DNS Records: A, AAAA, CNAME, MX, TXT and More
DNS records are instructions stored in DNS that tell the internet how to connect to your domain. Common types include A, AAAA, CNAME, MX, and TXT records.
DNS Records
DNS records are instructions stored in a DNS zone that tell the internet how to connect to your domain. Every DNS lookup resolves one or more records to find the right server. Knowing the different record types is essential for managing any domain, whether you are setting up a website, configuring email, or securing your domain against certificate misuse.
What Are DNS Records
When you register a domain and set up hosting, you configure DNS records to point different parts of your domain to the right servers. Your web server needs one record, your email provider needs another, your CDN might need a third, and email authentication requires several more. All of these live in your DNS zone, which is stored and served by your DNS provider or registrar.
Each DNS record consists of a few key fields: the name, which is the domain or subdomain the record applies to; the type, which defines what kind of record it is; the value, which is the actual data such as an IP address or a target domain; and the TTL, which controls how long resolvers are allowed to cache it. Together these fields give resolvers everything they need to answer queries about your domain correctly.
Common DNS Record Types
| Record Type | Full Name | What It Does | Example |
|---|---|---|---|
| A | Address | Maps a domain or subdomain to an IPv4 address | example.com points to 142.250.80.46 |
| AAAA | Quad-A | Maps a domain or subdomain to an IPv6 address | example.com points to 2607:f8b0::1 |
| CNAME | Canonical Name | Creates an alias that points one domain name to another domain name | www.example.com points to example.com |
| MX | Mail Exchange | Specifies which mail servers handle incoming email for the domain | example.com mail handled by mail.google.com at priority 10 |
| TXT | Text | Stores free-form text used for SPF, DKIM, DMARC, and domain ownership verification | v=spf1 include:_spf.google.com ~all |
| NS | Name Server | Delegates the domain to the authoritative DNS servers that hold its zone records | example.com delegated to ns1.cloudflare.com |
| SOA | Start of Authority | Contains administrative information about the zone including the primary nameserver, admin contact, and negative TTL | Primary NS, admin email, serial number, refresh and retry intervals |
| PTR | Pointer | Reverse DNS lookup that maps an IP address back to a domain name | 142.250.80.46 resolves back to mail.google.com |
| SRV | Service | Specifies the hostname and port of a server for a specific protocol or service | Used by SIP, XMPP, Microsoft Teams, and game servers |
| CAA | CA Authorization | Restricts which Certificate Authorities are permitted to issue SSL certificates for the domain | 0 issue "letsencrypt.org" |
A Records and AAAA Records
The A record is the most fundamental DNS record type. It maps a domain name directly to an IPv4 address, which is the address format that has been in use since the early internet. When a resolver looks up your domain and finds an A record, it returns the IP address in that record and the browser connects to it directly.
The AAAA record works identically but maps to an IPv6 address. IPv6 was introduced to address the exhaustion of IPv4 addresses and uses a much longer 128-bit address format. Most modern websites configure both A and AAAA records so that devices on IPv6 networks can connect using the newer protocol while IPv4-only devices fall back to the A record automatically.
CNAME Records
A CNAME record creates an alias by pointing one domain name to another domain name rather than directly to an IP address. When a resolver encounters a CNAME, it follows the chain and performs an additional lookup for the target domain until it finds an A or AAAA record with an actual IP address.
CNAME records are commonly used for subdomains. For example, pointing www.example.com to example.com means that whenever the IP address of the root domain changes, the www subdomain updates automatically without requiring a separate change. They are also used extensively with third-party services such as CDNs, where you point your subdomain to the provider's domain and they handle routing from there.
One important restriction is that CNAME records cannot be used at the root or apex of a domain. A record for example.com itself must be an A or AAAA record pointing to an IP address. Some DNS providers offer a proprietary ALIAS or ANAME record type that behaves like a CNAME at the root by resolving the target domain to an IP at query time.
MX Records
MX records control where email sent to your domain is delivered. When someone sends an email to an address at your domain, their mail server queries your MX records to find out which server to connect to for delivery. Each MX record includes a priority value, which is a number that determines the order in which mail servers are tried. Lower numbers indicate higher priority.
You can have multiple MX records with different priorities to provide redundancy. If the primary mail server is unavailable, sending servers will try the next lowest priority record. This is how email providers like Google Workspace and Microsoft 365 configure their mail delivery with primary and backup servers.
TXT Records
TXT records store arbitrary text data associated with a domain. They were originally designed for human-readable notes but are now used almost entirely for machine-readable authentication and verification purposes. The most common uses are:
- SPF (Sender Policy Framework): Declares which mail servers are authorised to send email on behalf of your domain. Receiving mail servers check this record to determine whether an incoming message is legitimate or potentially spoofed.
