DNS Record Types Explained

The A record is the most fundamental DNS record type. It directly maps a domain or subdomain to a 32-bit IPv4 address. When someone types your domain into their browser, the A record tells them where to find your web server.

Common Uses:

• Pointing your domain to your web server
• Setting up subdomains like blog.example.com
• Load balancing by having multiple A records for the same domain

Best Practices:

• Use a reasonable TTL (300-3600 seconds for most cases)
• Consider using multiple A records for redundancy
• Always have a corresponding AAAA record for IPv6

The AAAA record (pronounced "quad-A") is the IPv6 equivalent of the A record. As IPv4 addresses become scarce, IPv6 adoption is growing, making AAAA records increasingly important.

Why IPv6 Matters:

• IPv4 has approximately 4.3 billion addresses; IPv6 has 340 undecillion
• Many mobile networks are IPv6-only
• Better performance in some networks
• Future-proofing your infrastructure

A CNAME record creates an alias from one domain name to another. Instead of pointing to an IP address, it points to another domain name, which then resolves to an IP address.

Common Uses:

• Pointing www to your root domain
• Connecting to CDN or cloud services
• Creating memorable subdomains for third-party services

Important Rules:

• Cannot be used at the zone apex (root domain)
• Cannot coexist with other records for the same name
• Creates an extra DNS lookup, slightly increasing latency

MX records define which mail servers accept email for your domain. The priority number determines which server to try first (lower numbers = higher priority).

Priority System:

• Lower priority values are tried first
• Multiple MX records provide redundancy
• If the primary server is down, mail goes to the backup

Example Setup:

example.com.    MX    10 mail1.example.com.
example.com.    MX    20 mail2.example.com.
example.com.    MX    30 backup.example.com.

Validate your email configuration with our Email Authentication Tool.

TXT records store arbitrary text data. While originally designed for human-readable notes, they're now primarily used for machine-readable data like email authentication and domain verification.

Common Uses:

• SPF: Specifies which servers can send email for your domain
• DKIM: Contains public keys for email signing
• DMARC: Defines email authentication policies
• Domain Verification: Proving ownership to services like Google, Microsoft, and SSL providers

Size Limits:

TXT records are limited to 255 characters per string, but you can have multiple strings in a single record that are concatenated together.

NS records specify which DNS servers are authoritative for your domain. They're essential for the DNS delegation system, allowing the domain hierarchy to work.

Best Practices:

• Always have at least 2 NS records for redundancy
• Use nameservers in different geographic locations
• Use a long TTL (86400 seconds / 24 hours is common)
• Ensure all listed nameservers are functioning

The SOA record contains essential information about the DNS zone, including the primary nameserver, administrator email, and timing parameters for zone transfers and caching.

SOA Fields:

• Primary NS: Primary nameserver for the zone
• Admin Email: Administrator email (@ replaced with .)
• Serial: Version number (often YYYYMMDDNN format)
• Refresh: How often secondaries check for updates
• Retry: Retry interval after failed refresh
• Expire: When secondary data is no longer authoritative
• Minimum TTL: Default negative caching TTL

CAA records specify which Certificate Authorities (CAs) are allowed to issue SSL/TLS certificates for your domain. This helps prevent unauthorized certificate issuance.

CAA Tags:

• issue: Allows the CA to issue standard certificates
• issuewild: Allows the CA to issue wildcard certificates
• iodef: Email/URL for violation reports

Example Setup:

example.com.    CAA    0 issue "letsencrypt.org"
example.com.    CAA    0 issuewild "letsencrypt.org"
example.com.    CAA    0 iodef "mailto:security@example.com"

Check your CAA records with our Security Analysis Tool.

PTR records enable reverse DNS lookups, mapping IP addresses back to domain names. They're stored in the special in-addr.arpa zone for IPv4 and ip6.arpa for IPv6.

Why PTR Records Matter:

• Email servers check PTR records to verify sender legitimacy
• Security tools use reverse DNS for logging and identification
• Some services require matching forward and reverse DNS

PTR records are typically managed by your hosting provider or ISP since they control the IP address allocation.

SRV records define the hostname and port for specific services. They allow services to be discovered without hardcoding server addresses.

SRV Format:

_service._protocol.domain. TTL IN SRV priority weight port target

Common Uses:

• VoIP and SIP services
• XMPP/Jabber messaging
• Microsoft Active Directory
• Minecraft servers