Help Center/ Domain Name Service/ User Guide/ Public Domain Name Resolution/ DNS Rules/ Record Set Types and Configuration Rules
Updated on 2025-08-18 GMT+08:00

Record Set Types and Configuration Rules

Record Set Types and Configuration Rules

Record set types for public zones include A, CNAME, MX, AAAA, TXT, SRV, NS, SOA, and CAA. For details, see Table 1.

Table 1 Record set types and configuration rules

Record Set Type

Description

Rule

Example

A

Maps domains to IPv4 addresses. It is usually used to map domain names used by websites to IPv4 addresses.

Enter IPv4 addresses mapped to the domain name.

You can enter up to 50 different IP addresses, each on a separate line.

1.1.xx.xx

1.2.xx.xx

CNAME

Maps one domain name to another domain name or multiple domain names to one domain name.

Enter the mapped domain name. You can enter only one domain name.

www.example.com

MX

Maps domain names to email servers.

Enter email server addresses.

You can enter up to 50 different IP addresses, each on a separate line.

The format is [priority][mail-server-host-name].

Configuration rules:
  • priority: priority for an email server to receive emails. A smaller value indicates a higher priority.
  • mail server host name: domain name provided by the email service provider

10 mailserver.example.com.

20 mailserver2.example.com.

AAAA

Maps domain names to IPv6 addresses.

Enter IPv6 addresses mapped to the domain name.

You can enter up to 50 different IP addresses, each on a separate line.

ff03:0db8:85a3:0:0:8a2e:0370:7334

TXT

Creates text records for domain names.

It is usually used in the following scenarios:

  • To record DKIM public keys to prevent email fraud.
  • To record the identity of domain name owners to facilitate domain name retrieval.

Enter text content as required.

Configuration rules:

  • Text record values must be enclosed in double quotation marks.
  • One or more text record values are supported, each on a separate line.

    A maximum of 50 text record values can be entered.

  • A single text record value can contain multiple character strings, each of which is double quoted and separated from others using a space.

    One character string cannot exceed 255 characters.

    A value must not exceed 4,096 characters.

  • The value cannot be left blank.
  • The text cannot contain a backslash (\).
  • Single text record:

    "aaa"

  • Multiple text records:

    "bbb"

    "ccc"

  • A text record that contains multiple strings:

    "ddd" "eee" "fff"

  • Text record in SPF format:

    "v=spf1 a mx -all"

    This value indicates that only IP addresses in the A and MX record sets are allowed to send emails using this domain name.

SRV

Records servers providing specific services.

Enter the specific server address.

You can enter up to 50 different IP addresses, each on a separate line.

The value format is [priority] [weight] [port number] [server address].

Configuration rules:

  • The priority, weight, and port number range from 0 to 65535.
  • A smaller value indicates a higher priority.
  • A larger value indicates a larger weight.
  • The host name is the domain name of the target server.

    Ensure that the domain name can be resolved.

NOTE:

If the record set values have the same priority, requests to the domain name will be routed based on weights.

2 1 2355 example_server.test.com

NS

Delegates subdomains to other name servers.

After a public zone is created, an NS record set is automatically created for this zone and cannot be deleted. You can add NS record sets only in the following scenarios:
  • The Name parameter is not left blank. This means that you can add NS record sets for subdomains of a domain name.
  • The value of the Line parameter is not set to Default. This means that you can add NS record sets for the domain name with other resolution lines.

Enter the DNS server address.

You can enter up to 50 different IP addresses, each on a separate line.

ns1.example.com

ns2.example.com

SOA

Identifies the base information about a domain name. The SOA record set is automatically generated by the DNS service and cannot be added manually.

This type of record set is created by default and cannot be added manually.

This type of record set is created by default and cannot be added manually.

CAA

Grants certificate issuing permissions to certificate authorities (CAs). CAA record sets can prevent the issuance of unauthorized HTTPS certificates.

CA to be authorized to issue certificates for a domain name or its subdomains.

You can enter up to 50 different IP addresses, each on a separate line.

The format is [flag] [tag] [value].

Configuration rules:

  • flag: CA identifier, an unsigned character ranging from 0 to 255. Usually, the value is set to 0.
  • tag: You can enter 1 to 15 characters. Only letters and digits from 0 to 9 are allowed. The tag can be one of the following:
    • issue: authorizes a CA to issue all types of certificates.
    • issuewild: authorizes a CA to issue wildcard certificates.
    • iodef: requests notifications once a CA receives invalid certificate requests.
  • value: authorized CA or email address/URL required for notification once the CA receives invalid certificate requests. The value depends on the value of tag and must be enclosed in quotation marks (""). The value can contain a maximum of 255 characters. Only letters, digits, spaces, and the following special characters are allowed: -#*?&_~=:;.@+^/!%

0 issue "ca.abc.com"

0 issuewild "ca.def.com"

0 iodef "mailto:admin@domain.com"

0 iodef "http://domain.com/log/"

Wildcard Resolution Rules

DNS allows you to add a record set with the record set name set to an asterisk (*), for example, *.example.com. This can map all subdomains to the same value.

If you have added a wildcard record set for a domain name and added multiple record sets of the same type but different line for a specific subdomain, the DNS resolution complies with the following rules:

  • Priority: Line match has a higher priority than domain name match.
  • Priority of queries in the same line: If the line type is the same, exact match has a higher priority than fuzzy match.
  • Priority for interaction between intelligent resolution and default lines: Wildcard domain name query matches the intelligent line, and exact domain name query matches the default line. If both of them are matched, the exact domain name query result prevails.

