DNS Record Types: A, AAAA, MX, TXT, CNAME, NS
A DNS zone is a collection of records. Each record maps a name to a value of a specific type. Knowing what each record type does is critical for setting up domains, debugging email, configuring SSL, and almost any internet operation.
The records you’ll use most
A — IPv4 address
example.com. 300 IN A 93.184.216.34Maps a name to an IPv4 address. The most common record type by far.
AAAA — IPv6 address
example.com. 300 IN AAAA 2606:2800:220:1:248:1893:25c8:1946Same as A but for IPv6. Always set both A and AAAA if you support IPv6.
CNAME — alias
www.example.com. 300 IN CNAME example.com.Says “this name is just an alias for that other name.” When someone queries www.example.com, they follow the CNAME and look up example.com instead.
Restrictions:
- Can’t put a CNAME on the apex (root) domain — only subdomains. Use ALIAS or ANAME if your DNS provider supports them.
- If a name has a CNAME, it can’t have ANY other records (except DNSSEC).
MX — mail exchanger
example.com. 300 IN MX 10 mail.example.com.
example.com. 300 IN MX 20 mail2.example.com.Routes email for the domain. The number is priority — LOWER is preferred. Mail servers try priority 10 first, fall back to 20 if it’s down.
Without MX records, your domain can’t receive email.
TXT — arbitrary text
example.com. 300 IN TXT "v=spf1 include:_spf.google.com ~all"
example.com. 300 IN TXT "google-site-verification=abc123..."The “junk drawer” record. Used for:
- SPF (anti-spam, sender policy)
- DKIM (email signing)
- DMARC (email policy)
- Domain ownership verification (Google, Microsoft, etc.)
- Let’s Encrypt DNS-01 challenges
NS — name server delegation
example.com. 86400 IN NS ns1.cloudflare.com.
example.com. 86400 IN NS ns2.cloudflare.com.Says “the authoritative servers for this domain are X and Y.” Set at the registrar level. This is what makes one DNS provider responsible for your domain instead of another.
Less common but useful
SOA — Start of Authority
Every zone has exactly one SOA. Contains administrative metadata: serial number, refresh interval, expire time, default TTL.
PTR — Pointer (reverse DNS)
34.216.184.93.in-addr.arpa. 3600 IN PTR example.com.Reverse lookup: maps an IP back to a name. Email servers check PTR records to fight spam — if your sending IP doesn’t have a matching PTR, your mail might be rejected.
SRV — service location
Says “for this service, use this server on this port.” Used by SIP, XMPP, Microsoft AD, Minecraft.
CAA — Certificate Authority Authorization
example.com. 300 IN CAA 0 issue "letsencrypt.org"Restricts which CAs can issue SSL certificates for your domain. Modern security best practice.
How to read a record
example.com. 300 IN A 93.184.216.34
└─name └─TTL └─class └─type └─value
name = the domain
TTL = seconds to cache
class = always IN ("Internet")
type = A, MX, TXT, etc.
value = whatever the record points toQuerying specific record types
dig example.com A
dig example.com AAAA
dig example.com MX
dig example.com TXT
dig example.com NS
dig example.com SOA
dig example.com ANY # all records (deprecated by some resolvers)Setting records up
Done at your DNS provider’s dashboard (Cloudflare, Route 53, GoDaddy, etc.). Same fields everywhere: type, name, value, TTL.
Common mistakes
- CNAME at apex — invalid. Use ALIAS/ANAME or a flat A record.
- Trailing dots matter in zone files —
example.com.is FQDN;example.com(no dot) gets the zone name appended. - TTL too low for stable records — wastes resolver bandwidth. TTL too high for soon-to-change records — slow propagation.
- Forgot the trailing dot in MX — points to
mail.example.com.example.comwhich doesn’t exist.
What to learn next
DNS caching and TTL — why DNS changes take hours and how to plan for it. Up next.