- DKIM (DomainKeys Identified Mail): Publishes a public key that receiving mail servers use to verify the cryptographic signature attached to outgoing emails, confirming they have not been tampered with in transit.
- DMARC (Domain-based Message Authentication): Specifies a policy for how receiving mail servers should handle messages that fail SPF or DKIM checks, and where to send reports about authentication failures.
- Domain ownership verification: Services like Google Search Console, various CDNs, and SSL certificate providers ask you to add a specific TXT record to prove you control the domain before they grant access or issue a certificate.
What Is TTL
Every DNS record has a TTL (Time to Live) value measured in seconds. It tells resolvers how long they are allowed to cache the record before they must discard it and fetch a fresh copy from the authoritative server. TTL is a trade-off between performance and flexibility.
A short TTL means changes to your records propagate across the internet quickly because resolvers refresh their cache frequently. This is valuable during migrations or when you need to respond quickly to an outage. However, it increases the volume of queries hitting your authoritative DNS server because resolvers re-query more often. A long TTL reduces query load and speeds up lookups for end users because more resolvers have the record cached, but it means changes take longer to reach everyone.
| TTL Value | Duration | When to Use |
|---|---|---|
| 300 | 5 minutes | Set this 24 to 48 hours before a planned migration or IP change so the short TTL has time to propagate before you make the actual change |
| 3600 | 1 hour | A reasonable default for A, AAAA, CNAME, and TXT records that may occasionally need updating |
| 86400 | 24 hours | Suitable for stable records that rarely change, such as NS, MX, and SOA records |
A Record vs CNAME: Which to Use
- A record: Points directly to an IPv4 address. Use for the root domain such as
example.combecause CNAME records are not permitted at the apex of a domain. - CNAME record: Points to another domain name, which is then resolved to an IP. Use for subdomains such as
www,blog, orapithat should follow another domain's IP address automatically. - ALIAS or ANAME record: A non-standard record type offered by some DNS providers that behaves like a CNAME at the root domain by resolving the target at query time and returning the resulting IP. Useful when your root domain needs to point to a load balancer or CDN endpoint rather than a static IP.
Frequently Asked Questions
- Can I have multiple A records for one domain?
Yes. Having multiple A records for the same domain name is called round-robin DNS and is a simple form of load balancing. Resolvers return the list of IP addresses in a rotating order, distributing requests across multiple servers. It does not provide true health checking or failover, but it spreads traffic evenly under normal conditions and is easy to configure without additional infrastructure. - What is SPF and why does it live in a TXT record?
SPF (Sender Policy Framework) is an email authentication standard that specifies which mail servers are authorised to send email on behalf of your domain. Receiving mail servers look up your SPF TXT record to verify that an incoming message claiming to be from your domain was actually sent from an authorised server. It lives in a TXT record because DNS did not originally have a dedicated record type for email authentication, and TXT records provide a flexible way to publish this kind of policy data. - What happens if I delete my NS records?
Your domain becomes unreachable for all DNS queries. NS records tell the internet which servers hold your zone and are authoritative for your domain. Without them, resolvers cannot find your DNS zone and all lookups for your domain will fail. Never delete NS records without immediately replacing them with correct values, and always update NS records at the domain registry level rather than just in your DNS provider's control panel. - What is a PTR record and when do I need one?
A PTR record performs a reverse DNS lookup, mapping an IP address back to a domain name. Unlike other records which you manage in your own DNS zone, PTR records must be configured by the organisation that owns the IP address block, usually your hosting provider or ISP. PTR records are most important for mail servers because many receiving mail servers perform a reverse DNS check on the sending IP. If no PTR record exists or it does not match the sending domain, the message may be flagged as spam or rejected. - What is a CAA record and should I set one?
A CAA (Certification Authority Authorization) record specifies which Certificate Authorities are permitted to issue SSL and TLS certificates for your domain. If a CAA record exists and a CA is not listed in it, that CA must refuse to issue a certificate for the domain even if the requester completes the normal domain validation process. Setting a CAA record is a straightforward security measure that reduces the risk of a certificate being fraudulently issued for your domain by an unauthorised CA. If you use Let's Encrypt, for example, you would add a CAA record specifyingletsencrypt.orgas the permitted issuer.
Conclusion
DNS records are the control panel of your domain. A and AAAA records point browsers to your servers. MX records route incoming email to the right mail provider. TXT records handle email authentication and domain verification. CNAME records create flexible aliases for subdomains. NS and SOA records define the authority structure of your zone, and CAA records add a layer of certificate security. Getting these right is essential for your website, email, and security infrastructure to function correctly and reliably. Continue with DNS caching, DNS propagation, and how DNS works to complete your understanding of the domain name system.