Skip to content

Commit 9780761

Browse files
committed
dnssec record types
1 parent f3372cb commit 9780761

File tree

3 files changed

+15
-1
lines changed

3 files changed

+15
-1
lines changed

articles/dns/dns-faq.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,7 @@ sections:
7979
- question: |
8080
Does Azure DNS support Domain Name System Security Extensions (DNSSEC)?
8181
answer: |
82-
Yes. See [DNSSEC overview](dnssec.md).
82+
Yes. Azure Public DNS supports DNSSEC. For more information, see [DNSSEC overview](dnssec.md).
8383
8484
- question: |
8585
Does Azure DNS support zone transfers (AXFR/IXFR)?

articles/dns/dns-zones-records.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -102,6 +102,16 @@ When calling the Azure DNS REST API, you need to specify each TXT string separat
102102

103103
The multiple strings in a DNS record shouldn't be confused with the multiple TXT records in a TXT record set. A TXT record set can contain multiple records, *each of which* can contain multiple strings. Azure DNS supports a total string length of up to 4096 characters in each TXT record set (across all records combined).
104104

105+
### DS records
106+
107+
The delegation signer (DS) record is a [DNSSEC](dnssec.md) resource record type that is used to secure a delegation. To create a DS record in a zone, the zone must first be signed with DNSSEC.
108+
109+
### TLSA records
110+
111+
A TLSA (Transport Layer Security Authentication) record is used to associate a TLS server certificate or public key with the domain name where the record is found. A TLSA record links the public key (a TLS server certificate) to the domain name, providing an additional layer of security for TLS connections.
112+
113+
To use TLSA records effectively, [DNSSEC](dnssec.md) must be enabled on your domain. This ensures that the TLSA records can be trusted and properly validated
114+
105115
## Tags and metadata
106116

107117
### Tags

includes/dns-about-records-include.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,10 @@ Each DNS record has a name and a type. Records are organized into various types
1717

1818
Azure DNS supports all common DNS record types: A, AAAA, CAA, CNAME, MX, NS, PTR, SOA, SRV, and TXT. Note that [SPF records are represented using TXT records](../articles/dns/dns-zones-records.md#spf-records).
1919

20+
Additional record types are supported if the zone is signed with DNS Security Extensions ([DNSSEC](/azure/dns/dnssec)), such as Delegation Signer (DS) and Transport Layer Security Authentication (TLSA) resource records.
21+
22+
DNSSEC resource record types such as DNSKEY, RRSIG and NSEC3 records are added automatically when a zone is signed with DNSSEC. These types of DNSSEC resource records can't be created or modified after zone signing.
23+
2024
### Record sets
2125

2226
Sometimes you need to create more than one DNS record with a given name and type. For example, suppose the 'www.contoso.com' web site is hosted on two different IP addresses. The website requires two different A records, one for each IP address. Here is an example of a record set:

0 commit comments

Comments
 (0)