Articles

Configure A, AAAA, CNAME, and MX Records in BIND (2026)

April 16, 2026 3 min read

BIND is the DNS server that powers the internet, and it’s notorious for its arcane configuration syntax.

Let’s see it in action. Imagine we have a domain, example.com, and we want to:

  • Serve a website from www.example.com.
  • Have an IPv6 address for example.com itself.
  • Point mail.example.com to our mail server.
  • Designate example.com as the primary mail handling domain.

Here’s a snippet from a BIND zone file for example.com:

$TTL 86400
@       IN SOA ns1.example.com. admin.example.com. (
                                2023102701 ; serial
                                3600       ; refresh
                                1800       ; retry
                                604800     ; expire
                                86400      ; minimum TTL
                                )

@       IN NS     ns1.example.com.
@       IN NS     ns2.example.com.

@       IN A      192.0.2.1
@       IN AAAA   2001:db8::1

www     IN CNAME  @
mail    IN MX 10  mail.example.com.
        IN A      192.0.2.2

This file tells BIND how to respond when asked about example.com.

The $TTL directive sets the default Time To Live for records in this zone. A SOA (Start of Authority) record is mandatory, providing administrative information about the zone. NS records declare the authoritative name servers for the domain.

Now, let’s break down the other records:

  • @ IN A 192.0.2.1: The @ symbol is a shorthand for the zone’s origin, which is example.com in this case. This is an A record, mapping the hostname example.com to an IPv4 address. When someone looks up example.com, BIND will tell them to go to 192.0.2.1.
  • @ IN AAAA 2001:db8::1: Similarly, this AAAA record maps example.com to an IPv6 address, 2001:db8::1. This is crucial for modern internet connectivity.
  • www IN CNAME @: This CNAME (Canonical Name) record means that www.example.com is an alias for example.com. If you try to access www.example.com, BIND will first resolve example.com (to 192.0.2.1 and 2001:db8::1) and return those addresses. This is useful for pointing multiple hostnames to the same IP without duplicating records.
  • mail IN MX 10 mail.example.com.: This is an MX (Mail Exchanger) record. It specifies which server handles email for the domain. The 10 is the preference value; lower numbers mean higher preference. So, mail.example.com is the preferred mail server.
  • mail IN A 192.0.2.2: This A record provides the IPv4 address for the mail.example.com server itself, allowing other mail servers to connect to it.

The most surprising thing about DNS records is how much flexibility there is in their definition, and how simple names can hide complex relationships. For instance, a CNAME record can point to any other hostname, not just the zone origin, and MX records can point to hostnames that don’t have A or AAAA records themselves, as long as another server (often the one handling the MX record’s hostname) is configured to accept mail for that domain.

BIND’s configuration is all about defining these relationships. The IN part signifies the Internet class, which is standard. The key is understanding the record types (A, AAAA, CNAME, MX, NS, SOA) and how they map hostnames to IP addresses, other hostnames, or specific services like mail. The serial number in the SOA record is critical; it must be incremented every time you change the zone file, otherwise, secondary DNS servers won’t pick up the changes.

The next concept you’ll grapple with is DNSSEC, securing your zones against spoofing and ensuring data integrity.

Want structured learning?

Take the full Bind course →