DNS Records Explained: A Complete Guide to A, AAAA, MX, NS, TXT, and CNAME
The Domain Name System (DNS) is often called the phonebook of the internet. Every time you type a URL into your browser, DNS translates that human-readable name into the numerical IP address that computers use to communicate. But DNS does far more than simple name-to-address translation. It is a distributed database system that stores many types of records, each serving a different purpose.
Whether you are a web developer configuring a new domain, a system administrator troubleshooting email delivery, or simply curious about how the internet works, understanding DNS records is essential. This guide covers every major DNS record type, explains how each one works at a technical level, and provides practical examples you can test yourself using our DNS Lookup tool.
How DNS Works: A Quick Overview
Before diving into individual record types, it helps to understand the DNS resolution process. When you type "example.com" into your browser, the following happens:
- Your browser checks its local cache to see if it already knows the IP address for that domain.
- If not cached, it asks the operating system's resolver, which checks its own cache.
- The resolver queries a recursive DNS server (usually provided by your ISP or a public service like Google DNS at 8.8.8.8 or Cloudflare at 1.1.1.1).
- The recursive server contacts the root nameservers, which direct it to the appropriate Top-Level Domain (TLD) nameservers (e.g., .com, .org, .net).
- The TLD nameservers point to the authoritative nameservers for the specific domain.
- The authoritative nameserver responds with the requested record, which propagates back through the chain to your browser.
This entire process typically takes between 20 and 200 milliseconds. You can observe it in action by running a query with our DNS Lookup tool, which shows you exactly which records are returned for any domain.
A Records: The Foundation of DNS
The A record (Address record) is the most fundamental DNS record type. It maps a domain name to an IPv4 address.
Format
example.com. IN A 93.184.216.34Each field represents:
- example.com. - The domain name (the trailing dot indicates the root zone)
- IN - Internet class
- A - Record type
- 93.184.216.34 - The IPv4 address
How A Records Work
When a browser needs to connect to "example.com," the DNS resolver ultimately requests the A record from the authoritative nameserver. The response contains the IPv4 address where the website's server is located. The browser then opens a TCP connection to that IP address, typically on port 443 for HTTPS or port 80 for HTTP.
Multiple A Records
A domain can have multiple A records pointing to different IP addresses. This is a basic form of load balancing called DNS round-robin. When a resolver queries a domain with multiple A records, the authoritative server can rotate the order of the addresses, distributing traffic across multiple servers.
example.com. IN A 93.184.216.34
example.com. IN A 93.184.216.35
example.com. IN A 93.184.216.36Common Uses
- Pointing a domain to a web server
- Pointing a subdomain (like "api.example.com") to a different server
- Setting up load balancing with multiple IP addresses
You can check what A records a domain has by using our DNS Lookup tool or by looking up the IP directly with our IP Lookup tool.
AAAA Records: IPv6 Addressing
The AAAA record (often pronounced "quad-A") is the IPv6 equivalent of the A record. As the internet transitions from IPv4 to IPv6, AAAA records are becoming increasingly important.
Format
example.com. IN AAAA 2606:2800:0220:0001:0248:1893:25c8:1946Why AAAA Records Matter
IPv4 supports roughly 4.3 billion addresses, and they have been exhausted since 2011. IPv6 supports 340 undecillion addresses (340 followed by 36 zeros), effectively eliminating address scarcity. As more ISPs and hosting providers deploy IPv6 infrastructure, having AAAA records ensures your domain is accessible over the modern protocol.
Dual-Stack Configuration
Most domains today run a "dual-stack" configuration, meaning they have both A and AAAA records:
example.com. IN A 93.184.216.34
example.com. IN AAAA 2606:2800:0220:0001:0248:1893:25c8:1946When a client connects, it typically attempts both IPv4 and IPv6 simultaneously (a technique called "Happy Eyeballs") and uses whichever responds first. You can test IPv6 connectivity for any domain using our IPv6 Tools.
CNAME Records: Domain Aliases
A CNAME record (Canonical Name record) creates an alias from one domain name to another. Instead of pointing to an IP address, a CNAME points to a different domain name, which then resolves to an IP through its own A or AAAA records.
