DNS Records Encyclopedia

Comprehensive explanations, examples, and best practices for all DNS record types

Quick Navigation

What Are DNS Records?

DNS (Domain Name System) records are instructions that live in authoritative DNS servers and provide information about a domain including what IP address is associated with that domain and how to handle requests for that domain. These records consist of a series of text files written in what's known as DNS syntax. DNS syntax is just a string of characters used to communicate with DNS servers and tell them how to respond to queries.

DNS records are essential for the functioning of the internet, helping to connect domain names (like example.com) to the servers that host them. Different types of DNS records serve different purposes, from mapping domain names to IP addresses to specifying mail servers, verifying domain ownership, and implementing security measures.

A Record Common

Maps a domain name to an IPv4 address

Description

The A record (Address record) is one of the most fundamental DNS record types. It maps a domain name to a 32-bit IPv4 address. When users type a website address into their browser, an A record provides the server IP address where that website is hosted.

Example Format

example.com.    3600    IN    A    93.184.216.34

Fields Explained

Field Description
example.com. The domain name (note the trailing dot indicating fully qualified domain name)
3600 TTL (Time To Live) in seconds - how long the record can be cached
IN Class of the record (IN for Internet)
A The record type
93.184.216.34 The IPv4 address this domain resolves to

Common Use Cases

  • Pointing a domain to a web server
  • Creating subdomains that point to different servers
  • Implementing basic load balancing with multiple A records

Best Practices

  • Use appropriate TTL values based on how frequently you expect to change the record
  • Consider using AAAA records alongside A records for IPv6 support
  • For high-availability websites, consider having multiple A records or using a CDN
Check A Records

AAAA Record Common

Maps a domain name to an IPv6 address

Description

The AAAA record (pronounced "quad-A") serves the same purpose as the A record but for IPv6 addresses. It maps a domain name to a 128-bit IPv6 address, enabling websites and services to be accessible over IPv6 networks.

Example Format

example.com.    3600    IN    AAAA    2606:2800:220:1:248:1893:25c8:1946

Fields Explained

Field Description
example.com. The domain name
3600 TTL (Time To Live) in seconds
IN Class of the record (IN for Internet)
AAAA The record type
2606:2800:220:1:248:1893:25c8:1946 The IPv6 address this domain resolves to

Common Use Cases

  • Providing IPv6 connectivity for your website
  • Supporting dual-stack networking (IPv4 and IPv6)
  • Future-proofing your domain as IPv6 adoption increases

Best Practices

  • Always create both A and AAAA records for complete IP coverage
  • Ensure your web server and network infrastructure properly support IPv6
  • Use the same TTL values for corresponding A and AAAA records
Check AAAA Records

CNAME Record Common

Creates an alias from one domain to another

Description

The CNAME (Canonical Name) record creates an alias pointing from one domain name to another. When a DNS lookup encounters a CNAME record, it replaces the original name with the canonical name and performs a new lookup. This is particularly useful for creating subdomains that point to the same location as the primary domain.

Example Format

www.example.com.    3600    IN    CNAME    example.com.

Fields Explained

Field Description
www.example.com. The alias domain name
3600 TTL (Time To Live) in seconds
IN Class of the record (IN for Internet)
CNAME The record type
example.com. The canonical (target) domain name

Common Use Cases

  • Creating the www subdomain that points to the root domain
  • Setting up subdomains for third-party services (e.g., blog.example.com pointing to a blogging platform)
  • Simplifying DNS management when multiple subdomains need to point to the same destination

Limitations

  • Cannot create a CNAME record for the apex/root domain (e.g., example.com)
  • Cannot coexist with other record types for the same name (e.g., if www.example.com has a CNAME, it cannot have an A record)
  • Each CNAME lookup requires an additional DNS query, potentially adding latency
Check CNAME Records

MX Record Common

Specifies mail servers for receiving email

Description

The MX (Mail Exchange) record specifies the mail servers responsible for accepting email on behalf of a domain. It includes a priority value that indicates the order in which mail servers should be tried if multiple servers are specified.

Example Format

example.com.    3600    IN    MX    10 mail.example.com.
example.com.    3600    IN    MX    20 mail2.example.com.

