Every DNS Record Type Explained (With Real-World Examples)
A records, MX, TXT, CNAME, NS, SRV, CAA — DNS looks simple until it isn't. This is the reference guide I wish existed when I was learning: every record type, what it does, when you'd use it, and examples you can copy.
Most developers only interact with DNS when something breaks. A site goes down, an email stops delivering, a migration goes sideways — and suddenly you're reading a zone file wondering what 10 IN MX mail.example.com. actually means. This is the reference I wish had existed when I was learning.
A Record (IPv4 Address)
The most fundamental record. Maps a domain name to an IPv4 address. When someone visits your site, the browser ultimately needs an IP to connect to — the A record provides it.
example.com. 3600 IN A 93.184.216.34
www.example.com. 3600 IN A 93.184.216.34Multiple A records on the same domain create round-robin DNS load balancing — resolvers cycle through IPs, distributing traffic crudely but at zero cost.
🔍 DNS Lookup Tool
Query any DNS record type for any domain. A, AAAA, MX, TXT, CNAME, NS, SOA.
AAAA Record (IPv6)
The IPv6 equivalent of an A record. All modern operating systems and networks support IPv6. Having AAAA records alongside A records enables dual-stack access and future-proofs your setup.
example.com. 3600 IN AAAA 2606:2800:220:1:248:1893:25c8:1946CNAME Record (Alias)
Creates an alias from one name to another. The resolver follows the alias and resolves whatever the target currently points to.
www.example.com. 3600 IN CNAME example.com.
blog.example.com. 3600 IN CNAME example.ghost.io.MX Record (Mail Exchanger)
Specifies which mail servers handle email for your domain. The priority value is key — lower numbers are tried first. Resolvers fall back to higher-number servers only if lower-priority ones are unreachable.
example.com. 3600 IN MX 1 aspmx.l.google.com.
example.com. 3600 IN MX 5 alt1.aspmx.l.google.com.
example.com. 3600 IN MX 5 alt2.aspmx.l.google.com.TXT Record (Text / Verification)
Stores arbitrary text associated with a domain. No routing effect, but used for a huge variety of purposes:
- Domain ownership verification: Google Search Console, SSL issuance, and most SaaS tools verify ownership via a specific TXT value.
- SPF: Declares which mail servers can legitimately send from your domain. Critical for email deliverability.
- DKIM: Publishes the public key for email signature verification.
- DMARC: Policy for handling emails failing SPF/DKIM — quarantine, reject, or allow.
example.com. IN TXT "v=spf1 include:_spf.google.com ~all"
_dmarc.example.com. IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com"NS Record (Nameserver)
Specifies the authoritative nameservers for your domain — the servers that hold the actual DNS records and answer queries. Changing NS records at your registrar is how you switch DNS providers.
example.com. 86400 IN NS ns1.cloudflare.com.
example.com. 86400 IN NS ns2.cloudflare.com.CAA Record (Certification Authority Authorization)
Specifies which CAs are allowed to issue SSL certificates for your domain. An underused but important security record — it prevents unauthorised certificate issuance by CAs not on your list.
example.com. 3600 IN CAA 0 issue "letsencrypt.org"
example.com. 3600 IN CAA 0 iodef "mailto:security@example.com"SRV Record (Service Location)
Declares the hostname and port of specific services. Used by VoIP (SIP), messaging (XMPP), game servers (Minecraft), and other applications that discover service endpoints via DNS.
_minecraft._tcp.example.com. 120 IN SRV 10 5 25565 mc.example.com.Format: priority, weight, port, target. Resolvers try lowest-priority targets first and distribute load across equal-priority targets using weight.