Referência de Registros DNS
Rede
Referência rápida pros tipos de registro DNS que você realmente encontra — pra que serve cada um, pegadinhas (ex. CNAME não pode ficar no apex da zone), e exemplo concreto de zone file. Cobre o conjunto cotidiano + DNSSEC + os novos SVCB / HTTPS usados pra HTTP/3 e ECH.
Maps a hostname to an IPv4 address. The most common record — every domain that resolves to a server has at least one.
Exemplo de zone file
example.com. IN A 93.184.216.34
Maps a hostname to an IPv6 address. Pronounced "quad-A".
Exemplo de zone file
example.com. IN AAAA 2606:2800:220:1:248:1893:25c8:1946
Aliases one hostname to another. The target must itself resolve; CNAMEs cannot coexist with other records at the same name, and cannot appear at the apex (root) of a zone.
Exemplo de zone file
www.example.com. IN CNAME example.com.
Mail exchanger — where SMTP for the domain should be delivered. Includes a priority (lower = preferred).
Exemplo de zone file
example.com. IN MX 10 mail.example.com.
Arbitrary text. Used for SPF (mail anti-spoofing), DKIM keys, domain verification (Google, Facebook, etc.), and human-readable notes.
Exemplo de zone file
example.com. IN TXT "v=spf1 include:_spf.google.com ~all"
Delegates a (sub)domain to a set of authoritative name servers. Every zone has NS records at its apex.
Exemplo de zone file
example.com. IN NS ns1.example.com.
Start of Authority — administrative info for the zone: primary name server, hostmaster email, serial number, and TTLs for negative caching.
Exemplo de zone file
example.com. IN SOA ns1.example.com. hostmaster.example.com. 2025010101 7200 3600 1209600 3600
Reverse lookup — maps an IP back to a hostname. Lives under the `in-addr.arpa` (v4) or `ip6.arpa` (v6) zones.
Exemplo de zone file
34.216.184.93.in-addr.arpa. IN PTR example.com.
Locates the host and port for a named service (with priority and weight). XMPP, SIP, and Microsoft AD all use SRV.
Exemplo de zone file
_sip._tcp.example.com. IN SRV 10 60 5060 sipserver.example.com.
Certification Authority Authorization — restricts which CAs may issue TLS certs for the domain. Modern CAs are required to check CAA before issuing.
Exemplo de zone file
example.com. IN CAA 0 issue "letsencrypt.org"
DNSSEC public key used to verify signatures in the zone. Paired with RRSIG records.
Exemplo de zone file
example.com. IN DNSKEY 257 3 13 mdsswUyr3DPW132mOi8V9xESWE8jTo0d…
Delegation Signer — published at the parent zone to fingerprint the child zone's DNSKEY. Forms the DNSSEC chain of trust.
Exemplo de zone file
example.com. IN DS 31589 13 2 3490A6806D47F17A34C29E2CE80E8A999FFBE4BE…
Resource Record Signature — cryptographic signature over a record set, validated against the zone's DNSKEY. Added automatically when the zone is signed.
Exemplo de zone file
example.com. IN RRSIG A 13 2 300 20260101000000 …
DNSSEC "authenticated denial of existence" — proves a record does not exist. NSEC3 hashes names to discourage zone walking.
Exemplo de zone file
example.com. IN NSEC www.example.com. A NS SOA MX TXT RRSIG NSEC
DANE — binds a TLS certificate (or its public key) to a hostname via DNSSEC. Lets clients verify certs without trusting a CA.
Exemplo de zone file
_443._tcp.example.com. IN TLSA 3 1 1 ABCD…
Service Binding — advertises alternative endpoints, ALPNs, port, and ECH config for a service. `HTTPS` is the HTTPS-specific subtype enabling HTTP/3 and ECH.
Exemplo de zone file
example.com. IN HTTPS 1 . alpn="h3,h2"
Rewrites a name to a URI / regex result. Used by ENUM and SIP for service discovery.
Exemplo de zone file
example.com. IN NAPTR 100 10 "u" "E2U+sip" "!^.*$!sip:info@example.com!" .
Geographic location — latitude, longitude, altitude. Rarely used in practice.
Exemplo de zone file
example.com. IN LOC 37 30 N 127 0 E 30m
A non-standard "flattened CNAME" supported by some providers (Route 53 alias, Cloudflare CNAME flattening). Lets you point the zone apex at another hostname.
Exemplo de zone file
example.com. IN ALIAS app.example.cdn.com.
Como usar
- Digite um tipo (`mx`) ou palavra-chave (`mail`, `dnssec`) na busca.
- Leia a descrição e o exemplo de zone file.
- Clique no botão de copiar do chip pra colocar o nome no zone file.
Perguntas frequentes
- Por que CNAME não pode ficar no apex?
- Porque toda zone precisa servir SOA e NS no apex, e CNAME não pode coexistir com outros tipos no mesmo nome. Use ALIAS / ANAME (flattening específico do provedor) ou registros HTTPS.
- Diferença entre SVCB e HTTPS?
- Ambos são registros Service Binding. `HTTPS` é o subtipo específico de HTTPS que navegadores consultam automaticamente — anuncia HTTP/3 (`alpn=h3`), portas alternativas e configuração de Encrypted Client Hello (ECH). `SVCB` é a forma genérica pra outros protocolos.
- Preciso de CAA?
- CAA é tecnicamente opcional mas fortemente recomendado — sem ele, qualquer CA pública pode emitir cert pro seu domínio. Adicionar `0 issue "letsencrypt.org"` (ou a CA que usar) restringe a emissão àquela autoridade.
Ferramentas relacionadas
MAC pra EUI-64 / Link-local
Converte qualquer endereço MAC no seu ID de interface EUI-64 modificado e o endereço IPv6 link-local correspondente — a mesma forma que Windows / Linux calculam automaticamente.
Construtor de URL Query
Construa URLs combinando uma base com parâmetros key-value editáveis — cada par alternável, percent-encoded corretamente.
Inspetor de Endereço IP
Digite um endereço IPv4 ou IPv6 e veja sua classe, scope (privado / público / loopback / link-local), valor decimal, binário, notação reverse-DNS e CIDR /32.
Referência de Portas
Cheat sheet pesquisável de ~60 portas TCP / UDP padrão — de 22 (SSH) e 80 (HTTP) até 6379 (Redis) e 27017 (MongoDB).
Calculadora de Subrede (IPv4 / CIDR)
Parseia CIDR IPv4 em endereço de rede, broadcast, netmask, wildcard, faixa de hosts e classe. Mostra desdobramento binário e status privado/público.
Parser de User Agent
Parseia string User-Agent em navegador, engine, OS, dispositivo e CPU. Detecta 20+ bots incluindo GPTBot, ClaudeBot, PerplexityBot.