Oracle Cloud Infrastructure Documentation

Supported Resource Records

The Oracle Cloud Infrastructure DNS service supports many resource record types. The following list provides a brief explanation of the purpose of each supported record type. Avoid entering confidential information when entering record data. The RFC links direct you to further information about the record types and data structure.

Note About RDATA

OCI normalizes all RDATA into the most machine readable format. The returned presentation of your RDATA may differ from its initial input.

Example:

The RDATA for the ALIAS, CNAME, DNAME, MX, and NS record types may contain one or more absolute domain names. If the specified RDATA for one of these record types does not end in a dot or period to represent the root, the period will be added.

www.example.com --> www.example.com.

You can use various DNS libraries to normalize your RDATA before input.

Programming Language Library
Go DNS Library in Go
Java dnsjava
Python dnspython

DNS Resource Record Types

A
An address record used to point a hostname to an IPv4 address. For more information about A records, see RFC 1035.
AAAA
An address record used point a hostname at an IPv6 address. For more information about AAAA records, see RFC 3596.
ALIAS
A private pseudo-record that allows CNAME functionality at the apex of a zone. You can view and read ALIAS records in Oracle Cloud Infrastructure DNS, but you cannot create them.
CAA
A Certification Authority Authorization record allows a domain name holder to specify one or more Certification Authorities authorized to issue certificates for that domain. For more information about CAA records, see RFC 6844.
CDNSKEY
A Child DNSKEY moves a CDNSSEC key from a child zone to a parent zone. The information provided in this record must match the CDNSKEY information for your domain at your other DNS provider. This record is automatically created if you enable DNSSEC on a primary zone in Oracle Cloud Infrastructure DNS. For more information about CDNSKEY, see RFC 7344.
CDS
A Child Delegation Signer record is a child copy of a DS record, for transfer to a parent zone. For more information about CDS records, see RFC 7344.
CERT
A Certificate record stores public key certificates and related certificate revocation lists in the DNS. For more information about CERT records, see RFC 2538 and RFC 4398.
CNAME
A Canonical Name record identifies the canonical name for a domain. For more information about CNAME records, see RFC 1035.
CSYNC
A Child-to-Parent Synchronization record syncs records from a child zone to a parent zone. For more information about CNAME records, see RFC 7477.
DHCID
A DHCP identifier record provides a way to store DHCP client identifiers in the DNS to eliminate potential hostname conflicts within a zone. For more information about DHCID, see RFC 4701.
DKIM
A Domain Keys Identified Mail is a special TXT record set up specifically to supply a public key used to authenticate arriving mail for a domain. For more information about DKIM records, see RFC 6376.
DNAME
A Delegation Name record has similar behavior to a CNAME record, but allows you to map an entire subtree beneath a label to another domain. For more information about DNAME records, see RFC 6672.
DNSKEY
A DNS Key record documents public keys used for DNSSEC. The information in this record must match the DNSKEY information for your domain at your other DNS provider. For more information about DNSKEY records, see RFC 4034.
DS

A Delegation Signer record resides at the top-level domain and points to a child zone's DNSKEY record. DS records are created when DNSSEC security authentication is added to the zone. For more information about DS records, see RFC 4034.

IPSECKEY
An IPSec Key record stores public keys for a host, network, or application to connect to IP security (IPSec) systems. For more information on IPSECKEY records, see RFC 4025.
KEY
A Key record stores a public key that is associated with a domain name. Currently only used by SIG and TKEY records. IPSECKEY and DNSKEY have replaced key for use in IPSec and DNSSEC, respectively. For more information about KEY records, see RFC 4025.
KX
A Key Exchanger record identifies a key management agent for the associated domain name with some cryptographic systems (not including DNSSEC). For more information about KX records, see RFC 2230.
LOC
A Location record stores geographic location data of computers, subnets, and networks within the DNS. For more information about LOC records, see RFC 1876.
MX
A Mail Exchanger record defines the mail server accepting mail for a domain. MX records must point to a hostname. MX records must not point to a CNAME or IP address. For more information about MX records, see RFC 1035.
NS
A Nameserver record lists the authoritative nameservers for a zone. Oracle Cloud Infrastructure DNS automatically generates NS records at the apex of each new primary zone. For more information about NS records, see RFC 1035.
PTR
A Pointer record reverse maps an IP address to a hostname. This behavior is the opposite of an A Record, which forward maps a hostname to an IP address. PTR records are commonly found in reverse DNS zones. For more information about PTR records, see RFC 1035.
PX
A resource record used in X.400 mapping protocols. For more information about PX records, see RFC 822 and RFC 2163.
SOA

A Start of Authority record specifies authoritative information about a DNS zone, including:

  • The primary nameserver.
  • The email of the domain administrator.
  • The domain serial number.
  • Several timers relating to refreshing the zone.

The Oracle Cloud Infrastructure DNS automatically generates an SOA record when a zone is created. For more information about SOA records, see RFC 1035.

SPF
A Sender Policy Framework record is a special TXT record used to store data designed to detect email spoofing. For more information about SPF records, see RFC 4408.
SRV
A Service Locator record allows administrators to use several servers for a single domain. For more information about SRV records, see RFC 2782.
SSHFP
An SSH Public Key Fingerprint record publishes SSH public host key fingerprints using the DNS. For more information about SSHFP records, see RFC 6594.
TLSA
A Transport Layer Security Authentication record associates a TLS server certificate, or public key, with the domain name where the record is found. This relationship is called a TLSA certificate association. For more information about TLSA records, see RFC 6698.
TXT
A Text record holds descriptive, human readable text, and can also include non-human readable content for specific uses. It is commonly used for SPF records and DKIM records that require non-human readable text items. For more information about TXT records, see RFC 1035.