Format
www.example.com. IN CNAME example.com.
blog.example.com. IN CNAME hosting-provider.com.How CNAME Resolution Works
When a resolver encounters a CNAME record, it restarts the resolution process for the target domain. For example:
- Browser requests "www.example.com"
- DNS returns CNAME pointing to "example.com"
- DNS then resolves "example.com" and returns the A record (93.184.216.34)
- Browser connects to 93.184.216.34
CNAME Rules and Restrictions
There are important restrictions on CNAME records that catch many people off guard:
- A CNAME cannot coexist with other record types for the same name. If you have a CNAME for "blog.example.com," you cannot also have an A record, MX record, or TXT record for "blog.example.com."
- The zone apex (bare domain) cannot have a CNAME. You cannot create a CNAME for "example.com" itself, only for subdomains like "www.example.com." This is because the apex must have SOA and NS records, which would conflict with the CNAME.
- CNAME chains should be avoided. While technically possible to have CNAME records pointing to other CNAMEs, each hop adds latency to resolution. Best practice is to have a CNAME point directly to a domain with an A or AAAA record.
Common Uses
- Pointing "www.example.com" to "example.com"
- Pointing subdomains to third-party hosting services (e.g., GitHub Pages, Shopify, Netlify)
- Domain verification for SaaS platforms
- CDN configuration
MX Records: Email Routing
MX records (Mail Exchanger records) tell the internet where to deliver email for your domain. Without properly configured MX records, email sent to your domain will bounce.
Format
example.com. IN MX 10 mail1.example.com.
example.com. IN MX 20 mail2.example.com.The number before the mail server hostname is the priority value. Lower numbers indicate higher priority. In the example above, mail1 is the primary server (priority 10), and mail2 is the backup (priority 20).
How Email Delivery Uses MX Records
When someone sends an email to [email protected], their mail server:
- Queries the DNS for MX records of "example.com"
- Sorts the results by priority (lowest number first)
- Attempts delivery to the highest-priority server (mail1.example.com)
- If that server is unreachable, falls back to the next priority (mail2.example.com)
- If all servers fail, the sending server will retry over a period of hours or days before generating a bounce notification
Common MX Configurations
| Provider | Typical MX Records |
|---|---|
| Google Workspace | ASPMX.L.GOOGLE.COM (priority 1), ALT1.ASPMX.L.GOOGLE.COM (priority 5) |
| Microsoft 365 | *.mail.protection.outlook.com (priority 0) |
| Proton Mail | mail.protonmail.ch (priority 10), mailsec.protonmail.ch (priority 20) |
| Self-hosted | mail.yourdomain.com (priority 10) |
Troubleshooting Email Delivery
If you are experiencing email delivery issues, the first step is always to verify your MX records. Use our DNS Lookup tool to check that your MX records are correctly configured and pointing to active mail servers. You can also use our Blacklist Check to ensure your mail server's IP is not on any spam blacklists, and our Reverse DNS tool to verify that your mail server has proper PTR records, which many receiving servers require.
NS Records: Delegation of Authority
NS records (Name Server records) specify which DNS servers are authoritative for a domain. They are the cornerstone of DNS delegation, allowing the hierarchical structure of DNS to function.
Format
example.com. IN NS ns1.dnshost.com.
example.com. IN NS ns2.dnshost.com.How NS Records Work
NS records exist at two levels:
- At the registrar level (parent zone): When you register a domain, you specify nameservers with your domain registrar. These NS records are stored in the TLD zone (e.g., the .com zone) and tell recursive resolvers where to find the authoritative servers for your domain.
- At the zone level (authoritative zone): Your authoritative DNS zone also contains NS records that confirm which servers are authoritative. These should match what is configured at the registrar.
Best Practices for NS Records
- Always have at least two nameservers for redundancy
- Place nameservers on different networks and ideally different geographic locations
- Use nameservers provided by your DNS hosting provider for best performance
- Ensure registrar NS records match your zone NS records to avoid resolution failures
TXT Records: Verification and Security
TXT records store arbitrary text data associated with a domain name. Originally intended for human-readable notes, TXT records have become critical for email security, domain verification, and various authentication mechanisms.
