RFC 1464, opportunistic encryption, Sender Policy Framework, DKIM, DMARC, DNS-SD, etc.
URI	256	RFC 7553	Uniform Resource Identifier	Can be used for publishing mappings from hostnames to URIs.

Other types and pseudo resource records

Other types of records simply provide some types of information (for example, an HINFO record gives a description of the type of computer/OS a host uses), or others return data used in experimental features. The "type" field is also used in the protocol for various operations.

Type	Type id.	Defining RFC	Description	Function
*	255	RFC 1035^[1]	All cached records	Returns all records of all types known to the name server. If the name server does not have any information on the name, the request will be forwarded on. The records returned may not be complete. For example, if there is both an A and an MX for a name, but the name server has only the A record cached, only the A record will be returned. Sometimes referred to as "ANY", for example in Windows nslookup and Wireshark.
AXFR	252	RFC 1035^[1]	Authoritative Zone Transfer	Transfer entire zone file from the master name server to secondary name servers.
IXFR	251	RFC 1996	Incremental Zone Transfer	Requests a zone transfer of the given zone but only differences from a previous serial number. This request may be ignored and a full (AXFR) sent in response if the authoritative server is unable to fulfill the request due to configuration or lack of required deltas.
OPT	41	RFC 6891	Option	This is a "pseudo DNS record type" needed to support EDNS

Obsolete record types

Progress has rendered some of the originally defined record-types obsolete. Of the records listed at IANA, some have limited use, for various reasons. Some are marked obsolete in the list, some are for very obscure services, some are for older versions of services, and some have special notes saying they are "not right".

Type	Type id.	Defining RFC	Obsoleted by	Description
MD MF MAILA	3 4 254	RFC 973	Obsoleted by: 1034, 1035	Obsoleted by RFC 973: MD(3), MF (4), MAILA (254)
MB MG MR MINFO MAILB	7 8 9 14 253	RFC 883, RFC 2505	Obsoleted by: 1034, 1035 Obsoleted by: 2050	Records to publish mailing list subscriber lists in the DNS: MB(7), MG(8), MR(9), MINFO(14), MAILB (253). The intent, as specified by RFC 883, was for MB to replace the SMTP VRFY command, MG to replace the SMTP EXPN command, and MR to replace the "551 User Not Local" SMTP error. Later, RFC 2505 recommended that both the VRFY and EXPN commands be disabled, making the use of MB and MG unlikely to ever be adopted.
WKS	11	RFC 1123		Declared "not to be relied upon" by RFC 1123 (with further information in RFC 1127): WKS(11)^[12]
NB NBSTAT	32 33	RFC 1002		Mistakes: NB(32), NBSTAT(33) (from RFC 1002); the numbers are now assigned to NIMLOC and SRV.
NULL	0	RFC 883	RFC 1035	Obsoleted by RFC 1035: NULL(10) (RFC 883 defined "completion queries" (opcode 2 and maybe 3) which used this record, RFC 1035 later reassigned opcode 2 to be "status" and reserved opcode 3.)
A6	38	RFC 3363	RFC 6563	Defined as part of early IPv6 but downgraded to experimental by RFC 3363: A6(38), Later downgraded to historic in RFC 6563.
NXT KEY SIG	30 -- --	RFC 3755	RFC 4034	Obsoleted by DNSSEC updates (RFC 3755): NXT(30). At the same time, the domain of applicability for KEY and SIG was also limited to not include DNSSEC use.
		RFC 2065		Part of the first version of DNSSEC (RFC 2065).
HINFO	13			Not in current use by any notable application
RP	17			RP may be used for certain human-readable information regarding a different contact point for a specific host, subnet, or other domain level label separate than that used in the SOA record.
X25	19			Not in current use by any notable application
ISDN RT NSAP	20 21 22			Not in current use by any notable application
NSAP-PTR PX EID	23 26 31			Not in current use by any notable application
NIMLOC ATMA APL	32 34 42			Not in current use by any notable application
SINK	40			Defined by the Kitchen Sink internet draft, but never made it to RFC status: SINK(40)
GPOS	27			A more limited early version of the LOC record: GPOS(27)
UINFO UID GID UNSPEC	100 101 102 103			IANA reserved, no RFC documented them [1] and support was removed from BIND in the early 90s: UINFO(100), UID(101), GID(102), UNSPEC(103)
SPF	99	RFC 4408		SPF(99) (from RFC 4408) was specified as part of the Sender Policy Framework protocol as an alternative to storing SPF data in TXT records, using the same format. It was later found that the majority of SPF deployments lack proper support for this record type, and support for it was discontinued in RFC 7208.^[13]^[14]

總結

以上是生活随笔為你收集整理的DNS RR代码和含义的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。