Take example.com as an example.

  1. Configure wildcard records and a record for the subdomain starting with www.
    The following table lists the parameter settings.

    Subdomain

    Line

    Record Set Type

    Value

    www.example.com

    Default

    A

    4.4.xx.xx

    *.example.com

    Default line for China Telecom

    A

    1.1.xx.xx

    *.example.com

    Default line for China Unicom

    A

    2.2.xx.xx

    *.example.com

    Default line for China Mobile

    A

    3.3.xx.xx

    When a visitor is a China Telecom, China Unicom, or China Mobile user, 4.4.xx.xx is returned.

    Rule: If both wildcard and exact domain name queries are matched, the exact domain name query result prevails.

  2. Configure intelligent resolution for the subdomain www.example.com.

    Subdomain

    Line

    Record Set Type

    Value

    www.example.com

    Default

    A

    4.4.xx.xx

    *.example.com

    Default line for China Telecom

    A

    1.1.xx.xx

    www.example.com

    Default line for China Telecom

    A

    1.1.xx.xx

    *.example.com

    Default line for China Unicom

    A

    2.2.xx.xx

    www.example.com

    Default line for China Unicom

    A

    2.2.xx.xx

    *.example.com

    Default line for China Mobile

    A

    3.3.xx.xx

    www.example.com

    Default line for China Mobile

    A

    3.3.xx.xx

    When visitors are China Telecom, China Unicom, or China Mobile users and they are accessing www.example.com, 1.1.xx.xx is returned for the China Telecom user, 2.2.xx.xx is returned for the China Unicom user, and 3.3.xx.xx is returned for the China Mobile user.

    Rule: Line match has a higher priority than domain name match. If the line type is the same, exact match has a higher priority than fuzzy match.

TTL Setting Rules

TTL (time to live) specifies how long records are cached on a local DNS server. The TTL value, typically measured in seconds, dictates the validity period of the cached record. Common TTL values for DNS records include 300 seconds (5 minutes), 3,600 seconds (1 hour), and 86,400 seconds (24 hours). The default TTL value for Huawei Cloud DNS is 300 seconds.

When receiving requests for a domain name, the local DNS server asks the authoritative DNS server for the required DNS record, and then caches the record for a period of time, as defined by the TTL value specified in the record.

  • During this TTL period, if the local DNS server receives requests for this domain name again, it will not request the record from the authoritative DNS server, but directly returns the cached record.
  • When the TTL expires, the local DNS server clears the cached record. If the local DNS server receives new DNS queries for the domain name, it forwards the new DNS queries to the authoritative DNS server to obtain the latest resolution result and caches the result.
Table 2 Application scenarios of TTL

TTL Setting

Scenarios

Description

Increase the TTL value.

Reducing network traffic

A larger TTL value allows DNS records to be cached on the client or server for a longer period, leading to fewer queries to the authoritative DNS servers and reduced network load.

Faster response

In IP packets, a larger TTL value allows packets to survive longer on the network. This helps reduce the number of retransmission requests and prevent network congestion.

Stable network

In a stable network with low packet loss, a large TTL value can improve data transmission efficiency by avoiding the need for retransmissions.

Decrease the TTL value.

Quick update

  • For frequently updated content such as that from news websites or social media, a small TTL ensures that users can obtain the latest information in a timely manner, reducing the delay caused by caching.
  • A small TTL can quickly clear the old cache and ensure faster update of DNS records. This ensures that the clients can use the latest records sooner.

Testing and diagnosis

In network testing, a small TTL value is beneficial for quickly identifying and troubleshooting network issues. By setting a low TTL, packets are designed to expire quickly, which makes them easy to trace and analyze.

Dynamic network environment

A small TTL value can minimize the impact of outdated routing data on a network where routes are frequently changing. This improves network adaptability and response speed.

Reducing network congestion

A small TTL value can help prevent network congestion, particularly in bandwidth-constrained environments.

To set the TTL value, you need to consider both the stability and update requirements of records. For stable records, set a large TTL value, while for frequently changed records, set a small TTL value. Pay attention to the following points:

  • A balance between load and response: When adjusting the TTL value, you need to balance the network load and response speed. This aims to prevent delays in updates out of a high TTL value or load increase out of a low TTL value.
  • Network environment evaluation: You need to set an appropriate TTL value after considering both the network stability and packet loss rate.
  • Monitoring and testing: After adjusting the TTL value, you need to monitor and test its impact to ensure the desired outcome and make further adjustments if needed.
  • Change management: Before changing a DNS record, such as changing the server IP address, you are advised to reduce the TTL value so that DNS caches expire faster, allowing for quicker adoption of the new record. Once the change is fully propagated, the TTL can be restored to its original value.

Record Set Application Example

Record sets are used in following scenarios:

  • Routing Internet traffic to a website

    A and AAAA record sets are usually used to map domain names used by websites to IPv4 or IPv6 addresses of web servers where the websites are deployed.

    Figure 1 Accessing a website over the Internet using domain name
  • Private domain name resolution

    On a private network, A and AAAA record sets translate private domain names into private IP addresses.

    Figure 2 Private domain name resolution
  • Email domain name resolution

    MX, CNAME, and TXT record sets are usually used for email services.

    Figure 3 Email domain name resolution
  • Reverse resolution on a private network

    PTR records translate private IP addresses into private domain names.

    Figure 4 Reverse resolution on a private network