CQwerty

Blog

DNS Record Types Explained: A, AAAA, CNAME, MX, TXT, and More

← Back to blog
2026-04-17·7 min readDNSGuide

What are DNS records?

DNS records are instructions stored in your domain's DNS zone. They tell the internet where to find your website, where to deliver your email, and how to verify your domain's identity. Misconfigured DNS records can break your site, lose your email, or expose you to spoofing attacks.

Essential record types

A record

Maps a domain name to an IPv4 address. This is the most fundamental record type.

example.com.  A  93.184.216.34

Every domain that hosts a website needs at least one A record.

AAAA record

Maps a domain name to an IPv6 address. Works the same as an A record but for the newer address format.

example.com.  AAAA  2606:2800:220:1:248:1893:25c8:1946

Add AAAA records if your hosting provider supports IPv6. Dual-stack (both A and AAAA) is the recommended configuration.

CNAME record

Creates an alias from one domain name to another. The target must be another domain name, not an IP address.

www.example.com.  CNAME  example.com.

CNAME records cannot coexist with other record types at the same name. You cannot place a CNAME at the apex (bare domain) if you also have MX or TXT records there.

MX record

Specifies the mail servers responsible for receiving email for your domain. The priority value determines which server is tried first (lower number = higher priority).

example.com.  MX  10  mail1.example.com.
example.com.  MX  20  mail2.example.com.

Without MX records, email to your domain will not be delivered.

TXT record

Stores arbitrary text data. TXT records are heavily used for security:

  • SPF declares which servers can send email for your domain
  • DKIM publishes the public key for email signature verification
  • DMARC sets the policy for handling authentication failures
  • Domain verification proves ownership to services like Google, Microsoft, and Cloudflare
    • example.com.  TXT  "v=spf1 include:_spf.google.com ~all"

    NS record

    Delegates a domain to specific nameservers. These records tell the internet which DNS servers are authoritative for your domain.

    SOA record

    The Start of Authority record contains administrative information about the zone: the primary nameserver, the responsible party's email, and timing parameters for zone transfers and caching.

    PTR record

    Maps an IP address back to a domain name (reverse DNS). Used by email servers to verify that a sending server's IP matches its claimed domain.

    Security considerations

  • SPF, DKIM, and DMARC records in TXT are essential for email security
  • CAA records restrict which certificate authorities can issue SSL certificates for your domain
  • DNSSEC signs your records cryptographically to prevent tampering
  • Avoid wildcard records unless necessary, as they can mask misconfigurations
  • Audit your DNS regularly for stale records pointing to decommissioned servers (dangling DNS)

    • Key takeaways

  • A and AAAA records point your domain to your server
  • MX records control email delivery
  • TXT records handle SPF, DKIM, DMARC, and domain verification
  • Misconfigured DNS is a security risk, not just a reliability issue
  • Audit your records regularly to catch stale or incorrect entries

    • Look up your DNS records now

    ShareTwitterLinkedInEmailRSS

    Ready to check your domain?

    Run all 18 security checks in 2 minutes. Free, no signup required.

    Free DNS Lookup