Introduction
DNS (Domain Name System) records are the instructions that tell the internet how to find your website, where to deliver your email, and how to verify your domain for various services. When you connect a custom domain to Rapyd, your DNS is managed through Cloudflare's enterprise-grade infrastructure — giving you access to a comprehensive set of record types directly from the Rapyd dashboard.
This guide explains the DNS record types available on Rapyd, organized by their primary function. Whether you're setting up a new site, configuring email, or adding advanced security features, understanding these records will help you manage your domain effectively.
IP Address Resolution Records
These records map domain names to server addresses. They're the foundation of how visitors reach your website. These are automatically set for you if the domain is managed by Rapyd.
A Record
The A record (Address Record) is the most fundamental DNS record. It maps a domain name to an IPv4 address — the numerical identifier of a server. When someone types your domain into a browser, the A record tells their device where to find your website.
Example: yourdomain.com → 192.0.2.1
Common use: Point your domain or subdomains (like www.yourdomain.com) to the server hosting your website.
AAAA Record
The AAAA record (IPv6 Address Record) maps a domain name to an IPv6 address. IPv6 is the newer version of IP addresses, designed to handle the growing number of devices on the internet.
Example: yourdomain.com → 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Common use: Point your domain to a server using an IPv6 address. Many modern hosting providers support both IPv4 and IPv6.
CNAME Record
The CNAME record (Canonical Name Record) maps one domain name to another domain name (not an IP address). It's an alias that says "this hostname should resolve to wherever that other hostname resolves."
Example: www.yourdomain.com → yourdomain.com
Common use: Point the www subdomain to your root domain, or direct traffic to a CDN or SaaS service. CNAME records are frequently used when integrating third-party services.
Note: A CNAME record cannot coexist with other record types on the same hostname. Cloudflare's CNAME flattening feature allows you to use CNAME records at the zone apex (root domain), which is not possible with standard DNS.
Email Records
These records control how email is routed and authenticated for your domain. Proper email configuration is essential for deliverability and preventing your domain from being used for spam or phishing.
MX Record
The MX record (Mail Exchange Record) specifies the mail servers responsible for receiving email on behalf of your domain. You can configure multiple MX records with different priority values for redundancy.
Example: yourdomain.com → mail.yourdomain.com (Priority: 10)
Common use: Direct incoming email to your email service provider (Google Workspace, Microsoft 365, Zoho, etc.).
SPF Record (via TXT)
The SPF record (Sender Policy Framework) lists the IP addresses and domains authorized to send email on behalf of your domain. SPF records are implemented as TXT records.
Example: yourdomain.com → "v=spf1 include:_spf.google.com ~all"
Common use: Prevent email spoofing by specifying which mail servers can legitimately send email from your domain.
DKIM Record (via TXT/CNAME)
The DKIM record (DomainKeys Identified Mail) contains a public cryptographic key used to verify that an email was actually sent by your domain and hasn't been tampered with in transit. DKIM records are typically implemented as TXT or CNAME records.
Example: selector._domainkey.yourdomain.com → "v=DKIM1; k=rsa; p=MIGfMA0GCS..."
Common use: Authenticate outgoing email to improve deliverability and protect against spoofing.
DMARC Record (via TXT)
The DMARC record (Domain-based Message Authentication, Reporting and Conformance) tells email receivers how to handle messages that fail SPF or DKIM checks, and where to send reports about email authentication results.
Example: _dmarc.yourdomain.com → "v=DMARC1; p=quarantine; rua=mailto:[email protected]"
Common use: Define a policy for handling unauthenticated email and receive reports about potential abuse.
Tip: Even if your domain doesn't send email, you should configure restrictive SPF, DKIM, and DMARC records to prevent others from spoofing your domain.
Service & Application Records
These records help connect your domain to specific services and applications.
TXT Record
The TXT record (Text Record) allows you to associate arbitrary text with a domain name. TXT records are used for a wide variety of purposes, from email authentication (SPF, DKIM, DMARC) to domain ownership verification.
Example: yourdomain.com → "google-site-verification=abc123..."
Common use: Verify domain ownership with services like Google Search Console, Microsoft 365, or SSL certificate providers.
Limits: Each TXT record can contain up to 2,048 characters. If you have multiple TXT records with the same name, their combined content must not exceed 8,192 characters.
SRV Record
The SRV record (Service Record) specifies the hostname and port for specific services like VoIP, instant messaging, or other application protocols.
Example: _sip._tcp.yourdomain.com → sipserver.yourdomain.com (Port: 5060, Priority: 10, Weight: 5)
Common use: Route VoIP calls, configure Microsoft Teams, or direct other protocol-specific traffic to the correct server.
SVCB and HTTPS Records
SVCB (Service Binding) and HTTPS records allow clients to discover how to connect to a service more efficiently, without needing an initial plaintext connection. The HTTPS record is a specialized version of SVCB for web traffic.
Example: yourdomain.com → HTTPS record advertising HTTP/2 and HTTP/3 support
Common use: Speed up initial connections by telling browsers about supported protocols (HTTP/2, HTTP/3) before they connect.
Note: Cloudflare automatically generates HTTPS records for proxied domains with HTTP/2 or HTTP/3 enabled.
URI Record
The URI record maps a hostname to a URI (Uniform Resource Identifier), allowing DNS to return a full URL rather than just an IP address.
Example: _ftp.yourdomain.com → ftp://ftp.yourdomain.com/public
Common use: Provide service discovery information or redirect clients to specific resources.
