DNS Record Types Explained: A, CNAME, MX, TXT and More

DNS records control where your domain points and how it behaves — which server handles your website, where your email goes, how your domain is verified. If you've ever configured a domain, you've dealt with them, and if you got one wrong, you've learned how much they matter.

This guide explains every major DNS record type clearly, with practical examples of when and why you'd use each one.

Quick Background: How DNS Works

When someone visits your domain, their browser asks the DNS system: "where does this domain point?" The DNS system looks up your domain's records and returns the answer — an IP address, another hostname, or other information.

DNS records are stored at your nameserver (usually your domain registrar or a DNS provider like Cloudflare). Changes to DNS records don't take effect instantly — they propagate across the internet over a period defined by the TTL (time to live) value on the record.

A Record

What it does: Maps a domain name to an IPv4 address.

This is the most fundamental DNS record. When someone visits yourdomain.com, the A record tells DNS which IP address to send them to.

yourdomain.com    A    203.0.113.10
www.yourdomain.com    A    203.0.113.10

When to use it: Pointing your domain directly to a server's IP address. Both the root domain and www subdomain typically have A records.

AAAA Record

What it does: Maps a domain name to an IPv6 address.

The AAAA record is the IPv6 equivalent of the A record. As IPv6 adoption continues, providing both A and AAAA records ensures your site is accessible on both protocols.

yourdomain.com    AAAA    2001:db8::1

CNAME Record

What it does: Creates an alias that points one domain name to another domain name (not an IP address).

www.yourdomain.com    CNAME    yourdomain.com
shop.yourdomain.com    CNAME    stores.shopify.com

When to use it:

• Pointing www to your root domain
• Connecting a subdomain to a third-party service (Shopify, Heroku, Vercel, Netlify)
• Keeping multiple subdomains in sync — update the target once and all aliases update

Important limitation: You cannot use a CNAME on your root domain (yourdomain.com itself) in standard DNS. Only on subdomains. Some DNS providers (Cloudflare, Route 53) offer a workaround called CNAME flattening or ALIAS records.

MX Record

What it does: Specifies which mail servers handle email for your domain.

yourdomain.com    MX    10    mail1.emailprovider.com
yourdomain.com    MX    20    mail2.emailprovider.com

The number (10, 20) is the priority — lower numbers are tried first. Having multiple MX records with different priorities provides email redundancy.

When to use it: Setting up email. If you use Google Workspace, Microsoft 365, or any other email provider, they'll give you MX records to add. Get these wrong and email stops working.

TXT Record

What it does: Stores arbitrary text data associated with your domain. Used for verification and email authentication.

Common uses:

Domain verification — Proving to Google, Microsoft, or other services that you own the domain:

yourdomain.com    TXT    "google-site-verification=abc123..."

SPF (Sender Policy Framework) — Specifying which mail servers are authorised to send email on behalf of your domain:

yourdomain.com    TXT    "v=spf1 include:_spf.google.com ~all"

DKIM — A public key used to verify email signatures:

google._domainkey.yourdomain.com    TXT    "v=DKIM1; k=rsa; p=..."

DMARC — Policy for handling emails that fail SPF/DKIM checks:

_dmarc.yourdomain.com    TXT    "v=DMARC1; p=none; rua=mailto:[email protected]"

SPF, DKIM, and DMARC records are critical for email deliverability. Without them, your emails are more likely to end up in spam.

NS Record

What it does: Specifies which nameservers are authoritative for your domain — where the DNS records for your domain are actually stored.

yourdomain.com    NS    ns1.cloudflare.com
yourdomain.com    NS    ns2.cloudflare.com

NS records are set at your domain registrar and tell the global DNS system where to look for your other records. When you switch DNS providers, you update the NS records at your registrar.

SOA Record

What it does: Start of Authority — contains administrative information about the DNS zone, including which nameserver is primary and how long before DNS records should be re-checked.

You rarely configure SOA records directly — your DNS provider manages them automatically.

SRV Record

What it does: Specifies the location (hostname and port) of servers for specific services.

_sip._tcp.yourdomain.com    SRV    10 20 5060 sipserver.yourdomain.com

When to use it: Configuring services like VoIP (SIP), chat (XMPP), and some Microsoft services. You'll typically only deal with SRV records if a specific service instructs you to add one.

CAA Record

What it does: Certificate Authority Authorisation — specifies which certificate authorities are allowed to issue SSL certificates for your domain.

yourdomain.com    CAA    0 issue "letsencrypt.org"

When to use it: If you want to restrict which CAs can issue certificates for your domain, reducing the risk of fraudulent certificate issuance.

PTR Record

What it does: Reverse DNS — maps an IP address back to a domain name. The opposite of an A record.

PTR records are managed by whoever owns the IP address (your hosting provider), not your DNS provider. They matter primarily for email — many spam filters check that the sending mail server's IP resolves back to a legitimate domain.

TTL: How Long Records Are Cached

Every DNS record has a TTL (time to live) value, measured in seconds. This tells DNS resolvers how long to cache the record before re-checking.

• High TTL (86400 = 24 hours) — Queries are cached longer. DNS is faster and puts less load on your nameservers. But changes take longer to propagate.
• Low TTL (300 = 5 minutes) — Changes propagate more quickly, but more frequent lookups.

Before making DNS changes (migrating hosting, switching DNS providers), lower your TTL to 300 or 600 seconds. This means the change propagates faster once you make it. After everything is stable, raise the TTL again.

DNS Monitoring

DNS records are critical infrastructure. If your A record gets misconfigured, deleted, or corrupted, your website goes down. If your MX records change unexpectedly, email delivery fails.

Domain Monitor monitors your DNS records alongside your uptime — detecting changes or failures before they cascade into user-visible problems. Create a free account and add DNS monitoring for your domain. For a broader view of DNS monitoring, see DNS monitoring is here for Domain Monitor's DNS features, and uptime monitoring best practices for how to set up comprehensive monitoring.

Related Articles

• The Ultimate Guide to DNS - How the Domain Name System Works
• "What Is DNS TTL and How Does It Affect Website Monitoring?"
• "SSL Certificate Types Explained: DV, OV, EV and Wildcard"