DNS record types are the unsung heroes of the internet, silently translating human-readable domain names into machine-readable IP addresses, but they do so much more than just that. The most surprising thing about DNS records is that they aren’t just about pointing to servers; they’re a flexible, extensible system for associating any kind of text-based information with a domain name.
Let’s see some of these in action. Imagine you have a domain, example.com.
A Records: The Foundation
The most common record is the A record (Address record). It maps a hostname to an IPv4 address.
dig example.com A
;; ANSWER SECTION:
example.com. 300 IN A 93.184.216.34
This tells your computer that example.com is located at 93.184.216.34. This is the fundamental piece that lets your browser find the web server.
AAAA Records: The IPv6 Counterpart
Similarly, AAAA records map hostnames to IPv6 addresses.
dig example.com AAAA
;; ANSWER SECTION:
example.com. 300 IN AAAA 2606:2800:220:1:248:1893:25c8:1946
If your system supports IPv6, it will try this address first.
CNAME Records: Aliasing
CNAME (Canonical Name) records create an alias for a hostname. This is super useful for pointing multiple services or subdomains to the same place without duplicating IP addresses.
Let’s say you want www.example.com to point to example.com.
dig www.example.com CNAME
;; ANSWER SECTION:
www.example.com. 300 IN CNAME example.com.
Now, when you try to reach www.example.com, the DNS system first resolves it to example.com and then resolves example.com to its IP address. This means if example.com’s IP changes, you only need to update the A record for example.com, and www.example.com automatically follows.
MX Records: Email Routing
MX (Mail Exchanger) records are crucial for email. They specify which servers are responsible for receiving email for your domain.
dig example.com MX
;; ANSWER SECTION:
example.com. 3600 IN MX 10 mail.example.com.
example.com. 3600 IN MX 20 backupmail.example.com.
The number before the server name is the preference value. Lower numbers mean higher preference. So, email will first try to go to mail.example.com. If that server is unreachable, it will try backupmail.example.com (which has a preference of 20). This provides built-in redundancy for your email.
TXT Records: Arbitrary Text Data
TXT (Text) records are incredibly versatile. They can hold any arbitrary text string. This is where things get really interesting because it allows domains to assert information that isn’t directly related to routing.
A common use is for Sender Policy Framework (SPF), which helps prevent email spoofing.
dig example.com TXT
;; ANSWER SECTION:
example.com. 300 IN TXT "v=spf1 include:_spf.google.com ~all"
This TXT record tells receiving mail servers that emails claiming to be from example.com are authorized to come from _spf.google.com (if example.com uses Google Workspace for email). The ~all means "soft fail" for any other sources – mark them as suspicious but don’t outright reject them.
Another common use for TXT records is DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting, and Conformance (DMARC), which are other email authentication mechanisms.
SRV Records: Service Location
SRV (Service Locator) records are more specific than A or CNAME records. They allow you to specify the hostname and port for specific services. For example, if you run an XMPP (Jabber) server or a VoIP service.
dig _xmpp-client._tcp.example.com SRV
;; ANSWER SECTION:
_xmpp-client._tcp.example.com. 86400 IN SRV 5 0 5222 xmpp.example.com.
This record indicates that the XMPP client service for example.com is running on xmpp.example.com on port 5222. The 5 is the priority, 0 is the weight, and 5222 is the port.
NS Records: Name Server Delegation
NS (Name Server) records are fundamental to how DNS itself works. They specify which DNS servers are authoritative for a domain or subdomain.
dig example.com NS
;; ANSWER SECTION:
example.com. 172800 IN NS a.iana-servers.net.
example.com. 172800 IN NS b.iana-servers.net.
These records tell the global DNS system where to go to find the definitive answers for example.com. When you query for an A record of example.com, your local resolver first asks the root servers, then the TLD servers for .com, and those servers will point to a.iana-servers.net and b.iana-servers.net to get the actual IP address.
The full mental model of DNS records is that each record type is a specific key-value pair where the domain name is the primary key, and the record type and its content are the value. The DNS system is essentially a distributed, hierarchical database that allows clients to query for specific types of information associated with a domain.
One of the more subtle but powerful aspects of DNS is its TTL (Time To Live) value, present on every record. This value, measured in seconds, dictates how long a DNS resolver (like your ISP’s server or Google’s 8.8.8.8) is allowed to cache that record. A low TTL (e.g., 60 seconds) means changes propagate very quickly, which is great for rapidly changing IPs or critical updates, but it puts more load on authoritative DNS servers. A high TTL (e.g., 86400 seconds, or 24 hours) reduces load on authoritative servers but means changes can take a long time to become visible globally.
Understanding these record types is the first step to managing your domain’s online presence effectively, from ensuring emails arrive to pointing your website to the correct server. The next step is understanding how DNSSEC adds cryptographic security to these records, preventing spoofing and ensuring data integrity.