DNS APL Record Generator
Build syntax-compliant DNS APL records. Configure IPv4 and IPv6 prefix limits and copy BIND settings.
Network engineers, systems auditors, and database admins publish APL records to catalog server IP address spaces. This local generator formats prefix listings in compliance with RFC 3123 specifications. When to use it: When setting up directory routing, logging network ranges, or compiling zone files. What it solves: Avoids prefix nesting errors, incorrect family codes, and BIND compiler issues. Why it matters: System records require explicit colon-spaced parameters to parse address families accurately.
APL Settings
Address Prefixes
BIND Zone Record
Record Parameters Breakdown
Host: Matches subdomain target or core root domain (@).
Family: Code 1 for IPv4 addresses, or 2 for IPv6 ranges.
Negation: Prefixed with ! to exclude the range from the list.
IP Range: Address blocks followed by standard CIDR mask parameters.
How DNS Address Prefix Lists Resolve
This generator builds zone strings. The validation logic structures the record naming conventions in compliance with RFC standards.
When client resolvers query APL records, DNS servers look up the published address prefix limits. Because exclusions are defined with negations, routers audit network coordinates easily.
Before & After APL Record Examples
❌ Before (Missing network prefix lists)
Systems querying system ranges receive empty DNS returns, preventing routing validations.
;; Query: dig APL domain.com
;; ANSWER SECTION:
;; (Empty response returned) ✅ After (Active APL zone mapping)
A syntax-compliant BIND APL record publishes host routing prefix lists successfully.
@ 86400 IN APL 1:192.168.0.0/16 !1:10.0.0.0/8
;; Active prefix listings Industry Use Cases
| Developer Workflows | SEO Strategies | Operations & Teams |
|---|---|---|
| Publish IP address prefix lists for routing systems. | Audit domain ownership details. | Document host specifications inside private BIND zones. |
| Trace zone prefix ranges during server migrations. | Audit security contact details. | Standardize network address maps. |
Common DNS APL Mistakes
Incorrect Family Code Mapping
Assigning incorrect codes (e.g. mapping code 2 to IPv4, or 1 to IPv6 addresses), which causes BIND zone parser compilation failures.
Invalid CIDR Masks
Entering CIDR prefix masks outside standard boundaries (greater than 32 for IPv4, or greater than 128 for IPv6 addresses).
DNS APL Best Practices
- Map Address Families: Enforce family code
1for IPv4, and2for IPv6. - Configure Exclusions: Negate private IP spaces to limit access boundaries.
- Verify CIDR Ranges: Double-check address mask boundaries before publishing.
- Audit Settings: Periodically verify records after server migration loops.
Frequently Asked Questions
What is a DNS APL record and what is it used for?
An Address Prefix List (APL) record is a type of DNS record that lists IP address ranges (IPv4 or IPv6) in active or negated formats. Resolvers query APL records to audit network prefix sets.
How is the IP prefix formatted inside an APL record?
APL records use a colon-separated syntax mapping: "[negation][family]:[address]/[prefix]". For example, "1:192.168.0.0/16" describes an active IPv4 prefix, while "!1:10.0.0.0/8" describes a negated range.
What are the family codes for IPv4 and IPv6?
Under RFC 3123 specifications, the address family code for IPv4 is "1" and the address family code for IPv6 is "2".
What does the negation symbol (!) represent?
The exclamation mark (!) indicates a negated prefix. This means that the specified IP range is excluded from the prefix list, allowing administrators to define exclusions.
Are APL records used for mail validation?
No. APL records are informational and routing indicators. Email validations use SPF (TXT) records instead.
Are APL records mandatory for core websites?
No. APL records are optional, advanced resource records. They are primarily used in localized intranet routing setups or secure server-to-server directories.
How do I query APL records using terminal tools?
Use terminal lookup commands: "dig apl yourdomain.com" or "nslookup -type=apl yourdomain.com" to retrieve published address prefix list records.
Related Security Tools
DNS NS Record Generator
Create subdomain nameserver delegations.
DNS PTR Record Generator
Configure reverse IP-to-domain resolutions.
DNS TXT Record Generator
Create domain verification tags and SPF rules.
DNS LOC Record Generator
Create location records mapping coordinates.
DNS HINFO Record Generator
Create host hardware info BIND records.
DMARC Record Generator
Create DMARC records to prevent domain spoofing.