DNS Record Types Explained: A, AAAA, MX, TXT, NS, CNAME and More

The Domain Name System (DNS) is the internet's address book. When you type a domain, DNS translates it into the numbers and instructions machines need to connect, route mail, and verify identity. It does this through records, small entries in a domain's zone, each with a specific job. This guide explains what every common record type does in plain English. You can look up any of these for a domain with the DNS Lookup lookup tool.

The A record maps a hostname to an IPv4 address, for example example.com resolving to 93.184.216.34. This is the most fundamental record, the way a name becomes a server you can reach, and a domain can have several A records for redundancy. The AAAA record (read aloud as "quad-A") does the same thing for IPv6 addresses. Many domains publish both A and AAAA so they work over IPv4 and IPv6.

The CNAME record is an alias that points one name at another name rather than an IP. For example, www.example.com might be a CNAME to example.com, and the resolver then follows the alias to find the real address. The key distinction is that an A record points to an IP while a CNAME points to another name. Use a CNAME when you want a subdomain to always follow wherever another hostname goes, which is handy for CDNs and SaaS providers. One important rule: you cannot put a CNAME on the root domain (the apex) alongside other records, so use an A record or your provider's ALIAS/ANAME feature there instead.

MX (Mail Exchanger) records tell other mail servers where to deliver email for your domain, in priority order, where a lower number means higher priority. If your MX records are wrong, you stop receiving mail. Check them with the MX Lookup lookup tool. The TXT record is a flexible record that holds text, used for verification and policy, and it is where the big three email-security mechanisms live.

SPF lists which servers may send mail for your domain, and you can check it with the SPF Check tool. DKIM publishes a public key so receivers can verify a message was not tampered with. DMARC tells receivers what to do with mail that fails SPF or DKIM. TXT records are also how services like Google or Microsoft verify you own a domain, by asking you to add a specific TXT string to prove ownership.

NS (Nameserver) records say which servers are authoritative for the domain, meaning who holds the real answers. When you change your domain's nameservers at your registrar, you are handing DNS control to a new provider. The SOA (Start of Authority) record, of which there is one per zone, names the primary nameserver and holds the zone's serial number and timers. The serial number increments each time you edit the zone, and secondary servers use it to know when to update.

The PTR record is the reverse of an A record: it maps an IP back to a hostname. Mail servers often check PTR records to fight spam, so a missing or mismatched PTR can hurt your email deliverability. You can look one up with the Reverse DNS (PTR) tool.

A CAA record specifies which Certificate Authorities are allowed to issue SSL certificates for your domain, which is a useful security control. An SRV record locates services like SIP or XMPP, using names such as _sip._tcp.example.com. DNSKEY and DS records are used by DNSSEC to cryptographically sign your zone so answers cannot be forged.

Most of these are things you set once and rarely touch, but knowing they exist helps when you are debugging. For a single health check that looks across the most important record types at once, the DNS Report tool summarizes a domain's NS, SOA, A/AAAA, MX, and SPF configuration in one view.

Every record has a TTL (time to live), the number of seconds resolvers may cache it before asking again. A low TTL, such as 300 seconds, means changes spread fast but generate more lookups. A high TTL, such as 86400 seconds, is efficient but slow to update. The practical tip is to lower your TTL before a planned migration so changes propagate quickly, then raise it again once everything is stable.

After making any change, confirm it has gone live worldwide with the DNS Propagation tool, which compares the record across many global resolvers. If the resolvers disagree, the change simply has not finished propagating, and you are waiting out the old TTL.

What is the difference between an A record and a CNAME? An A record points a name to an IP address, while a CNAME points a name to another name. Use a CNAME to alias a subdomain to another hostname, and an A record (or ALIAS) on the apex domain.

Why does my domain have multiple A or MX records? For redundancy and load distribution. Resolvers and mail servers pick among them by round-robin or, for MX, by priority. You can see all of them with the DNS Lookup and MX Lookup tools.

I changed a record but nothing happened. Why? Old values are cached until the previous TTL expires. Check progress with the DNS Propagation tool and wait out the TTL before assuming something is broken.

How do I check everything at once? Run the DNS Report tool, which inspects the core record types together and flags common misconfigurations in a single report.