News
🌐 Networking Tutorials DNS Record Types Every Developer Should Know

DNS Record Types Every Developer Should Know

The records you encounter when setting up a domain, configuring email, debugging a site that is not resolving, or pointing a subdomain at a new service.

DNS is a distributed database that translates domain names into the information needed to reach a service. Each entry in that database is a record with a type. Understanding the common types makes domain configuration and debugging much faster.

A — Address

Maps a domain name to an IPv4 address. The most fundamental record type.

example.com.     300    IN    A    203.0.113.10
www.example.com. 300    IN    A    203.0.113.10

When you visit a website and DNS resolves example.com to an IP, it is an A record doing that translation. The number (300) is the TTL in seconds — how long resolvers cache the record before asking again.

AAAA — IPv6 address

The same as A, but for IPv6 addresses.

example.com.    300    IN    AAAA    2001:db8::1

If you are deploying to a host that has an IPv6 address, add an AAAA record alongside the A record. Most clients try IPv6 first and fall back to IPv4.

CNAME — Canonical name

Creates an alias from one domain name to another. The DNS resolver follows the chain until it reaches an A or AAAA record.

www.example.com.  300    IN    CNAME    example.com.
blog.example.com. 300    IN    CNAME    myblog.some-hosting-provider.com.

Common uses: pointing www. to the apex domain, pointing a subdomain at a SaaS provider's hostname (Heroku, Netlify, Vercel), CDN configuration.

CNAME at the apex domain (example.com itself) is not allowed by the DNS spec. Most DNS providers offer a workaround called CNAME flattening or ALIAS records that behaves like a CNAME but is allowed at the apex.

A CNAME record cannot coexist with other records for the same name. If blog.example.com has a CNAME, it cannot also have an MX or TXT record.

MX — Mail exchange

Specifies which servers handle email for a domain. Multiple MX records can exist, each with a priority — lower priority numbers are tried first.

example.com.    300    IN    MX    10 mail1.example.com.
example.com.    300    IN    MX    20 mail2.example.com.

When someone sends an email to user@example.com, their mail server looks up the MX records, connects to the highest-priority one (lowest number), and delivers the message.

If you use a third-party email service (Google Workspace, Fastmail, Zoho), they provide specific MX records to add. Add exactly what they specify — wrong MX records mean email stops working.

TXT — Text

A free-form text record. Originally intended for human-readable notes, TXT records are now used extensively for domain verification and email authentication.

SPF (Sender Policy Framework) — specifies which servers are authorised to send email for a domain:

example.com.    300    IN    TXT    "v=spf1 include:_spf.google.com ~all"

DKIM — a public key that receiving mail servers use to verify an email's signature:

selector._domainkey.example.com.    300    IN    TXT    "v=DKIM1; k=rsa; p=MIGfMA0G..."

DMARC — policy for handling emails that fail SPF or DKIM:

_dmarc.example.com.    300    IN    TXT    "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com"

Domain verification — most SaaS tools (Google Search Console, GitHub Pages, SendGrid) ask you to add a TXT record to prove you own a domain:

example.com.    300    IN    TXT    "google-site-verification=abc123..."

NS — Nameserver

Specifies which DNS servers are authoritative for a domain — the ones that hold the definitive records.

example.com.    86400    IN    NS    ns1.registrar.com.
example.com.    86400    IN    NS    ns2.registrar.com.

NS records are set at your domain registrar, not in your DNS provider's dashboard. When you transfer DNS management from one provider to another, you update the NS records at the registrar.

CAA — Certification Authority Authorisation

Specifies which certificate authorities are allowed to issue SSL certificates for a domain. A CA checks for CAA records before issuing a certificate.

example.com.    300    IN    CAA    0 issue "letsencrypt.org"
example.com.    300    IN    CAA    0 issuewild ";"

The second record (issuewild ";") prevents any CA from issuing wildcard certificates for the domain. Add CAA records to prevent mis-issuance if your domain is high-value enough to be a phishing target.

Debugging DNS

Check a specific record type:

dig example.com A
dig example.com MX
dig example.com TXT

Check which name servers are authoritative:

dig example.com NS

Query a specific DNS server directly (bypass local cache):

dig @8.8.8.8 example.com A

Check propagation — whether a change has reached a public resolver:

dig @1.1.1.1 example.com A    # Cloudflare
dig @8.8.8.8 example.com A    # Google

If the results differ between your local resolver and the public ones, your local cache has the old record and it will clear once the TTL expires.