What Are DNS Records?
DNS records are instructions stored in authoritative DNS servers that tell the internet how to handle requests for a domain name. When you type a website address into your browser, your computer queries DNS servers to translate that human-readable name into the IP addresses and configuration data needed to connect you to the right server.
Think of DNS as the internet's phone book. Just as a phone book maps a person's name to their phone number, DNS maps domain names to IP addresses and other critical routing information. Without DNS, you would need to memorize numerical IP addresses for every website you visit.
Each type of DNS record serves a specific purpose. Understanding these records is essential for anyone managing a website, configuring email, or troubleshooting connectivity issues. You can check any domain's DNS records using our free DNS lookup tool.
A Records (Address Records)
The A record is the most fundamental DNS record type. It maps a domain name to an IPv4 address. When someone visits your website, the browser queries for the A record to find out which server to connect to.
For example, an A record might map example.com to 93.184.216.34. You can have multiple A records for the same domain pointing to different IP addresses, which is commonly used for load balancing across multiple servers.
The IPv6 equivalent is the AAAA record (sometimes called a quad-A record), which maps a domain to a 128-bit IPv6 address instead of a 32-bit IPv4 address.
When You Need A Records
- Pointing your domain to your web hosting server
- Setting up load balancing across multiple servers
- Creating subdomains that point to specific IP addresses
MX Records (Mail Exchange Records)
MX records tell the internet which mail servers handle email for your domain. When someone sends an email to user@yourdomain.com, the sending server looks up the MX records for yourdomain.com to find out where to deliver the message.
MX records have a priority value (also called preference). Lower numbers indicate higher priority. If you have multiple MX records, mail servers try the highest-priority server first and fall back to lower-priority servers if the primary is unavailable.
A typical setup might look like this:
- Priority 10:
mail1.yourdomain.com(primary mail server) - Priority 20:
mail2.yourdomain.com(backup mail server)
If your domain has no MX records, it cannot receive email. This is one of the checks performed during email validation to verify that an email address is potentially deliverable.
CNAME Records (Canonical Name Records)
A CNAME record creates an alias from one domain name to another. Instead of mapping a name to an IP address directly, it maps a name to another domain name. The DNS resolver then follows the chain to find the final IP address.
CNAME records are commonly used for subdomains. For example, you might create a CNAME record that maps www.example.com to example.com, or blog.example.com to your hosted blog platform.
Important restrictions apply to CNAME records. You cannot place a CNAME record at the zone apex (the bare domain like example.com). CNAME records must be the only record at that hostname -- you cannot have a CNAME alongside an MX or TXT record for the same name.
TXT Records (Text Records)
TXT records hold arbitrary text data associated with a domain. While originally designed for human-readable notes, they have become critical for domain verification and email security. Most modern uses of TXT records are machine-readable.
Common Uses of TXT Records
- Domain verification -- Services like Google Workspace, Microsoft 365, and various SaaS platforms ask you to add a specific TXT record to prove you own the domain.
- SPF records -- Sender Policy Framework records are stored as TXT records (more on this below).
- DKIM signatures -- DomainKeys Identified Mail public keys are published as TXT records.
- DMARC policies -- Domain-based Message Authentication policies are TXT records.
- Site verification -- Search consoles and analytics platforms use TXT records for ownership verification.
NS Records (Name Server Records)
NS records specify which DNS servers are authoritative for a domain. When a DNS resolver needs to look up records for your domain, it first finds the NS records to know which servers to query for the definitive answers.
Typically, your domain registrar or DNS hosting provider sets these automatically. Most setups have at least two NS records for redundancy. If you switch DNS providers (for example, moving from your registrar's DNS to Cloudflare), you update the NS records to point to the new provider's name servers.
SPF Records (Sender Policy Framework)
SPF records define which mail servers are authorized to send email on behalf of your domain. They are stored as TXT records with a specific format that starts with v=spf1.
An SPF record might look like: v=spf1 include:_spf.google.com include:sendgrid.net -all
This tells receiving mail servers that Google's servers and SendGrid's servers are allowed to send mail for this domain, and all other servers should be rejected (-all). Without an SPF record, spammers can easily forge your domain in the From address of their spam emails.
SPF is one of the three pillars of email authentication, alongside DKIM and DMARC. Together, they protect your domain from being used in phishing attacks and improve your email deliverability.
DMARC Records
DMARC (Domain-based Message Authentication, Reporting, and Conformance) builds on SPF and DKIM to give domain owners control over what happens when email authentication fails. A DMARC record is a TXT record published at _dmarc.yourdomain.com.
A DMARC record specifies three key things:
- Policy -- What to do with emails that fail authentication:
none(monitor only),quarantine(send to spam), orreject(block entirely). - Reporting -- Where to send aggregate reports about authentication results, so you can monitor who is sending email using your domain.
- Alignment -- How strictly the From address must match the domains authenticated by SPF and DKIM.
Starting with p=none and reviewing reports before moving to p=reject is the recommended approach. Jumping straight to rejection can block legitimate emails if your SPF and DKIM are not configured correctly.
Other Important Record Types
SOA Records (Start of Authority)
Every DNS zone has exactly one SOA record that contains administrative information about the zone, including the primary name server, the administrator's email address, the zone serial number, and timing parameters for zone transfers and caching.
SRV Records (Service Records)
SRV records specify the hostname and port number for specific services. They are commonly used for protocols like SIP (VoIP), XMPP (messaging), and Microsoft Active Directory.
CAA Records (Certification Authority Authorization)
CAA records specify which certificate authorities are allowed to issue SSL/TLS certificates for your domain. This prevents unauthorized CAs from issuing certificates that could be used in man-in-the-middle attacks.
How to Check DNS Records
You can view any domain's DNS records using our DNS lookup tool. Enter a domain name to see all its A, MX, CNAME, TXT, NS, and other records. This is useful for troubleshooting email delivery issues, verifying your DNS configuration, or researching a domain's setup.
For developers and system administrators, command-line tools like dig and nslookup provide more detailed query options. However, a web-based tool is faster for quick lookups and does not require terminal access.
Understanding DNS records is fundamental to managing any online presence. Whether you are setting up a new website, configuring email for your business, or debugging connectivity problems, knowing what each record type does will save you time and prevent costly misconfigurations. If you need help setting up or optimizing your DNS configuration, our cloud solutions team can ensure your infrastructure is properly configured and secure.