| ANAME | 0 | Alias record at the zone apex — behaves like CNAME but can coexist with other records. Not yet standardised by IANA. | Experimental | — |
| A | 1 | Maps a hostname to an IPv4 address. The most fundamental DNS record type. | Current | RFC 1035 |
| NS | 2 | Delegates a DNS zone to the given authoritative name servers. | Current | RFC 1035 |
| MD | 3 | Mail Destination — an early mail routing record, obsoleted by MX. | Obsolete | RFC 1035 |
| MF | 4 | Mail Forwarder — an early mail routing record, obsoleted by MX. | Obsolete | RFC 1035 |
| CNAME | 5 | Canonical Name — creates an alias that points to another hostname. Cannot coexist with other record types at the same name. | Current | RFC 1035 |
| SOA | 6 | Start of Authority — contains administrative information about the zone: primary NS, admin email, serial, and TTL timers. | Current | RFC 1035 |
| MB | 7 | Mailbox — maps a mailbox name to a host. Experimental and never standardised. | Obsolete | RFC 1035 |
| MG | 8 | Mail Group Member — identifies members of a mail group. Experimental and obsolete. | Obsolete | RFC 1035 |
| MR | 9 | Mail Rename — specifies a rename for a mailbox. Experimental and obsolete. | Obsolete | RFC 1035 |
| NULL | 10 | Null resource record — holds any data. Only used in the QTYPE context. Experimental. | Obsolete | RFC 1035 |
| WKS | 11 | Well Known Services — advertised services on a host. Replaced by SRV and never widely deployed. | Obsolete | RFC 1035 |
| PTR | 12 | Reverse DNS lookup — maps an IP address back to a hostname. Used in rDNS zones. | Current | RFC 1035 |
| HINFO | 13 | Host Information — describes the CPU and operating system of a host. Rarely used due to security concerns. | Current | RFC 1035 |
| MINFO | 14 | Mailbox Information — provides the responsible mailbox and error mailbox for a mailing list. Experimental. | Obsolete | RFC 1035 |
| MX | 15 | Specifies the mail server responsible for accepting email for a domain, with a priority value. | Current | RFC 1035 |
| TXT | 16 | Holds arbitrary text data. Widely used for domain verification, SPF, DKIM, DMARC, and other policy records. | Current | RFC 1035 |
| SIG | 24 | Signature — an earlier DNSSEC signature record, superseded by RRSIG. | Obsolete | RFC 2535 |
| KEY | 25 | Key — an earlier DNSSEC key record, superseded by DNSKEY. | Obsolete | RFC 2535 |
| AAAA | 28 | Maps a hostname to an IPv6 address. The IPv6 equivalent of the A record. | Current | RFC 3596 |
| LOC | 29 | Geographic location of a host — encodes latitude, longitude, altitude, and precision. | Experimental | RFC 1876 |
| NXT | 30 | Next — an earlier DNSSEC non-existence proof record, superseded by NSEC. | Obsolete | RFC 2535 |
| SRV | 33 | Service Locator — specifies the hostname and port for a specific service, used by SIP, XMPP, and others. | Current | RFC 2782 |
| NAPTR | 35 | Naming Authority Pointer — enables rewriting of domain names using regular expressions. Used in ENUM and VoIP. | Current | RFC 3403 |
| A6 | 38 | An early experimental record for IPv6 addresses, superseded by AAAA. | Obsolete | RFC 2874 |
| DNAME | 39 | Delegation Name — redirects an entire subtree of the DNS namespace to another domain. | Current | RFC 6672 |
| OPT | 41 | Option — a pseudo-record used by EDNS to extend the DNS protocol with larger message sizes and additional flags. | Current | RFC 6891 |
| DS | 43 | Delegation Signer — holds the hash of a DNSKEY record; links a child zone to its parent in a DNSSEC chain of trust. | Current | RFC 4034 |
| SSHFP | 44 | SSH Fingerprint — stores the fingerprint of an SSH public key to allow DNS-based host key verification. | Current | RFC 4255 |
| IPSECKEY | 45 | IPsec Key — stores a public key used to establish IPsec associations with a host. | Current | RFC 4025 |
| RRSIG | 46 | Resource Record Signature — contains the DNSSEC signature for a record set, used to verify authenticity. | Current | RFC 4034 |
| NSEC | 47 | Next Secure — proves the non-existence of a DNS record in a DNSSEC-signed zone. | Current | RFC 4034 |
| DNSKEY | 48 | Stores a public key used to verify DNSSEC signatures in a zone. | Current | RFC 4034 |
| NSEC3 | 50 | Next Secure v3 — hashed variant of NSEC that prevents zone enumeration while still proving non-existence. | Current | RFC 5155 |
| NSEC3PARAM | 51 | NSEC3 Parameters — provides the hash algorithm and iterations used by NSEC3 records in a zone. | Current | RFC 5155 |
| TLSA | 52 | TLS Authentication — associates a TLS certificate or public key with a domain name. Used in DANE. | Current | RFC 6698 |
| CDS | 59 | Child DS — signals to a parent zone that a DS record should be created, updated, or deleted. | Current | RFC 7344 |
| CDNSKEY | 60 | Child DNSKEY — signals to a parent zone that a DNSKEY should be published as a DS record. | Current | RFC 7344 |
| OPENPGPKEY | 61 | Stores an OpenPGP public key for a user, enabling key discovery via DNS. | Current | RFC 7929 |
| ZONEMD | 63 | Zone Message Digest — provides a cryptographic digest of the complete zone contents for integrity verification. | Current | RFC 8976 |
| SVCB | 64 | Service Binding — provides connection information for a service, including protocol and ALPN hints. | Current | RFC 9460 |
| HTTPS | 65 | HTTPS Service Binding — a specialisation of SVCB for HTTPS. Enables ECH and QUIC hints without an extra round-trip. | Current | RFC 9460 |
| SPF | 99 | Sender Policy Framework — originally a dedicated record type, now published as a TXT record instead. | Obsolete | RFC 7208 |
| IXFR | 251 | Incremental Zone Transfer — transfers only the changes to a zone since the last transfer, reducing bandwidth. | Current | RFC 1995 |
| AXFR | 252 | Authoritative Zone Transfer — transfers an entire DNS zone from a primary to a secondary name server. | Current | RFC 1035 |
| ANY | 255 | Wildcard query type that requests all records of any type for a name. Often rate-limited or blocked by resolvers. | Current | RFC 1035 |
| URI | 256 | Stores a URI associated with a hostname. Used to publish service locations. | Current | RFC 7553 |
| CAA | 257 | Certification Authority Authorization — restricts which CAs may issue SSL/TLS certificates for a domain. | Current | RFC 8659 |
