DNS Resource Types
Select Resource Types
This section details resource types supported by GSLB:
In the future, secondary type zones should be available.
A/AAAA record
A host IPv4 or IPv6 address.
Configuring the A/AAAA record
| Settings | Guidelines |
|---|---|
|
hostname |
The hostname part of the FQDN, such as www. Note: You can specify the @ symbol to denote the zone root. The value substituted for @ is the preceding $ORIGIN directive. |
|
Address type |
IPv4 / IPv6 |
|
Address |
Specify the IP address of the virtual server. |
|
TTL |
The time-to-live of the Resource Records |
|
Weight |
Assigns relative preference among members—higher values are preferred and are assigned connections more frequently. The default is 1. The valid range is 1-255. |
CNAME record
Identifies the canonical name of an alias. Described in RFC 1035.
Configuring the CNAME record
| Settings | Guidelines |
|---|---|
|
Alias |
An alias name to another true or canonical domainname (the target). For instance, www.example.com is an alias for example.com. Note: Alias should not be the same as other records, nor should there be duplicate aliases for the same domain. |
|
target |
The true or canonical domain name. For instance, example.com.
|
|
TTL |
The time-to-live of the Resource Records |
NS record
The authoritative name server for the domain. Described in RFC 1035.
Configuring the NS record
| Settings | Guidelines |
|---|---|
|
Domain name |
The domain for which the name server has authoritative answers, such as example.com. Note: FortiAppSec Cloud supports third-party domain names.
|
|
Host name |
The hostname part of the FQDN, such as ns.
|
|
TTL |
The time-to-live of the Resource Records |
|
Address Type |
IPv4 / IPv6 |
|
Address |
Specify the IP address of the name server. |
MX record
Identifies a mail exchange for the domain with a 16-bit preference value (lower is better) followed by the host name of the mail exchange. Described in RFC 974, RFC 1035.
Configuring the MX record
| Settings | Guidelines |
|---|---|
|
Domain name |
The domain of the mail exchange server. |
|
Hostname |
The hostname part of the FQDN for a mail exchange server, such as mail. |
|
TTL |
The time-to-live of the Resource Records |
|
Priority |
Preference given to this RR among others at the same owner. Lower values have greater priority. |
|
Address type |
IPv4 / IPv6 |
|
Address |
Specify the IP address. |
TXT record
Described in RFC 1035.
Configuring TXT record / NS record
| Settings | Guidelines |
|---|---|
|
name |
Hostname. TXT records are name-value pairs that contain human readable information about a host. The most common use for TXT records is to store SPF records. |
|
text |
Comma-separated list of name/value pairs. An example SPF record has the following form:
If you complete the entry from the Web UI, do not put the string in quotes. (If you complete the entry from the CLI, you do put the string in quotes.) |
|
TTL |
The time-to-live of the Resource Records |
SRV record
Information about well-known network services (replaces WKS). Described in RFC 2782.
Configuring the SRV record
| Settings | Guidelines |
|---|---|
|
Hostname |
The host name part of the FQDN, e.g., www. |
|
TTL |
The time-to-live of the Resource Records |
|
Priority |
A priority assigned to the target host: the lower the value, the higher the priority.
|
|
Weight |
A relative weight assigned to a record among records of the same priority: the greater the value, the more weight it carries. |
|
Port |
The TCP or UDP port on which the service is provided. |
|
Target name |
The canonical name of the machine providing the service. |
PTR record
Resolves an IP address to a fully-qualified domain name.
Configuring the PTR record
|
Settings |
Guidelines |
|---|---|
| PTR address |
A PTR address, such as 10.168.192.in-addr.arpa. or 1. Note: If you use the number, the domain name is in the format "x.x.x.in-addr.arpa." |
| FQDN | A fully qualified domain name, such as "www.example.com". |
CAA Record
A Certificate Authority Authorization (CAA) record is a type of DNS record that specifies which Certificate Authorities (CAs) are authorized to issue certificates for a specific domain. It acts as an additional layer of control to prevent unauthorized certificate issuance.
A Certificate Authority (CA) sends a Certificate Authority Authorization (CAA) request to a DNS server during the domain validation process. This typically happens when:
-
A Certificate is Requested: When a user or entity requests an SSL/TLS certificate for a domain, the CA must verify that it is authorized to issue a certificate for that domain.
-
CAA Record Check is Performed: As part of the validation process, the CA performs a CAA lookup by querying the domain's DNS. This is done to check if the domain's DNS records include a CAA policy that specifies which CAs are authorized to issue certificates for the domain.
-
Before Certificate Issuance: The CA queries the DNS for the CAA record using a standard DNS query. If a CAA record is found, the CA ensures that it is listed as an authorized CA. If no CAA record exists, the CA assumes it is authorized to issue the certificate by default (as per current industry standards).
If the DNS server returns a CAA record that does not authorize the CA to issue certificates for the domain, the CA will deny the certificate request.
Configuring the CAA record
|
Settings |
Guidelines |
|---|---|
|
Hostname |
The domain or subdomain to which the policy applies. If the zone record is `example.com.`, you can use a subdomain (e.g., `www`, `sub`) as the Hostname to add a CAA record for that subdomain. To add a CAA record for the root domain, use `@` as the hostname. |
|
Flags |
Default:No special enforcement—certificate requests proceed as usual. Critical: If the CA does not understand the record, it must reject the certificate request, preventing issuance. |
|
Tag |
A label that specifies the type of policy being defined.
|
|
Value |
The value associated with the tag.
|