DNS Record Types

Complete reference for all supported DNS record types, their formats, and use cases.

A Record (IPv4 Address)

Maps a domain name to an IPv4 address.

Format:

{
  "type": "A",
  "name": "www",
  "value": "192.0.2.1",
  "ttl": 3600
}

Use Cases:

Point domain to web server
Point subdomain to specific service
Load balancing with multiple A records

Example:

curl -X POST https://api.wayscloud.services/v1/dns/zones/zone_abc123/records \
  -H "Authorization: Bearer wayscloud_dns_prod_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "A",
    "name": "www",
    "value": "192.0.2.1",
    "ttl": 3600
  }'

Value Format:

Valid IPv4 address (e.g., 192.0.2.1)
Dotted decimal notation
Four octets (0-255)

AAAA Record (IPv6 Address)

Maps a domain name to an IPv6 address.

Format:

{
  "type": "AAAA",
  "name": "www",
  "value": "2001:db8::1",
  "ttl": 3600
}

Use Cases:

IPv6-enabled websites
Dual-stack configuration (A + AAAA)
Future-proof infrastructure

Example:

curl -X POST https://api.wayscloud.services/v1/dns/zones/zone_abc123/records \
  -H "Authorization: Bearer wayscloud_dns_prod_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "AAAA",
    "name": "www",
    "value": "2001:db8::1",
    "ttl": 3600
  }'

Value Format:

Valid IPv6 address
Colon-separated hexadecimal
Compressed format allowed (::)

CNAME Record (Canonical Name)

Creates an alias from one domain to another.

Format:

{
  "type": "CNAME",
  "name": "blog",
  "value": "myblog.hosted.com",
  "ttl": 3600
}

Use Cases:

Point subdomain to external service
CDN configuration
Service aliases

Example:

curl -X POST https://api.wayscloud.services/v1/dns/zones/zone_abc123/records \
  -H "Authorization: Bearer wayscloud_dns_prod_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "CNAME",
    "name": "blog",
    "value": "myblog.hosted.com",
    "ttl": 3600
  }'

Value Format:

Fully qualified domain name (FQDN)
Must end with a dot or be relative to zone

Important Restrictions:

❌ Cannot create CNAME at zone apex (@)
❌ Cannot coexist with other record types for same name
✅ Can point to another CNAME (but avoid chains)

MX Record (Mail Exchange)

Specifies mail servers for the domain.

Format:

{
  "type": "MX",
  "name": "@",
  "value": "mail.example.com",
  "priority": 10,
  "ttl": 3600
}

Use Cases:

Email server configuration
Multiple mail servers with failover
Email routing

Example:

# Primary mail server
curl -X POST https://api.wayscloud.services/v1/dns/zones/zone_abc123/records \
  -H "Authorization: Bearer wayscloud_dns_prod_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "MX",
    "name": "@",
    "value": "mail1.example.com",
    "priority": 10,
    "ttl": 3600
  }'

# Backup mail server
curl -X POST https://api.wayscloud.services/v1/dns/zones/zone_abc123/records \
  -H "Authorization: Bearer wayscloud_dns_prod_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "MX",
    "name": "@",
    "value": "mail2.example.com",
    "priority": 20,
    "ttl": 3600
  }'

Value Format:

FQDN of mail server
Lower priority number = higher priority
Priority range: 0-65535

Priority Guidelines:

Primary server: 10
Backup server: 20, 30, etc.
Lower numbers are tried first

TXT Record (Text)

Stores arbitrary text data, commonly used for verification and policies.

Format:

{
  "type": "TXT",
  "name": "@",
  "value": "v=spf1 include:_spf.google.com ~all",
  "ttl": 3600
}

Use Cases:

SPF (Sender Policy Framework) for email
DKIM (DomainKeys Identified Mail)
DMARC (Domain-based Message Authentication)
Domain verification (Google, Microsoft, etc.)
Site verification tokens

Examples:

SPF Record

curl -X POST https://api.wayscloud.services/v1/dns/zones/zone_abc123/records \
  -H "Authorization: Bearer wayscloud_dns_prod_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "TXT",
    "name": "@",
    "value": "v=spf1 include:_spf.google.com ~all",
    "ttl": 3600
  }'

