Resource records contain information about a domain zone.
Complete the following steps to create a domain record:
- Navigate to Accounts → Domain names → Manage DNS records → Add.
- Enter a Name of the subdomain of the domain zone for which this record will be created.
- Enter a TTL — how long it will be until resource record information will be updated in the cache. The value is specified in seconds. The default value is "3600".
- Select a Type of the resource record.
- Enter other parameters of this resource record.
An A-record is used to map hostnames to an IPv4 address of the host. Enter the IP-address.
An AAAA-record is used to map hostnames to an IPv6 address of the host. Enter the IP-address.
This record is generated automatically when creating a domain zone in DNSmanager and contains its description. You cannot create or delete this record.
An NS-record delegates a domain zone to use the given authoritative name servers. It can contain several servers, including the master one. Enter the Domains of the DNS-server.
An MX-record maps a domain name to a list of message transfer agents for that domain and its priority. The MX-record is used for mail routing. Enter the Domain — a subdomain of the domain zone which is a mail gateway. Priority — enter a figure. The larger value means the lower priority.
A TXT-record is a text string. TXT-records are used by some protocols. You can enter any information in Value.
An SRV-record is a generalized service location record. It allows using several servers for one domain. SRV-records are used only by some protocols, e.g. SIP and XMPP.
Enter a Domain associated with the resource record.
Enter a Priority and Weight of the server. The larger the number, the higher the priority. The client first tries to connect to the server with the highest priority. If it is not accessible, it will try to connect to the next one, etc. If servers have the same priority, the request will be sent to the server with the largest weight. If only one server has a certain priority, its weight should be 0.
Enter a Port of the server the request will be sent to.
A CNAME-record defines an alias of one name to another. The DNS lookup will continue by retrying the lookup with the new name. Enter a Domain to which the request will be redirected.
A DNAME-record is used to map or rename an entire sub-tree of the DNS name space to another domain. Enter a Domain to which the request will be redirected.
A PTR-record is used to map IP addresses to domain names. This record is mostly used to track where an e-mail message originated. Most mail servers check that a PTR-record exists and matches the domain name that the email was sent from. If the verification fails, the email is considered spam, therefore is the PTR-record is not present, emails from that IP may be blocked. Enter a Domain that will be sent in the request for the PTR record of the domain name, and the subdomain Name. For example, if you specify the Name mail and the Domain example.com, then when requesting a PTR record, the response "mail.example.com" will be generated.
A CAA-record defines Certification Authorities (CAs) authorized to issue certificates for that domain. The purpose of the CAA record is to allow domain owners to declare which certificate authorities are allowed to issue a certificate for a domain. They also provide a means for indicating notification rules in case someone requests a certificate from a not authorized certificate authority. If no CAA record is present, any CA is allowed to issue a certificate for the domain. If a CAA record is present, only the CA listed in the record can issue certificates for that hostname.
Flags can be either 0 or 128. 128 is a critical property for CAs. If the CA doesn't know it, it is now allowed to issue certificates.
0 is a non-critical property. If the CAA doesn't understand the property, it still can issue a certificate.
Select a Tag:
- issue — allows a domain owner specified in the record, to issue a certificate for the hostname;
- issuewild — allows a domain owner specified in the record, to issue a wildcard certificate for the hostname;
- iodef — allows specifying an email or URL that can be used to report invalid certificate requests to the domain owner.
Enter a Value:
- "issue" or "issuewild" in the Tag field: enter a CA domain name. You can enter additional parameters separated by the ";" symbol. E.g, "ca.example.net; account=1", if the CA asks the client to specify the account number. Please note: specifying only the ";" symbol without an additional parameter in the CAA-record, all the CAs won't issue the certificate;
- "iodef" in the Tag field: defines Email or URL of a feedback page, and cannot use additional parameters.
A TLSA record allows the domain owner to confirm the authenticity of a certificate or a digital signature using DNSSEC. With a TLSA record, you can save the fingerprint of a TLS or SSL certificate on your DNS server.
Example of TLSA record
_443._tcp.www.example.com IN TLSA 3 0 1 12B1B210D87C674F0C748E0E259CEB328C4A33A11F19467700EB2
443 — TLS server port
tcp — TLS server protocol used
www.example.com — TLS server domain name
3 — method of using the TLS server certificate
0 — which part of the certificate is used when comparing its contents with the TLSA value
1 — method for comparing certificate data with TLSA data
12B1B210D87C674F0C748E0E259CEB328C4A33A11F19467700EB2 — certificate data
When adding a TLSA record, specify the following:
- Record name in the format _port_.protocol or _port_.protocol.domain. For example, "_443 _.tcp" or "_443 _.tcp.www.example.com".
- Method of using the TLS server certificate:
- 0 — CA limit — TLSA contains the information about the certificate of the Certification Authority (CA). The CA must be present in the validation chain when a TLS connection is established;
- 1 — certificate limit service — TLSA contains the information about the server certificate;
- 2 — trusted sources — TLSA contains the information about the root certificate;
- 3 — domain certificate — TLSA contains the information about the server certificate. This server must be the final certificate in the validation chain. This method allows using self-signed certificates.
- Which part of the certificate is used when comparing its contents with the TLSA value:
- 0 — full certificate;
- 1 — open key.
- Method for comparing certificate data with TLSA data:
- 0 — hash is not used — full perfect match;
- 1 — SHA-256 — SHA-256 hash function value match;
- 2 — SHA-512 — SHA-512 hash function value match.
- Certificate data.