Format
example.com. IN TXT "v=spf1 include:_spf.google.com ~all"SPF (Sender Policy Framework)
SPF records are TXT records that specify which mail servers are authorized to send email on behalf of your domain. This prevents spammers from forging your domain in the "From" address (a technique called email spoofing).
example.com. IN TXT "v=spf1 ip4:93.184.216.34 include:_spf.google.com -all"This SPF record says: "Email from example.com is legitimate if sent from 93.184.216.34 or Google's mail servers. Reject everything else."
DKIM (DomainKeys Identified Mail)
DKIM records are TXT records that publish a public cryptographic key. Sending mail servers sign outgoing messages with a private key, and receiving servers verify the signature using the public key from DNS.
selector._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSq..."DMARC (Domain-based Message Authentication)
DMARC records build on SPF and DKIM, specifying what to do when authentication fails:
_dmarc.example.com. IN TXT "v=DMARC1; p=reject; rua=mailto:[email protected]"This tells receiving servers to reject unauthenticated messages and send aggregate reports to [email protected].
Domain Verification
Many services use TXT records to verify domain ownership. Google Search Console, Microsoft 365, and various SaaS platforms ask you to add a specific TXT record to prove you control the domain:
example.com. IN TXT "google-site-verification=abc123xyz..."Other Important DNS Record Types
SOA Record (Start of Authority)
Every DNS zone has exactly one SOA record. It contains administrative information about the zone, including the primary nameserver, the email address of the zone administrator, a serial number that increments with each change, and timing parameters for zone transfers and caching.
SRV Record (Service Locator)
SRV records specify the host and port for specific services. They are commonly used for SIP (VoIP), XMPP (messaging), and LDAP (directory services):
_sip._tcp.example.com. IN SRV 10 60 5060 sipserver.example.com.CAA Record (Certificate Authority Authorization)
CAA records specify which Certificate Authorities are allowed to issue SSL/TLS certificates for your domain. This prevents unauthorized certificate issuance:
example.com. IN CAA 0 issue "letsencrypt.org"You can verify whether a domain's SSL certificates are properly issued using our SSL Checker.
PTR Record (Pointer)
PTR records are the reverse of A records. They map an IP address back to a domain name. We cover these in depth in our Reverse DNS Explained article, and you can test them with our Reverse DNS tool.
How to Check DNS Records
There are several ways to query DNS records:
Command Line Tools
# Using dig (Linux/macOS)
dig example.com A
dig example.com MX
dig example.com TXT
dig example.com ANY
# Using nslookup (Windows/Linux/macOS)
nslookup -type=A example.com
nslookup -type=MX example.comOnline Tools
The easiest way to check DNS records is our DNS Lookup tool, which queries all record types simultaneously and presents the results in a clean, readable format. You do not need to install anything or open a terminal.
DNS Propagation and TTL
When you change a DNS record, the change does not take effect instantly. Each DNS record has a TTL (Time to Live) value measured in seconds, which tells resolvers how long to cache the record before checking for updates.
| TTL Value | Duration | Typical Use |
|---|---|---|
| 300 | 5 minutes | Frequently changing records, failover configs |
| 3600 | 1 hour | Standard records |
| 86400 | 24 hours | Stable records that rarely change |
If you set a TTL of 3600 (1 hour), after updating the record, some resolvers may still serve the old value for up to an hour. To minimize downtime during DNS changes, lower the TTL well in advance of the change, wait for the old TTL to expire, make the change, and then raise the TTL back after propagation.
Key Takeaways
- A records map domains to IPv4 addresses; AAAA records map to IPv6 addresses
- CNAME records create aliases but cannot coexist with other record types for the same name
- MX records route email and use priority numbers for failover
- NS records delegate authority to authoritative nameservers
- TXT records handle email security (SPF, DKIM, DMARC) and domain verification
- TTL controls how long DNS records are cached by resolvers
- Use our DNS Lookup tool to inspect any domain's DNS configuration instantly
Related Articles:
Want the full interactive guide?
What Is DNS? Interactive Guide →WhatIsMyLocation Team
Our team of network engineers and web developers builds and maintains 25+ free networking and location tools used by thousands of users every month. Every article is reviewed for technical accuracy using real-world testing with our own tools.
Related Articles
Try Our Location Tools
Find your IP address, GPS coordinates, and more with our free tools.