The A record is the Internet's phone book entry—a simple mapping from the name you type to the number machines need. Every website visit starts here.
AAAA records solve a simple problem: we ran out of Internet addresses. They map domain names to IPv6's vastly larger address space, and the name itself—four A's for four times the bits—tells the whole story.
CNAME records can't exist at the zone apex—but you need to point your bare domain to a CDN hostname. ALIAS and ANAME records solve this through sanctioned deception: your DNS provider resolves the target and returns A records, hiding the indirection from clients.
CAA records let you declare which Certificate Authorities can issue certificates for your domain—and which can't. Before CAA, any trusted CA could issue a certificate for any domain without the owner's consent.
TTL is a bet about how stable your infrastructure is. Learn when to bet on stability (long TTLs) versus flexibility (short TTLs), and the pre-migration technique that prevents DNS disasters.
CNAME records let one domain name point to another—a simple indirection that solves surprisingly many problems, until you hit the zone apex and discover DNS's strangest limitation.
DNS propagation isn't actually propagating anything. It's millions of cache timers expiring independently—and understanding TTL gives you control over when.
DNS records aren't just data—they're instructions. Each record type tells resolvers what to do: go here, ask them, deliver mail there. A guide to the verbs of the Internet's naming system.
DNS was built on blind faith—your computer believed whatever it was told. DNSKEY and DS records replace that faith with cryptographic proof, creating a chain of trust from the root of the Internet to every domain you visit.
You changed your DNS. Now you need to know: did it work? Here's how to query DNS records, verify propagation, and stop your computer from lying to you with cached data.
Every email delivery begins with a question: who accepts mail for this domain? MX records provide the answer—and the priority system that keeps email flowing when servers fail.
NAPTR records translate between incompatible worlds—turning phone numbers into SIP addresses, mapping legacy identifiers to Internet resources, and chaining DNS lookups through pattern-matching rules.
NS records are DNS's delegation mechanism—the way one server says 'I don't know, but ask them.' They form the backbone of the Internet's distributed name system.
PTR records let you ask the Internet's trust question in reverse: not 'where does this name point?' but 'who actually owns this IP?' Essential for email delivery and security verification.
The SOA record is a contract between nameservers—who's in charge, how often to check for updates, and when stale data becomes too stale to serve.
SRV records answer a question DNS was never designed for: not just where a server lives, but how to connect—the port, the protocol, and which server to try first when there are many.
TXT records let you make public, machine-verifiable claims about your domain—from 'these servers can send my email' to 'yes, I own this domain.' They're the Internet's bulletin board for trust.
Was this page helpful?