DNS Record Types Explained

How DNS Works

The Domain Name System (DNS) translates human-readable domain names like example.com into machine-readable IP addresses like 93.184.216.34. This translation happens through a hierarchical, distributed database composed of DNS records. Each record type serves a different purpose: routing web traffic, delivering email, verifying domain ownership, or delegating authority.

Understanding DNS record types is essential for developers who deploy applications, configure email services, set up CDNs, or troubleshoot connectivity issues. This guide covers each major record type with practical examples.

A Record (Address)

The A record is the most fundamental DNS record. It maps a domain name to an IPv4 address. When someone types a domain into their browser, the DNS resolver looks up the A record to find the IP address of the web server.

example.com.    300    IN    A    93.184.216.34

• A domain can have multiple A records for load balancing (round-robin DNS).
• The TTL (300 seconds in this example) controls how long resolvers cache the record.
• A records only support IPv4. For IPv6, use AAAA records.

AAAA Record (IPv6 Address)

The AAAA record is the IPv6 equivalent of the A record. It maps a domain name to a 128-bit IPv6 address. The name “AAAA” reflects that an IPv6 address is four times the size of an IPv4 address (128 bits vs 32 bits).

example.com.    300    IN    AAAA    2606:2800:220:1:248:1893:25c8:1946

If your hosting provider supports IPv6, you should add AAAA records alongside your A records. Many modern networks are IPv6-only or IPv6-preferred, and having AAAA records ensures your site is reachable from all networks.

CNAME Record (Canonical Name)

A CNAME record creates an alias from one domain name to another. Instead of pointing to an IP address, it points to another domain name, which is then resolved to an IP. This is commonly used for subdomains and CDN integration.

www.example.com.    300    IN    CNAME    example.com.
blog.example.com.   300    IN    CNAME    example.netlify.app.

• Cannot coexist with other records: A CNAME record cannot be set on a name that has other records. This means you cannot use a CNAME at the zone apex (e.g., example.com), only on subdomains.
• Adds a DNS lookup: The resolver must make an additional query to resolve the CNAME target, adding latency.
• ALIAS / ANAME: Some DNS providers offer proprietary ALIAS or ANAME records that behave like CNAMEs at the zone apex.

MX Record (Mail Exchange)

MX records tell the world which mail servers accept email for your domain. When someone sends email to user@example.com, the sending server looks up the MX records for example.com to find the destination mail server.

example.com.    300    IN    MX    10    mail1.example.com.
example.com.    300    IN    MX    20    mail2.example.com.

• Priority: The number before the mail server hostname is the priority. Lower numbers are tried first. In this example, mail1 (priority 10) is preferred over mail2 (priority 20).
• Redundancy: Multiple MX records with different priorities provide failover. If the primary server is down, email is delivered to the backup.
• MX records must point to a hostname (A/AAAA record), never to an IP address or CNAME.

TXT Record (Text)

TXT records hold arbitrary text data associated with a domain. They have become the Swiss Army knife of DNS, used for domain verification, email authentication (SPF, DKIM, DMARC), and service configuration.

; SPF record
example.com.  300  IN  TXT  "v=spf1 include:_spf.google.com -all"

; DMARC record
_dmarc.example.com.  300  IN  TXT  "v=DMARC1; p=reject; rua=mailto:dmarc@example.com"

; Domain verification
example.com.  300  IN  TXT  "google-site-verification=abc123..."

A domain can have multiple TXT records. Email-related TXT records (SPF, DKIM, DMARC) are critical for email deliverability. See our SPF, DKIM, and DMARC guide for details.

NS Record (Name Server)

NS records delegate a domain to specific authoritative name servers. They tell DNS resolvers which servers hold the definitive records for a domain.

example.com.    86400    IN    NS    ns1.cloudflare.com.
example.com.    86400    IN    NS    ns2.cloudflare.com.

• NS records are set at your domain registrar (not your DNS provider).
• You should always have at least two name servers for redundancy.
• NS records typically have long TTLs (86400 = 24 hours) because name server changes are infrequent.

SOA Record (Start of Authority)

Every DNS zone has exactly one SOA record. It contains administrative information about the zone: the primary name server, the responsible party's email, the zone's serial number, and timing parameters for zone transfers and caching.

example.com.    3600    IN    SOA    ns1.example.com. admin.example.com. (
                                      2024010101  ; serial
                                      7200        ; refresh (2 hours)
                                      3600        ; retry (1 hour)
                                      1209600     ; expire (14 days)
                                      86400       ; minimum TTL (24 hours)
                                    )

• Serial: A version number that increments when the zone changes. Secondary servers use this to determine whether they need to pull updates.
• Refresh / Retry / Expire: Control how secondary name servers synchronize with the primary.
• The admin email uses a dot instead of @: admin.example.com means admin@example.com.

CAA Record (Certificate Authority Authorization)

CAA records specify which Certificate Authorities are allowed to issue TLS certificates for your domain. This prevents unauthorized CAs from issuing certificates, reducing the risk of man-in-the-middle attacks.

example.com.    300    IN    CAA    0 issue "letsencrypt.org"
example.com.    300    IN    CAA    0 issuewild "letsencrypt.org"
example.com.    300    IN    CAA    0 iodef "mailto:security@example.com"

• issue: Authorizes a CA to issue non-wildcard certificates.
• issuewild: Authorizes a CA to issue wildcard certificates.
• iodef: Specifies a contact for reporting policy violations.

SRV Record (Service)

SRV records define the hostname and port for specific services. They are used by protocols like SIP, XMPP, LDAP, and Microsoft Active Directory to discover service endpoints.

_sip._tcp.example.com.  300  IN  SRV  10 60 5060 sip.example.com.
;                                     ^  ^   ^     ^
;                               priority weight port  target

SRV records are less common in typical web development but essential for VoIP, messaging, and enterprise service discovery.

PTR Record (Pointer)

PTR records are the reverse of A records: they map an IP address back to a domain name. They are primarily used for reverse DNS lookups, which are important for email deliverability (many mail servers reject email from IPs without valid PTR records) and network diagnostics.

Choosing the Right Record Type

Look Up DNS Records

Our Domain Intelligence Dashboard retrieves all DNS record types for any domain in a single query. The DNS panel shows records organized by type with count badges, and the email security section analyzes SPF, DKIM, and DMARC specifically.