DNS Record Types Explained

The Domain Name System (DNS) uses various record types to store different kinds of information about a domain. Understanding each record type is essential for configuring domains, troubleshooting resolution issues, and managing web infrastructure. This guide covers every major DNS record type with real-world examples.

1. A and AAAA Records

A records map a domain name to an IPv4 address. They are the most fundamental DNS record type and are required for any domain that needs to resolve to a server.

AAAA records (quad-A) map a domain name to an IPv6 address. As IPv6 adoption grows, AAAA records become increasingly important for ensuring reachability on modern networks.

PropertyA RecordAAAA Record
Maps toIPv4 addressIPv6 address
Exampleexample.com. 300 IN A 93.184.216.34example.com. 300 IN AAAA 2606:2800:220:1:248:1893:25c8:1946
Address length32-bit (4 octets)128-bit (8 groups)
Common TTL300–3600 seconds300–3600 seconds

When to use: Use an A record when you need to point a domain to an IPv4 address. Use an AAAA record for IPv6. Many domains publish both to support dual-stack connectivity.

TTL considerations: A lower TTL (e.g., 60s) allows faster DNS changes but increases query load. A higher TTL (e.g., 3600s) reduces load but delays propagation of changes. For most websites, 300 seconds is a good balance.

2. CNAME Records

A CNAME (Canonical Name) record creates an alias from one domain name to another. When a DNS resolver encounters a CNAME, it restarts the lookup using the canonical name.

Example:

www.example.com. 3600 IN CNAME example.com.
shop.example.com. 3600 IN CNAME shops.myhost.com.

Key rules:

  • A CNAME cannot coexist with any other record type for the same name (no CNAME at the zone apex).
  • CNAMEs can point to another CNAME, but this adds extra lookups and should be avoided when possible.
  • Use CNAMEs for subdomains pointing to third-party services (e.g., blog.example.com CNAME mysite.wordpress.com).

When to use: Use CNAMEs when multiple subdomains should resolve to the same target. For the zone apex (example.com), use ALIAS/ANAME records or A/AAAA records instead.

3. MX Records

MX (Mail Exchange) records direct email to mail servers for a domain. Each MX record has a priority value; lower numbers indicate higher priority.

Example:

example.com. 3600 IN MX 10 mail1.example.com.
example.com. 3600 IN MX 20 mail2.example.com.
example.com. 3600 IN MX 30 mail3.backup.com.

In this example, mail servers attempt delivery to mail1.example.com first. If it is unavailable, they fall back to mail2.example.com, then mail3.backup.com.

TTL considerations: MX records typically use TTLs of 3600 seconds or more since mail server changes are infrequent. If migrating email providers, temporarily lower the TTL well in advance.

When to use: MX records are required for any domain that receives email. Without them, senders cannot locate your mail servers.

4. TXT Records

TXT (Text) records store arbitrary text data in DNS. They are widely used for domain verification, email authentication, and policy declarations.

Common uses:

  • SPF: v=spf1 include:_spf.google.com ~all
  • DKIM: v=DKIM1; k=rsa; p=MIGfMA0GCS...
  • DMARC: v=DMARC1; p=reject; rua=mailto:dmarc@example.com
  • Domain verification: google-site-verification=abc123...

Example:

example.com.        3600 IN TXT "v=spf1 include:_spf.google.com ~all"
_dmarc.example.com. 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc@example.com"
selector._domainkey.example.com. 3600 IN TXT "v=DKIM1; k=rsa; p=..."

When to use: TXT records are essential for email authentication (SPF, DKIM, DMARC) and for proving domain ownership to services like Google, Microsoft, and Let's Encrypt.

5. NS and SOA Records

NS (Name Server) records delegate a domain or subdomain to a set of authoritative name servers. Every domain must have at least two NS records.

Example:

example.com. 86400 IN NS ns1.example.com.
example.com. 86400 IN NS ns2.example.com.

SOA (Start of Authority) records contain administrative information about a DNS zone, including the primary name server, the administrator's email, and timing parameters for zone transfers.

Example:

example.com. 86400 IN SOA ns1.example.com. admin.example.com. (
    2025063001 ; serial (YYYYMMDDnn)
    7200       ; refresh (2 hours)
    3600       ; retry (1 hour)
    1209600    ; expire (2 weeks)
    86400      ; minimum TTL (1 day)
)

When to use: NS records are required for delegation. SOA records are automatically created for each zone and should be updated (serial incremented) whenever zone data changes.

6. SRV and PTR Records

SRV (Service) records specify the hostname and port number for specific services. They follow a naming convention: _service._proto.domain.

Example:

_sip._tcp.example.com. 3600 IN SRV 10 60 5060 sip1.example.com.
_sip._tcp.example.com. 3600 IN SRV 20 60 5060 sip2.example.com.

The format is: priority weight port target.

PTR (Pointer) records map an IP address back to a domain name (reverse DNS). They are critical for email deliverability and network diagnostics.

Example:

34.216.184.93.in-addr.arpa. 3600 IN PTR example.com.

When to use: SRV records are used by protocols like SIP, XMPP, and Kerberos. PTR records are set by the IP address owner (usually your hosting provider) and are checked by mail servers to verify sender legitimacy.

7. CAA and DS Records

CAA (Certification Authority Authorization) records specify which certificate authorities (CAs) are allowed to issue SSL/TLS certificates for a domain.

Example:

example.com. 3600 IN CAA 0 issue "letsencrypt.org"
example.com. 3600 IN CAA 0 issuewild "digicert.com"
example.com. 3600 IN CAA 0 iodef "mailto:caa@example.com"

DS (Delegation Signer) records are used in DNSSEC to establish a chain of trust between parent and child zones. They contain a hash of the child zone's DNSKEY record.

Example:

example.com. 86400 IN DS 12345 13 2 1234567890ABCDEF...

When to use: CAA records should be published by every domain to restrict certificate issuance. DS records are needed only when DNSSEC is enabled for your domain.

8. Record Type Comparison Table

RecordPurposePoints ToZone Apex?Typical TTL
AIPv4 mappingIPv4 addressYes300–3600s
AAAAIPv6 mappingIPv6 addressYes300–3600s
CNAMEAliasAnother domainNo3600s
MXMail routingMail serverYes3600s+
TXTText dataStringYes3600s
NSDelegationName serverYes86400s
SOAZone metadataZone infoYes86400s
SRVService locationHost:portNo3600s
PTRReverse DNSDomain nameN/A86400s
CAACA restrictionCA domainYes3600s
DSDNSSEC trustKey hashYes86400s