DMARC Record

curl -X POST https://api.wayscloud.services/v1/dns/zones/zone_abc123/records \
  -H "Authorization: Bearer wayscloud_dns_prod_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "TXT",
    "name": "_dmarc",
    "value": "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com",
    "ttl": 3600
  }'

Domain Verification

curl -X POST https://api.wayscloud.services/v1/dns/zones/zone_abc123/records \
  -H "Authorization: Bearer wayscloud_dns_prod_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "TXT",
    "name": "@",
    "value": "google-site-verification=abc123xyz",
    "ttl": 300
  }'

Value Format:

String value (max 255 characters per string)
Multiple strings can be concatenated
Quotes are optional but recommended

SRV Record (Service)

Specifies location of services (hostname and port).

Format:

{
  "type": "SRV",
  "name": "_service._proto",
  "value": "10 60 5060 sipserver.example.com",
  "ttl": 3600
}

Value Format:

priority weight port target

Use Cases:

SIP (VoIP) services
XMPP (Jabber) chat servers
LDAP directory services
Minecraft servers

Example (SIP):

curl -X POST https://api.wayscloud.services/v1/dns/zones/zone_abc123/records \
  -H "Authorization: Bearer wayscloud_dns_prod_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "SRV",
    "name": "_sip._tcp",
    "value": "10 60 5060 sipserver.example.com",
    "ttl": 3600
  }'

Example (Minecraft):

curl -X POST https://api.wayscloud.services/v1/dns/zones/zone_abc123/records \
  -H "Authorization: Bearer wayscloud_dns_prod_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "SRV",
    "name": "_minecraft._tcp",
    "value": "0 5 25565 mc.example.com",
    "ttl": 3600
  }'

Fields:

priority - Lower value = higher priority
weight - Load balancing weight
port - Service port number
target - Hostname providing the service

CAA Record (Certification Authority Authorization)

Restricts which certificate authorities can issue certificates for your domain.

Format:

{
  "type": "CAA",
  "name": "@",
  "value": "0 issue \"letsencrypt.org\"",
  "ttl": 3600
}

Use Cases:

Prevent unauthorized certificate issuance
Enhance security
Compliance requirements

Examples:

Allow Let's Encrypt

curl -X POST https://api.wayscloud.services/v1/dns/zones/zone_abc123/records \
  -H "Authorization: Bearer wayscloud_dns_prod_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "CAA",
    "name": "@",
    "value": "0 issue \"letsencrypt.org\"",
    "ttl": 3600
  }'

Allow Wildcard Certificates

curl -X POST https://api.wayscloud.services/v1/dns/zones/zone_abc123/records \
  -H "Authorization: Bearer wayscloud_dns_prod_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "CAA",
    "name": "@",
    "value": "0 issuewild \"letsencrypt.org\"",
    "ttl": 3600
  }'

Incident Reporting

curl -X POST https://api.wayscloud.services/v1/dns/zones/zone_abc123/records \
  -H "Authorization: Bearer wayscloud_dns_prod_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "CAA",
    "name": "@",
    "value": "0 iodef \"mailto:security@example.com\"",
    "ttl": 3600
  }'

Value Format:

flags tag "value"

Tags:

issue - Authorize CA to issue certificates
issuewild - Authorize CA to issue wildcard certificates
iodef - URL for incident reports (mailto: or https:)

NS Record (Name Server)

Delegates a subdomain to different nameservers.

Format:

{
  "type": "NS",
  "name": "subdomain",
  "value": "ns1.provider.com",
  "ttl": 3600
}

Use Cases:

Delegate subdomain to another DNS provider
Separate management for subdomains
Multi-provider setups

Example:

curl -X POST https://api.wayscloud.services/v1/dns/zones/zone_abc123/records \
  -H "Authorization: Bearer wayscloud_dns_prod_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "NS",
    "name": "subdomain",
    "value": "ns1.otherprovider.com",
    "ttl": 3600
  }'

warning

NS records at zone apex (@) are managed automatically by WAYSCloud and cannot be modified.

TLSA Record (TLS Authentication)

Specifies TLS/SSL certificates for DANE (DNS-based Authentication of Named Entities).

