Record types

Everything dnswiz can serve, what each one is for, the exact data shape stored, and the validation rules the API enforces.

Notation. name is the leaf (www, @ for apex). value shapes are what’s stored in the record’s data field, the same JSON the API accepts and returns.

Plain DNS

A

IPv4 address.

• value: dotted IPv4 string (203.0.113.10).
• Apex is allowed.

AAAA

IPv6 address.

• value: IPv6 string (2001:db8::1).
• Apex is allowed.

CNAME

Alias to another name. The query result is the target’s resolution.

• value: target hostname (origin.example.com.).
• Apex is forbidden (RFC 1034 §3.6.2). At the apex use ANAME instead.
• CNAME exclusivity is enforced: a name with a CNAME may not have any other record (the same RFC). The API returns 400 on conflict.

ANAME

Apex CNAME flattening. The engine periodically resolves the target via public resolvers (1.1.1.1 / 8.8.8.8 by default) and serves the resulting A/AAAA records under your apex name.

• value: target hostname (example.cloudfront.net.).
• Apex-only. ANAME at a non-apex name returns 400.
• Refresh interval, query timeout, upstreams, and worker concurrency are tunable in Admin Settings → ANAME resolver.

MX

Mail exchanger with priority. The console renders priority + host as two fields; storage is a single string "<priority> <host>".

• value: "10 mx.example.com." form.
• Multiple MX records per name are valid and common.

SRV

Service location. Storage is one string of the four standard fields.

• value: "<priority> <weight> <port> <target>", e.g. "10 5 5060 sip.example.com.".
• The engine synthesizes the RR from this string at query time. The console drawer breaks it into four numeric/host fields and joins them on save.

CAA

Certificate authority authorization.

• value: stored as "<flags> <tag> <value>", e.g. '0 issue "letsencrypt.org"'.
• flags must be 0–255.
• tag must be one of issue, issuewild, iodef.
• value is required.

PTR

Reverse DNS pointer.

• value: target hostname.

TXT

Arbitrary text. Used for SPF, DKIM, ACME challenges, etc.

• value: any UTF-8 string up to 4096 bytes.
• NUL bytes rejected.

GSLB (global load balancing)

These are dnswiz-specific record types. They aren’t standard DNS RRs. The engine resolves them to A/AAAA answers at query time using the referenced pool/endpoint state.

POOL

Serves answers from a pool. The pool’s selection_method (weighted, active-passive, round-robin) decides which member each query gets.

• value: {"pool_id": "<uuid>"}.
• Member health checks remove down members from selection automatically.
• See Pools & members for the selection semantics.

GEO

Per-region selection. Pick a different pool (or endpoint) based on the querying resolver’s continent.

• value:

  {
    "regions": [
      { "code": "EU", "pool_id": "<uuid>" },
      { "code": "NA", "pool_id": "<uuid>" }
    ],
    "default": { "pool_id": "<uuid>" }
  }

• code is one of AF, AS, EU, NA, OC, SA, AN.
• Each region (and the default) is either pool-shaped ({pool_id}) or endpoint-shaped ({endpoint_id, value}), exactly one.
• Region codes must be unique. Needs ≥1 region.

CANARY

Time-ramped split between two targets. Use for blue/green deploys.

• value:

  {
    "primary":  { "pool_id": "<uuid>" },
    "canary":   { "pool_id": "<uuid>" },
    "from_pct": 1,
    "to_pct":   100,
    "started_at": "2026-05-27T08:36:52Z",
    "ramp_seconds": 3600
  }

• The engine computes the current canary % linearly between from_pct and to_pct over ramp_seconds.
• Optional abort webhook (set in the drawer) is called if you flip the ramp back to 0.

Validation rules

Every rule below is enforced on create and update, a bad record is rejected, never half-saved.

If a write is rejected you get a 400 (or 409 for a conflict); the response’s type field links to the matching error doc.