DNS Record Types: A, AAAA, MX, CNAME, TXT and More

DNS (Domain Name System) is the system that translates domain names into IP addresses. When you type example.com into a browser, DNS servers find the corresponding IP address and route the request to it. Different types of DNS records serve different functions.

How DNS Works

The DNS resolution process (from entering a domain to obtaining an IP):

1. Browser checks its local DNS cache
2. OS checks its cache and the hosts file
3. Recursive resolver (usually from your ISP or 8.8.8.8) looks up the answer
4. Root DNS points to the .com zone servers
5. TLD server (.com) points to the domain's NS servers
6. Authoritative NS returns the record for the domain

The entire process takes milliseconds thanks to caching at every level. Cache duration is determined by the TTL (Time To Live) value in the record.

A (Address Record)

The primary DNS record — maps a domain name to an IPv4 address:

example.com.    300    IN    A    93.184.216.34

• You can create multiple A records for a single domain (round-robin load balancing)
• TTL 300 (5 minutes) — commonly used for fast failover
• TTL 86400 (24 hours) — for stable servers

When to use: for the main domain and subdomains that need to point to a specific IP address.

AAAA (IPv6 Address Record)

The IPv6 equivalent of an A record:

example.com.    300    IN    AAAA    2606:2800:220:1:248:1893:25c8:1946

As IPv6 adoption grows, it is important to have AAAA records alongside A records. Modern browsers prefer IPv6 when available (Happy Eyeballs algorithm).

CNAME (Canonical Name)

An alias of one domain for another. A CNAME indicates that the domain is an alias:

www.example.com.    3600    IN    CNAME    example.com.
blog.example.com.   3600    IN    CNAME    mysite.github.io.

Limitations:

• A CNAME cannot be created at the root (apex) domain — use an A record instead
• A CNAME cannot coexist with other records for the same name
• Adds an additional DNS Lookup (resolution chain)

Tip: some DNS providers support ALIAS/ANAME records — they function like CNAME but are resolved on the NS side, returning an A record to the client.

MX (Mail Exchanger)

Defines the mail servers for a domain and their priorities:

example.com.    3600    IN    MX    10    mail1.example.com.
example.com.    3600    IN    MX    20    mail2.example.com.
example.com.    3600    IN    MX    30    mail3.example.com.

• Priority — the lower the number, the higher the priority
• Mail goes to the server with the lowest number; the rest are fallbacks
• MX must point to an A record, not a CNAME

Examples for Popular Services

# Google Workspace
@    MX    1     ASPMX.L.GOOGLE.COM.
@    MX    5     ALT1.ASPMX.L.GOOGLE.COM.
@    MX    5     ALT2.ASPMX.L.GOOGLE.COM.
@    MX    10    ALT3.ASPMX.L.GOOGLE.COM.
@    MX    10    ALT4.ASPMX.L.GOOGLE.COM.

# Yandex 360
@    MX    10    mx.yandex.net.

TXT (Text Record)

Stores arbitrary text. Widely used for domain verification and mail configuration:

SPF (Sender Policy Framework)

Specifies which servers are authorized to send email on behalf of the domain:

example.com.    3600    IN    TXT    "v=spf1 include:_spf.google.com include:sendgrid.net ~all"

• include: — allow servers from the SPF record of the specified domain
• ip4:1.2.3.4 — allow a specific IP
• -all — strictly reject all others (hard fail)
• ~all — soft reject (soft fail, likely marked as spam)

DKIM (DomainKeys Identified Mail)

A public key used to verify the digital signature of emails:

google._domainkey.example.com.    TXT    "v=DKIM1; k=rsa; p=MIIBIjAN..."

DMARC

A policy for handling emails that fail SPF/DKIM checks:

_dmarc.example.com.    TXT    "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; pct=100"

• p=none — monitoring only (does not affect delivery)
• p=quarantine — send to spam
• p=reject — reject the email

Domain Verification

Services (Google, Yandex, Facebook) often ask you to add a TXT record to confirm domain ownership:

example.com.    TXT    "google-site-verification=abc123..."

NS (Name Server)

Specifies the authoritative DNS servers for a domain:

example.com.    86400    IN    NS    ns1.registrar.com.
example.com.    86400    IN    NS    ns2.registrar.com.

• A minimum of 2 NS records is required for redundancy
• NS records are managed at the domain registrar
• When changing NS servers, propagation can take up to 48 hours

SOA (Start of Authority)

Contains administrative information about the DNS zone:

example.com.    SOA    ns1.example.com. admin.example.com. (
    2025031001    ; Serial (YYYYMMDDNN)
    3600          ; Refresh (1 hour)
    900           ; Retry (15 minutes)
    1209600       ; Expire (2 weeks)
    86400         ; Minimum TTL (1 day)
)

• Serial — the zone version number, incremented with every change
• Refresh — how often secondary NS servers check for updates
• Retry — how long to wait before retrying if Refresh fails
• Expire — after how long the secondary NS stops serving the zone
• Minimum TTL — TTL for NXDOMAIN responses (domain does not exist)

SRV (Service Record)

Specifies the location of a service with priority, weight, and port:

_sip._tcp.example.com.    SRV    10 60 5060 sip1.example.com.
_sip._tcp.example.com.    SRV    20 40 5060 sip2.example.com.

Used for SIP, XMPP, LDAP, and other protocols that support service discovery via DNS.

CAA (Certificate Authority Authorization)

Specifies which certificate authorities are allowed to issue SSL certificates for the domain:

example.com.    CAA    0 issue "letsencrypt.org"
example.com.    CAA    0 issuewild "letsencrypt.org"
example.com.    CAA    0 iodef "mailto:security@example.com"

CAA records help prevent unauthorized certificate issuance.

PTR (Pointer Record)

A reverse DNS record — translates an IP address into a domain name (reverse DNS). Configured with your hosting provider:

34.216.184.93.in-addr.arpa.    PTR    example.com.

Important for email: mail servers check the PTR record of the sender's IP. If the PTR is missing or does not match the domain, the email may be flagged as spam.

Choosing a TTL