🌐 DNS Records Explained
A Complete Visual Guide to Domain Name System Records
example.com into machine-readable IP addresses. DNS records are instructions stored in authoritative DNS servers that provide information about a domain, including what IP address it is associated with, how email should be handled, and more.
🔄 How DNS Resolution Works
example.com
Resolver
Name Server
Server (.com)
Name Server
Returned
📋 Core DNS Record Types
A Record
Maps a domain name to a 32-bit IPv4 address. This is the most fundamental DNS record — it tells browsers where to find your website on the internet. A single domain can have multiple A records for load balancing.
example.com. 3600 IN A 93.184.216.34
www.example.com. 3600 IN A 93.184.216.34
AAAA Record
Maps a domain to a 128-bit IPv6 address. As IPv4 addresses run out, AAAA records are increasingly important. IPv6 offers a vastly larger address space (3.4×10³⁸ addresses vs ~4.3 billion in IPv4).
example.com. 3600 IN AAAA 2606:2800:220:1:248:1893:25c8:1946
CNAME Record
Creates an alias from one domain to another. Instead of mapping to an IP directly, CNAME points to another domain name. CNAME cannot be used at the root (apex) domain and should not point to an IP address.
www.example.com. 3600 IN CNAME example.com.
blog.example.com. 3600 IN CNAME myblog.wordpress.com.
MX Record
Directs email to the correct mail servers for a domain. Includes a priority value — lower numbers mean higher priority. Multiple MX records provide email redundancy. Must point to a hostname, not an IP.
example.com. IN MX 10 mail1.example.com.
example.com. IN MX 20 mail2.example.com.
TXT Record
Stores arbitrary text data associated with a domain. Used for domain ownership verification, email security (SPF, DKIM, DMARC), and anti-spam policies. Critical for modern email security configurations.
example.com. IN TXT "v=spf1 include:_spf.google.com ~all"
# Domain verification
example.com. IN TXT "google-site-verification=abc123"
NS Record
Identifies the authoritative name servers for a domain. These are the servers that hold all the DNS records for your domain. At least two NS records are recommended for redundancy and failover protection.
example.com. IN NS ns1.dnsprovider.com.
example.com. IN NS ns2.dnsprovider.com.
PTR Record
Performs reverse DNS lookups — mapping an IP address back to a domain name. The opposite of an A record. Used primarily for email server verification and network troubleshooting via nslookup or dig.
34.216.184.93.in-addr.arpa. IN PTR example.com.
# IPv6 reverse lookup
...ip6.arpa. IN PTR example.com.
SOA Record
Contains administrative information about the DNS zone. Every DNS zone must have exactly one SOA record. It specifies the primary name server, the responsible admin's email, and timing parameters for zone replication.
example.com. IN SOA ns1.example.com. admin.example.com. 2024010101 3600 900 604800 300
SRV Record
Defines location of specific services like VoIP, SIP, XMPP, or Microsoft services. Contains priority, weight, port, and target. Allows services to be discovered automatically without hardcoding server addresses.
_sip._tcp.example.com. IN SRV 10 20 5060 sip.example.com.
_xmpp._tcp.example.com. IN SRV 5 0 5222 xmpp.example.com.
CAA Record
Specifies which Certificate Authorities (CAs) are allowed to issue SSL/TLS certificates for your domain. Prevents unauthorized certificate issuance, significantly reducing the risk of fraudulent SSL certificates.
example.com. IN CAA 0 issue "letsencrypt.org"
example.com. IN CAA 0 issuewild "comodoca.com"
⏱️ Understanding TTL (Time To Live)
TTL controls how long DNS resolvers cache your record before checking for updates. Shorter TTL = faster propagation but more DNS queries. Longer TTL = faster resolution but slower updates.
📊 DNS Record Quick Reference
| Record Type | Purpose | Points To | Can Be Apex? | Common TTL |
|---|---|---|---|---|
| A | IPv4 address mapping | IPv4 address | ✅ Yes | 3600s |
| AAAA | IPv6 address mapping | IPv6 address | ✅ Yes | 3600s |
| CNAME | Domain alias | Another domain | ❌ No | 3600s |
| MX | Email routing | Hostname + priority | ✅ Yes | 3600s |
| TXT | Arbitrary text / security | Text string | ✅ Yes | 3600s |
| NS | Name server delegation | Hostname | ✅ Yes | 86400s |
| PTR | Reverse DNS lookup | Hostname | N/A | 86400s |
| SOA | Zone authority info | Primary NS + params | ✅ Required | 86400s |
| SRV | Service location | Host + port + weight | ❌ No | 3600s |
| CAA | SSL certificate authority | CA domain name | ✅ Yes | 86400s |
💡 Pro Tips & Best Practices
- Lower TTL before migrations: Reduce TTL to 300s at least 24 hours before making DNS changes — this minimizes downtime during cutover.
- Always set up SPF, DKIM, and DMARC: These TXT-based records are essential for email deliverability and preventing spoofing of your domain.
- Use multiple NS records: Always have at least 2 name servers on different networks for redundancy and fault tolerance.
- Avoid CNAME at apex: Never place a CNAME at your root domain (e.g., example.com). Use A/AAAA records or ALIAS/ANAME records instead.
- Add CAA records: Even if you're not planning changes, CAA records provide an extra layer of SSL certificate security at no cost.
- Test with dig or nslookup: Use
dig example.com ANYornslookup example.comto verify your DNS configuration before going live.