DNS Records: Complete Guide for Webmasters
Understanding DNS Records: The Foundation of Every Website
Every time someone types your domain name into a browser, a complex lookup process happens in milliseconds — one that most website owners never think about until something breaks. The Domain Name System (DNS) is the internet's distributed phone book, translating human-readable domain names like example.com into machine-readable IP addresses like 93.184.216.34. Without it, users would need to memorize numeric addresses to reach any website.
DNS records are the individual entries in that phone book. Each record type serves a specific purpose: routing web traffic, directing email, proving domain ownership, defining authorized mail senders, and much more. For web developers and sysadmins, understanding DNS record types is not optional knowledge — it is a prerequisite for managing infrastructure reliably, troubleshooting outages, and avoiding costly misconfigurations that cause email to bounce or sites to go dark.
This guide covers every major DNS record type, explains how they interact, and shows you practical methods to inspect them. Whether you are migrating a server, debugging mail delivery failures, or setting up a new domain from scratch, knowing these records will save you hours of guesswork.
What Is a DNS Record?
A DNS record is a text-based instruction stored in a DNS zone file hosted on authoritative name servers. When a resolver needs to look up information about a domain, it queries the authoritative name server and receives one or more DNS records in response.
Every DNS record has three core components:
- Name — the domain or subdomain the record applies to
- Type — the record class, such as A, MX, TXT, CNAME
- Value — the data the record holds (an IP address, a hostname, a text string, etc.)
There is a fourth component worth understanding separately: TTL, or Time To Live. TTL is measured in seconds and tells resolvers how long to cache a record before re-querying the authoritative server. A TTL of 3600 means the record is cached for one hour.
Types of DNS Records
A Record — IPv4 Address Mapping
The A record is the most fundamental DNS record type. It maps a domain name to an IPv4 address, telling the internet where to send traffic for that hostname.
example.com. 3600 IN A 93.184.216.34You can have multiple A records for the same hostname with different IP addresses. DNS resolvers will rotate through them, providing a primitive form of load balancing known as round-robin DNS.
AAAA Record — IPv6 Address Mapping
The AAAA record serves the same purpose as an A record but for IPv6 addresses. IPv6 is a 128-bit address space written in hexadecimal notation.
example.com. 3600 IN AAAA 2606:2800:220:1:248:1893:25c8:1946Modern DNS infrastructure supports both A and AAAA records simultaneously. Clients that support IPv6 will prefer AAAA records when available, regulated by the Happy Eyeballs algorithm in modern browsers.
CNAME Record — Canonical Name (Alias)
A CNAME record creates an alias from one hostname to another. Instead of pointing a hostname to an IP address, it points it to a different domain name — the canonical name — which is then resolved normally.
www.example.com. 3600 IN CNAME example.com.There is one hard restriction: you cannot use a CNAME at the apex (root) domain. The DNS specification prohibits a CNAME coexisting with any other record at the same name, and the apex domain always requires SOA and NS records. If you need apex domain aliasing, some DNS providers implement ALIAS or ANAME records, or CNAME flattening.
MX Record — Mail Exchange
MX records define which mail servers are responsible for accepting email for a domain. The priority value determines the order of preference: lower numbers have higher priority.
example.com. 3600 IN MX 10 mail1.example.com.
example.com. 3600 IN MX 20 mail2.example.com.The sending server tries mail1.example.com first; mail2.example.com is the fallback. MX records must point to a hostname, never directly to an IP address.
TXT Record — Text Data
TXT records store arbitrary text strings. They are now the primary mechanism for domain verification and email authentication. You can check all TXT records quickly using the DNS Lookup tool by Enterno.io.
SPF (Sender Policy Framework) — defines authorized mail senders:
example.com. 3600 IN TXT "v=spf1 include:_spf.google.com ip4:93.184.216.0/24 ~all"DKIM (DomainKeys Identified Mail) — publishes the public key for email signature verification:
selector._domainkey.example.com. 3600 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0G..."DMARC — specifies the policy for handling messages that fail SPF or DKIM checks:
_dmarc.example.com. 3600 IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com"NS Record — Name Server
NS records declare which name servers are authoritative for a domain's DNS zone. When you change your DNS provider, you update these NS records at the registrar level.
example.com. 86400 IN NS ns1.exampledns.com.
example.com. 86400 IN NS ns2.exampledns.com.You must have at least two NS records pointing to different name servers for redundancy.