Format:

{
  "type": "TLSA",
  "name": "_443._tcp.www",
  "value": "3 1 1 abc123...",
  "ttl": 3600
}

Use Cases:

DANE/TLSA for email (SMTP)
Certificate pinning
Enhanced TLS security

Value Format:

usage selector matching_type certificate_data

Example:

curl -X POST https://api.wayscloud.services/v1/dns/zones/zone_abc123/records \
  -H "Authorization: Bearer wayscloud_dns_prod_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "TLSA",
    "name": "_443._tcp.www",
    "value": "3 1 1 abc123def456...",
    "ttl": 3600
  }'

SSHFP Record (SSH Fingerprint)

Stores SSH host key fingerprints for verification.

Format:

{
  "type": "SSHFP",
  "name": "server",
  "value": "1 1 abc123...",
  "ttl": 3600
}

Use Cases:

Verify SSH host keys via DNS
Prevent man-in-the-middle attacks
Automated server verification

Value Format:

algorithm fingerprint_type fingerprint

Example:

curl -X POST https://api.wayscloud.services/v1/dns/zones/zone_abc123/records \
  -H "Authorization: Bearer wayscloud_dns_prod_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "SSHFP",
    "name": "server",
    "value": "1 1 abc123def456...",
    "ttl": 3600
  }'

Record Name Special Values

Value	Description	Example
`@`	Zone apex (root domain)	`example.com`
`www`	Subdomain	`www.example.com`
`*.example`	Wildcard	Matches any subdomain
`_service._proto`	Service records	`_sip._tcp.example.com`

Best Practices

1. Use Appropriate Record Types

# Good - Use A record for IP addresses
{"type": "A", "name": "www", "value": "192.0.2.1"}

# Bad - Don't use CNAME at root
{"type": "CNAME", "name": "@", "value": "example.com"}  # ERROR

# Good - Use A record at root instead
{"type": "A", "name": "@", "value": "192.0.2.1"}

2. Email Configuration

Complete email setup requires multiple records:

# SPF Record
{"type": "TXT", "name": "@", "value": "v=spf1 include:_spf.google.com ~all"}

# DKIM Record (get from email provider)
{"type": "TXT", "name": "default._domainkey", "value": "v=DKIM1; k=rsa; p=..."}

# DMARC Record
{"type": "TXT", "name": "_dmarc", "value": "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com"}

# MX Records
{"type": "MX", "name": "@", "value": "mail.example.com", "priority": 10}

3. Redundancy

Use multiple records for redundancy:

# Multiple MX records
records = [
    {"type": "MX", "name": "@", "value": "mail1.example.com", "priority": 10},
    {"type": "MX", "name": "@", "value": "mail2.example.com", "priority": 20}
]

# Multiple A records (round-robin)
records = [
    {"type": "A", "name": "www", "value": "192.0.2.1"},
    {"type": "A", "name": "www", "value": "192.0.2.2"}
]

Next Steps

Record Management - CRUD operations for records
Advanced Use Cases - Email config, failover, load balancing
Code Examples - Complete implementations

A Record (IPv4 Address)​

AAAA Record (IPv6 Address)​

CNAME Record (Canonical Name)​

MX Record (Mail Exchange)​

TXT Record (Text)​

SPF Record​

DMARC Record​

Domain Verification​

SRV Record (Service)​

CAA Record (Certification Authority Authorization)​

Allow Let's Encrypt​

Allow Wildcard Certificates​

Incident Reporting​

NS Record (Name Server)​

TLSA Record (TLS Authentication)​

SSHFP Record (SSH Fingerprint)​

Record Name Special Values​

Best Practices​

1. Use Appropriate Record Types​

2. Email Configuration​

3. Redundancy​

Next Steps​

A Record (IPv4 Address)

AAAA Record (IPv6 Address)

CNAME Record (Canonical Name)

MX Record (Mail Exchange)

TXT Record (Text)

SPF Record

DMARC Record

Domain Verification

SRV Record (Service)

CAA Record (Certification Authority Authorization)

Allow Let's Encrypt

Allow Wildcard Certificates

Incident Reporting

NS Record (Name Server)

TLSA Record (TLS Authentication)

SSHFP Record (SSH Fingerprint)

Record Name Special Values

Best Practices

1. Use Appropriate Record Types

2. Email Configuration

3. Redundancy

Next Steps