Fields Explained

Field Description
example.com. The domain for which mail service is defined
3600 TTL (Time To Live) in seconds
IN Class of the record (IN for Internet)
MX The record type
10, 20 Priority values (lower numbers have higher priority)
mail.example.com, mail2.example.com Hostnames of the mail servers

Common Use Cases

  • Setting up email for your domain
  • Configuring redundant mail servers for reliability
  • Using third-party email providers like Google Workspace or Microsoft 365

Best Practices

  • Always have at least two MX records with different priorities for redundancy
  • Ensure that the hostnames in MX records have corresponding A or AAAA records
  • Use appropriate priority values to control mail routing (10, 20, 30 is better than 1, 2, 3 as it allows for inserting new servers)
  • Configure SPF, DKIM, and DMARC records to prevent email spoofing
Check MX Records

Additional DNS Record Types

TXT Record

TXT (Text) records store arbitrary text data in the DNS. Originally designed for human-readable notes, they are now commonly used for various verification and configuration purposes.

Example Format

example.com.    3600    IN    TXT    "v=spf1 include:_spf.example.com ~all"

Common Use Cases

  • SPF (Sender Policy Framework) records to prevent email spoofing
  • DKIM (DomainKeys Identified Mail) for email authentication
  • Domain verification for various services (Google, Microsoft, etc.)
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance) policies

Best Practices

  • Keep TXT records under 255 characters per string (use multiple strings for longer content)
  • Use proper formatting for service-specific TXT records (SPF, DKIM, etc.)
  • Remove verification TXT records once verification is complete (if not needed for ongoing verification)

NS Record

NS (Name Server) records delegate a DNS zone to a set of authoritative name servers. They specify which servers are responsible for answering queries about the domain.

Example Format

example.com.    86400    IN    NS    ns1.example.com.
example.com.    86400    IN    NS    ns2.example.com.

Common Use Cases

  • Delegating domain DNS management to specific nameservers
  • Setting up subdomains with their own DNS management (e.g., sub.example.com managed separately)
  • Migrating DNS providers

Best Practices

  • Always have at least two NS records for redundancy
  • Use longer TTL values (24-48 hours) for stability
  • Ensure glue records are set up if your nameservers are on the same domain
  • Regularly verify that all listed nameservers are operational

SOA Record

The SOA (Start of Authority) record contains essential administrative information about a DNS zone. It specifies the primary name server, the responsible party's email, and various timing parameters for zone transfers and refreshes.

Example Format

example.com.    86400    IN    SOA    ns1.example.com. admin.example.com. (
    2023080101  ; Serial number
    7200        ; Refresh (2 hours)
    3600        ; Retry (1 hour)
    1209600     ; Expire (2 weeks)
    86400 )     ; Minimum TTL (24 hours)

Fields Explained

Field Description
ns1.example.com. Primary nameserver for the domain
admin.example.com. Email address of the admin (@ is replaced with .)
2023080101 Serial number (typically in format YYYYMMDDNN)
7200 Refresh interval - how often secondary DNS servers check for updates
3600 Retry interval - how long to wait before retrying a failed zone transfer
1209600 Expire time - how long secondary servers should consider their data valid if unable to refresh
86400 Minimum TTL - default TTL for records that don't specify one

Best Practices

  • Update the serial number whenever you make changes to the zone (using the YYYYMMDDNN format)
  • Use appropriate timing values based on how frequently your DNS records change
  • Ensure the email address is valid and monitored
  • Keep refresh intervals reasonably short (2-12 hours) to ensure changes propagate

DNSKEY Record

The DNSKEY record stores public keys used for DNSSEC (DNS Security Extensions). These keys are used to cryptographically sign DNS records to prevent tampering and ensure the authenticity of DNS data.

Example Format

example.com.    3600    IN    DNSKEY    256 3 8 AwEAAcQ7RLaJNn4UjYt/...

Fields Explained

Field Description
256 Flags (256 for Zone Signing Key, 257 for Key Signing Key)
3 Protocol (always 3)
8 Algorithm (8 = RSA/SHA-256)
AwEAAcQ7... Public key material (Base64 encoded)

Common Use Cases

  • Implementing DNSSEC to secure your domain's DNS infrastructure
  • Protecting against DNS spoofing and cache poisoning attacks
  • Providing a chain of trust for DNS validation

Best Practices

  • Implement a key rotation schedule (typically 1-2 years for KSKs, 1-3 months for ZSKs)
  • Use strong algorithms (RSA/SHA-256 or newer)
  • Securely store private keys
  • Monitor DNSSEC validation to ensure continued functionality