NAPTR Record
The NAPTR record (Naming Authority Pointer) is used for more complex service discovery, particularly in telecommunications (VoIP, ENUM).
Example: Used to map telephone numbers to SIP URIs in ENUM systems.
Common use: Advanced VoIP and telecommunications routing.
Security & DNSSEC Records
These records enhance the security of your domain and DNS infrastructure.
CAA Record
The CAA record (Certificate Authority Authorization) specifies which certificate authorities (CAs) are allowed to issue SSL/TLS certificates for your domain. This prevents unauthorized CAs from issuing certificates.
Example: yourdomain.com → 0 issue "letsencrypt.org"
Common use: Restrict certificate issuance to specific CAs (like Let's Encrypt, DigiCert, or Google Trust Services) to improve security.
DS Record
The DS record (Delegation Signer) is part of DNSSEC and is used to authenticate DNS responses. It contains a hash of a DNSKEY record and establishes a chain of trust between parent and child zones.
Example: yourdomain.com → Key Tag: 12345, Algorithm: 13, Digest Type: 2, Digest: abc123...
Common use: Enable DNSSEC for subdomains that are delegated to other nameservers.
Note: Most Rapyd domains don't need to manually add DS records. Cloudflare handles DNSSEC automatically when enabled.
DNSKEY Record
The DNSKEY record contains the public cryptographic key used to verify DNSSEC signatures. It works together with DS records to establish a chain of trust.
Example: Contains algorithm type, flags, and the public key data.
Common use: DNSSEC implementation for zones you're delegating to other nameservers.
TLSA Record
The TLSA record specifies which TLS certificates are authorized for a domain, enabling DANE (DNS-based Authentication of Named Entities). This allows domain owners to pin specific certificates.
Example: _443._tcp.yourdomain.com → Certificate association data
Common use: Pin TLS certificates to prevent man-in-the-middle attacks. Requires DNSSEC to be effective.
SSHFP Record
The SSHFP record (SSH Fingerprint) stores the fingerprint of an SSH server's public key, allowing SSH clients to verify the server's identity through DNS.
Example: server.yourdomain.com → SSH key algorithm, fingerprint type, and fingerprint
Common use: Verify SSH server identity without manually accepting host keys. Requires DNSSEC for security.
SMIMEA Record
The SMIMEA record associates S/MIME certificates with email addresses, enabling email clients to discover encryption keys through DNS.
Example: selector._smimecert.yourdomain.com → Certificate data
Common use: Publish S/MIME certificates for encrypted email. Requires DNSSEC.
CERT Record
The CERT record stores public key certificates (PGP, PKIX, or other formats) in DNS.
Example: Contains certificate type, key tag, algorithm, and certificate data.
Common use: Publish certificates for various applications that need to discover them via DNS.
Infrastructure Records
These records define the structure of your DNS zone itself.
NS Record
The NS record (Nameserver Record) specifies the authoritative nameservers for your domain. These are the servers that answer DNS queries for your domain.
Example: yourdomain.com → ns1.cloudflare.com, ns2.cloudflare.com
Common use: Delegate DNS authority to specific nameservers. When you connect a domain to Rapyd via the nameserver method, you update your NS records at your registrar.
Note: Your root domain's NS records are managed at your domain registrar, not in the Rapyd dashboard. You can create NS records in Rapyd to delegate subdomains to other nameservers.
SOA Record
The SOA record (Start of Authority) contains administrative information about your DNS zone, including the primary nameserver, administrator email, serial number, and timing parameters.
Example: Contains primary NS, admin email, serial, refresh, retry, expire, and minimum TTL values.
Common use: Cloudflare automatically creates and manages the SOA record for your zone. You typically don't need to modify it.
PTR Record
The PTR record (Pointer Record) maps an IP address back to a domain name — the reverse of an A record. This is called a reverse DNS lookup.
Example: 1.2.0.192.in-addr.arpa → yourdomain.com
Common use: Validate server identity for email deliverability (many mail servers check PTR records). PTR records are typically managed by your hosting provider, not in your domain's DNS zone.
Quick Reference Table
Record Type | Purpose | Can Be Proxied? |
A | Map domain to IPv4 address | Yes |
AAAA | Map domain to IPv6 address | Yes |
CNAME | Alias one domain to another | Yes |
MX | Route email to mail servers | No |
TXT | Store text data (SPF, DKIM, verification) | No |
SRV | Specify host/port for services | No |
CAA | Authorize certificate authorities | No |
DS | DNSSEC delegation signer | No |
DNSKEY | DNSSEC public key | No |
NS | Delegate to nameservers | No |
PTR | Reverse DNS lookup | No |
SVCB/HTTPS | Service binding / HTTP connection hints | No |
TLSA | TLS certificate pinning (DANE) | No |
SSHFP | SSH server fingerprint | No |
SMIMEA | S/MIME certificate association | No |
CERT | Public key certificates | No |
URI | Map hostname to URI | No |
NAPTR | Advanced service discovery | No |
SOA | Zone administrative info | No |
Proxied vs. DNS Only: Only A, AAAA, and CNAME records can be proxied through Cloudflare. Proxied records route traffic through Cloudflare's network, enabling CDN caching, WAF protection, and DDoS mitigation. All other record types are DNS-only.
Conclusion
With Rapyd's Cloudflare-powered DNS, you have access to a comprehensive set of DNS record types — from the fundamentals like A and CNAME records to advanced security features like DNSSEC and DANE. Understanding these records helps you configure your domain correctly for web hosting, email, third-party integrations, and security.
For step-by-step instructions on managing these records in your dashboard, see How to Manage DNS Records.