DNS Record Types Explained
The Domain Name System (DNS) uses various record types to store different kinds of information about a domain. Understanding each record type is essential for configuring domains, troubleshooting resolution issues, and managing web infrastructure. This guide covers every major DNS record type with real-world examples.
Table of Contents
1. A and AAAA Records
A records map a domain name to an IPv4 address. They are the most fundamental DNS record type and are required for any domain that needs to resolve to a server.
AAAA records (quad-A) map a domain name to an IPv6 address. As IPv6 adoption grows, AAAA records become increasingly important for ensuring reachability on modern networks.
| Property | A Record | AAAA Record |
|---|---|---|
| Maps to | IPv4 address | IPv6 address |
| Example | example.com. 300 IN A 93.184.216.34 | example.com. 300 IN AAAA 2606:2800:220:1:248:1893:25c8:1946 |
| Address length | 32-bit (4 octets) | 128-bit (8 groups) |
| Common TTL | 300–3600 seconds | 300–3600 seconds |
When to use: Use an A record when you need to point a domain to an IPv4 address. Use an AAAA record for IPv6. Many domains publish both to support dual-stack connectivity.
TTL considerations: A lower TTL (e.g., 60s) allows faster DNS changes but increases query load. A higher TTL (e.g., 3600s) reduces load but delays propagation of changes. For most websites, 300 seconds is a good balance.
2. CNAME Records
A CNAME (Canonical Name) record creates an alias from one domain name to another. When a DNS resolver encounters a CNAME, it restarts the lookup using the canonical name.
Example:
www.example.com. 3600 IN CNAME example.com.
shop.example.com. 3600 IN CNAME shops.myhost.com.
Key rules:
- A CNAME cannot coexist with any other record type for the same name (no CNAME at the zone apex).
- CNAMEs can point to another CNAME, but this adds extra lookups and should be avoided when possible.
- Use CNAMEs for subdomains pointing to third-party services (e.g.,
blog.example.com CNAME mysite.wordpress.com).
When to use: Use CNAMEs when multiple subdomains should resolve to the same target. For the zone apex (example.com), use ALIAS/ANAME records or A/AAAA records instead.
3. MX Records
MX (Mail Exchange) records direct email to mail servers for a domain. Each MX record has a priority value; lower numbers indicate higher priority.
Example:
example.com. 3600 IN MX 10 mail1.example.com.
example.com. 3600 IN MX 20 mail2.example.com.
example.com. 3600 IN MX 30 mail3.backup.com.
In this example, mail servers attempt delivery to mail1.example.com first. If it is unavailable, they fall back to mail2.example.com, then mail3.backup.com.
TTL considerations: MX records typically use TTLs of 3600 seconds or more since mail server changes are infrequent. If migrating email providers, temporarily lower the TTL well in advance.
When to use: MX records are required for any domain that receives email. Without them, senders cannot locate your mail servers.
4. TXT Records
TXT (Text) records store arbitrary text data in DNS. They are widely used for domain verification, email authentication, and policy declarations.
Common uses:
- SPF:
v=spf1 include:_spf.google.com ~all - DKIM:
v=DKIM1; k=rsa; p=MIGfMA0GCS... - DMARC:
v=DMARC1; p=reject; rua=mailto:dmarc@example.com - Domain verification:
google-site-verification=abc123...
Example:
example.com. 3600 IN TXT "v=spf1 include:_spf.google.com ~all"
_dmarc.example.com. 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc@example.com"
selector._domainkey.example.com. 3600 IN TXT "v=DKIM1; k=rsa; p=..."
When to use: TXT records are essential for email authentication (SPF, DKIM, DMARC) and for proving domain ownership to services like Google, Microsoft, and Let's Encrypt.
5. NS and SOA Records
NS (Name Server) records delegate a domain or subdomain to a set of authoritative name servers. Every domain must have at least two NS records.
Example:
example.com. 86400 IN NS ns1.example.com.
example.com. 86400 IN NS ns2.example.com.
SOA (Start of Authority) records contain administrative information about a DNS zone, including the primary name server, the administrator's email, and timing parameters for zone transfers.
Example:
example.com. 86400 IN SOA ns1.example.com. admin.example.com. (
2025063001 ; serial (YYYYMMDDnn)
7200 ; refresh (2 hours)
3600 ; retry (1 hour)
1209600 ; expire (2 weeks)
86400 ; minimum TTL (1 day)
)
When to use: NS records are required for delegation. SOA records are automatically created for each zone and should be updated (serial incremented) whenever zone data changes.
6. SRV and PTR Records
SRV (Service) records specify the hostname and port number for specific services. They follow a naming convention: _service._proto.domain.
Example:
_sip._tcp.example.com. 3600 IN SRV 10 60 5060 sip1.example.com.
_sip._tcp.example.com. 3600 IN SRV 20 60 5060 sip2.example.com.
The format is: priority weight port target.
PTR (Pointer) records map an IP address back to a domain name (reverse DNS). They are critical for email deliverability and network diagnostics.
Example:
34.216.184.93.in-addr.arpa. 3600 IN PTR example.com.
When to use: SRV records are used by protocols like SIP, XMPP, and Kerberos. PTR records are set by the IP address owner (usually your hosting provider) and are checked by mail servers to verify sender legitimacy.
7. CAA and DS Records
CAA (Certification Authority Authorization) records specify which certificate authorities (CAs) are allowed to issue SSL/TLS certificates for a domain.
Example:
example.com. 3600 IN CAA 0 issue "letsencrypt.org"
example.com. 3600 IN CAA 0 issuewild "digicert.com"
example.com. 3600 IN CAA 0 iodef "mailto:caa@example.com"
DS (Delegation Signer) records are used in DNSSEC to establish a chain of trust between parent and child zones. They contain a hash of the child zone's DNSKEY record.
Example:
example.com. 86400 IN DS 12345 13 2 1234567890ABCDEF...
When to use: CAA records should be published by every domain to restrict certificate issuance. DS records are needed only when DNSSEC is enabled for your domain.
8. Record Type Comparison Table
| Record | Purpose | Points To | Zone Apex? | Typical TTL |
|---|---|---|---|---|
| A | IPv4 mapping | IPv4 address | Yes | 300–3600s |
| AAAA | IPv6 mapping | IPv6 address | Yes | 300–3600s |
| CNAME | Alias | Another domain | No | 3600s |
| MX | Mail routing | Mail server | Yes | 3600s+ |
| TXT | Text data | String | Yes | 3600s |
| NS | Delegation | Name server | Yes | 86400s |
| SOA | Zone metadata | Zone info | Yes | 86400s |
| SRV | Service location | Host:port | No | 3600s |
| PTR | Reverse DNS | Domain name | N/A | 86400s |
| CAA | CA restriction | CA domain | Yes | 3600s |
| DS | DNSSEC trust | Key hash | Yes | 86400s |