Understanding DNS Records: A Complete Guide for Beginners
Learn what DNS records are, how they work, and why they matter. This beginner-friendly guide explains A, AAAA, MX, CNAME, TXT, NS, and SOA records with practical examples.
What DNS Does and Why It Matters
The Domain Name System (DNS) is often called the phone book of the internet. When you type a domain name like "example.com" into your browser, your computer does not know where to find that website. DNS translates human-readable domain names into the numerical IP addresses that computers use to locate each other on the network. Without DNS, you would need to memorize IP addresses like 93.184.216.34 for every website you visit. DNS runs silently in the background of every internet interaction — browsing websites, sending emails, using apps — making it one of the most critical pieces of internet infrastructure.
A Records and AAAA Records: Mapping Domains to IP Addresses
The most fundamental DNS records are A and AAAA records. An A record maps a domain name to an IPv4 address (like 93.184.216.34). An AAAA record does the same for IPv6 addresses (like 2606:2800:220:1:248:1893:25c8:1946). When someone visits your website, their browser queries DNS for your domain's A or AAAA record to find the server's IP address. A domain can have multiple A records pointing to different IP addresses for load balancing or redundancy. These records are the foundation of how websites are found on the internet.
MX Records: Directing Email Traffic
MX (Mail Exchanger) records tell email systems which servers handle email for a domain. When someone sends an email to user@example.com, the sending server looks up example.com's MX records to find where to deliver the message. Each MX record has a priority number — lower numbers mean higher priority. If the primary mail server is unavailable, the sending server tries the next one in priority order. Misconfigured MX records are one of the most common causes of email delivery problems. You can check a domain's MX records using our DNS Lookup tool.
CNAME Records: Domain Aliases
A CNAME (Canonical Name) record creates an alias from one domain name to another. For example, you might set up a CNAME record so that www.example.com points to example.com. Instead of requiring its own A record, the CNAME tells DNS to look up the target domain's records instead. CNAME records are commonly used for subdomains, content delivery networks (CDNs), and cloud services. One important rule: a CNAME cannot coexist with other record types at the same name. You cannot have both a CNAME and an MX record for the exact same domain name.
TXT Records: Verification and Security Policies
TXT records hold arbitrary text data associated with a domain. While their original purpose was general-purpose text notes, they have become essential for domain security and verification. SPF (Sender Policy Framework) records, stored as TXT records, specify which mail servers are authorized to send email on behalf of a domain. DKIM signatures are published as TXT records to verify email authenticity. DMARC policies, also in TXT records, tell receiving servers how to handle emails that fail SPF or DKIM checks. Additionally, domain ownership verification for services like Google Workspace, Microsoft 365, and SSL certificate providers uses TXT records.
NS Records and SOA Records: Zone Authority
NS (Name Server) records identify the authoritative DNS servers for a domain — the servers that hold the official, definitive DNS records for that domain. When you register a domain, you set NS records pointing to your DNS provider (like Cloudflare, AWS Route 53, or your registrar's DNS). SOA (Start of Authority) records contain administrative information about the DNS zone, including the primary name server, the email address of the domain administrator, the zone's serial number, and timing parameters that control how often secondary servers check for updates. Together, NS and SOA records define who is responsible for a domain's DNS and how that information is distributed.
How to Look Up and Troubleshoot DNS Records
Checking DNS records is a fundamental troubleshooting skill. If a website is not loading, look up the A record to verify it points to the correct server IP. If emails are not being delivered, check MX records and ensure they point to the right mail servers. If email authentication is failing, verify SPF, DKIM, and DMARC TXT records. Use our DNS Lookup tool to query all record types for any domain. DNS changes typically take time to propagate across the internet due to caching. Most records have a TTL (Time to Live) value that controls how long resolvers cache the record before checking for updates. When making DNS changes, be aware that propagation can take anywhere from a few minutes to 48 hours depending on the TTL values involved.
Ciphertides Team
Written by the Ciphertides team — software engineers and cybersecurity professionals building free, privacy-focused online tools. Learn more about us.