SOA Record — Start of Authority
The SOA record is the first record in any DNS zone and contains administrative metadata about the zone. There is exactly one SOA record per zone.
example.com. 3600 IN SOA ns1.exampledns.com. admin.example.com. (
2024011501 ; Serial
3600 ; Refresh
900 ; Retry
604800 ; Expire
300 ) ; Minimum TTLThe Serial field is a version number for the zone. Secondary name servers use this to detect zone changes and decide whether to sync.
PTR Record — Reverse DNS
PTR records map an IP address back to a hostname — the reverse of A records. This is called reverse DNS or rDNS.
34.216.184.93.in-addr.arpa. 3600 IN PTR mail.example.com.PTR records are managed by whoever controls the IP address block — typically your hosting provider. For mail servers, a missing PTR record is a guaranteed path to the spam folder. Many receiving mail servers validate that the connecting IP's PTR record matches the hostname presented in the SMTP session.
SRV Record — Service Locator
SRV records specify the location (hostname and port) of servers for specific services, commonly used by VoIP, XMPP, and Microsoft services.
_sip._tcp.example.com. 3600 IN SRV 10 60 5060 sipserver.example.com.CAA Record — Certification Authority Authorization
CAA records specify which certificate authorities are authorized to issue SSL/TLS certificates for a domain — a security control against unauthorized certificate issuance.
example.com. 3600 IN CAA 0 issue "letsencrypt.org"
example.com. 3600 IN CAA 0 issuewild "letsencrypt.org"How to Check DNS Records
dig — The Standard Unix Tool
dig is the de facto standard for DNS Lookup on Linux and macOS.
dig example.com A
dig example.com MX +short
dig example.com TXT
dig @8.8.8.8 example.com A
dig example.com +tracenslookup — Windows-Friendly Alternative
nslookup is available on all major operating systems including Windows.
nslookup -type=MX example.com
nslookup example.com 8.8.8.8Online DNS Lookup Tools
The DNS Lookup by Enterno.io lets you query all major DNS record types (A, AAAA, CNAME, MX, TXT, NS, SOA, PTR, SRV, CAA) from a single interface without opening a terminal. It supports check history for tracking how records change over time — invaluable during migrations.
TTL: What It Is and How to Set It
TTL (Time To Live) controls how long DNS resolvers cache a record before re-querying. This directly affects propagation speed when you make changes.
- Normal operation:
86400(24 hours) for stable records. Reduces DNS query load. - Before a planned migration: Lower to
300(5 minutes) at least 24–48 hours before the change. Restore after migration completes. - During troubleshooting:
60–300seconds for rapid iteration.
Remember: to lower TTL effectively, you must wait for the existing (higher) TTL to expire first before resolvers pick up the new lower value.
Common DNS Configuration Mistakes
CNAME at the Apex Domain
Attempting to add a CNAME for the root domain is the most common DNS mistake. It is prohibited by the DNS specification. Use an A record or your provider's ALIAS/ANAME feature.
Missing PTR Record for Mail Servers
Running an outgoing mail server without a PTR record is a guaranteed path to the spam folder. Contact your hosting provider to configure it — this is not configurable through your domain registrar.
Too High a TTL Before a Migration
Failing to pre-reduce TTL before a planned migration extends the cutover window. Always reduce to 300 at least 24–48 hours before any change.
Record Conflicts During Hosting Migration
When migrating hosts, residual A records, CNAME entries, or dangling SPF includes cause intermittent failures. After every migration, audit your full DNS zone. Use the DNS Lookup by Enterno.io to pull all record types and compare against expected values.
Duplicate or Conflicting SPF Records
A domain must have exactly one SPF record. Two TXT records beginning with v=spf1 create a permanent error condition. Combine all authorized senders into a single SPF record using the include: mechanism.
Conclusion
DNS records form the invisible infrastructure that makes every website, email system, and API документацию endpoint reachable. Understanding each record type gives you the operational visibility to manage, migrate, and troubleshoot your domain with confidence. Before your next server migration, review your full DNS zone, pre-reduce TTL values, and verify that MX, PTR, SPF, DKIM, and DMARC records are all in order. Use the DNS Lookup tool by Enterno.io to inspect all record types at once and confirm that propagation has completed across global resolvers.
Check your website right now
Check now →