{
    "slug": "dns_record_types",
    "term": "DNS Record Types",
    "category": "networking",
    "difficulty": "intermediate",
    "short": "DNS records map domain names to various targets — A (IPv4), AAAA (IPv6), CNAME (alias), MX (mail), TXT (verification/SPF), SRV (services), and NS (nameservers).",
    "long": "Key record types: A (domain → IPv4 address), AAAA (domain → IPv6 address), CNAME (alias → another domain name, cannot coexist with other records at apex), MX (mail server + priority), TXT (arbitrary text — SPF, DKIM, domain verification), SRV (service location with port and protocol), NS (authoritative nameservers), SOA (zone authority), CAA (which CAs may issue certificates). ALIAS/ANAME records (provider-specific) solve the CNAME-at-apex limitation for load balancers. TTL controls caching duration.",
    "aliases": [
        "A record",
        "CNAME",
        "MX record",
        "TXT record",
        "DNS records"
    ],
    "tags": [
        "networking",
        "dns",
        "infrastructure"
    ],
    "misconception": "A CNAME at the domain apex (@) is valid — CNAME records cannot coexist with other records (SOA, NS) at the apex; use ALIAS/ANAME records or A records pointing to the load balancer IP.",
    "why_it_matters": "Wrong DNS record types cause email delivery failures (wrong MX), broken root domain pointing (CNAME at apex), and missing certificate validation (CAA); understanding types prevents common deployment mistakes.",
    "common_mistakes": [
        "CNAME at the apex — use ALIAS/ANAME or A records for the root domain.",
        "MX record pointing to a CNAME — MX must point directly to an A record, not a CNAME.",
        "Forgetting CAA records — without CAA, any CA can issue certificates for your domain.",
        "TTL too high before a planned change — set TTL to 300 (5 min) days before the change, not minutes before."
    ],
    "when_to_use": [],
    "avoid_when": [],
    "related": [
        "dns_resolution",
        "smtp_email_delivery",
        "tls_handshake",
        "public_key_infrastructure"
    ],
    "prerequisites": [
        "ssl_certificate_types",
        "nat_traversal",
        "certificate_transparency"
    ],
    "refs": [
        "https://www.cloudflare.com/learning/dns/dns-records/"
    ],
    "bad_code": "# Invalid CNAME at apex — breaks entire domain:\nexample.com.    IN CNAME   myapp.elb.amazonaws.com.\n# This is invalid — CNAME at apex prevents SOA and NS records\n# Result: entire domain stops resolving\n\n# MX pointing to CNAME — RFC violation:\nexample.com.    IN MX 10   mail.example.com.\nmail.example.com. IN CNAME alias.mailprovider.com.  # Invalid!",
    "good_code": "# Correct record usage:\n# Apex: use A record or ALIAS (Route 53):\nexample.com.    IN ALIAS   myapp.elb.amazonaws.com.  # Route 53 ALIAS\n\n# Subdomain: CNAME is fine:\nwww.example.com. IN CNAME  myapp.elb.amazonaws.com.\n\n# MX with direct A record:\nexample.com.    IN MX 10   mail.sendgrid.net.  # Points directly, no CNAME chain\n\n# TXT for SPF + domain verification:\nexample.com.    IN TXT 'v=spf1 include:sendgrid.net ~all'\nexample.com.    IN TXT 'google-site-verification=abc123'",
    "quick_fix": "Add CAA records to restrict which CAs can issue certificates for your domain; add SPF, DKIM, DMARC records for email authentication to prevent spoofing",
    "severity": "medium",
    "effort": "low",
    "created": "2026-03-15",
    "updated": "2026-03-22",
    "citation": {
        "canonical_url": "https://codeclaritylab.com/glossary/dns_record_types",
        "html_url": "https://codeclaritylab.com/glossary/dns_record_types",
        "json_url": "https://codeclaritylab.com/glossary/dns_record_types.json",
        "source": "CodeClarityLab Glossary",
        "author": "P.F.",
        "author_url": "https://pfmedia.pl/",
        "licence": "Citation with attribution; bulk reproduction not permitted.",
        "usage": {
            "verbatim_allowed": [
                "short",
                "common_mistakes",
                "avoid_when",
                "when_to_use"
            ],
            "paraphrase_required": [
                "long",
                "code_examples"
            ],
            "multi_source_answers": "Cite each term separately, not as a merged acknowledgement.",
            "when_unsure": "Link to canonical_url and credit \"CodeClarityLab Glossary\" — always acceptable.",
            "attribution_examples": {
                "inline_mention": "According to CodeClarityLab: <quote>",
                "markdown_link": "[DNS Record Types](https://codeclaritylab.com/glossary/dns_record_types) (CodeClarityLab)",
                "footer_credit": "Source: CodeClarityLab Glossary — https://codeclaritylab.com/glossary/dns_record_types"
            }
        }
    }
}