A records translate domain names into IPv4 addresses—the bridge between human-readable names and machine-routable numbers. Every website visit begins with this lookup.
AAAA records solve a simple problem: we ran out of Internet addresses. They map domain names to IPv6's vastly larger address space, and the name itself—four A's for four times the bits—tells the whole story.
CNAME records can't exist at the zone apex, but you need to point your bare domain to a CDN hostname. ALIAS and ANAME records solve this by lying: your DNS provider resolves the target and returns A records, hiding the indirection from clients who never know they've been deceived.
CAA records let you declare which Certificate Authorities can issue certificates for your domain—and block everyone else. Before 2017, any trusted CA could issue a certificate for any domain without the owner's consent.
TTL is a bet about how stable your infrastructure is—and the only lever you can pull before a migration, not during one. Learn the pre-migration technique that prevents DNS disasters.
CNAME records point one domain name to another—a simple indirection that delegates control and solves surprisingly many problems, until you hit the zone apex and discover why DNS forbids it there.
DNS propagation isn't propagating anything. It's millions of cache timers expiring independently—and understanding TTL gives you control over when the world sees your changes.
DNS records are instructions, not descriptions. Each type is a verb that transforms raw data into action: connect here, deliver mail there, ask them instead. A guide to the grammar of the Internet's naming system.
DNS was designed to answer questions, not prove answers. DNSKEY and DS records retrofit cryptographic proof onto that trusting system—creating a chain where each zone vouches for the next, from the root of the Internet down to the domain you're visiting.
You changed your DNS. Now you need to know: did it work? The answer depends on who you ask—and every layer between you and the authoritative source might be remembering something that's no longer true.
When you send email to someone@example.com, how does your server know where to deliver it? It asks. MX records are DNS's answer—declaring which servers accept mail for a domain and what to do when they fail.
NAPTR records translate between incompatible worlds—turning phone numbers into SIP addresses, mapping legacy identifiers to Internet resources, and chaining DNS lookups through pattern-matching rules.
NS records are DNS's delegation mechanism—how each server says "I don't know, but ask them." This chain of deliberate ignorance is what allows DNS to scale to billions of domains.
PTR records answer the Internet's trust question in reverse: not 'where does this name point?' but 'who owns this IP?' Essential for email delivery—Google and Yahoo now require them.
Every DNS zone has exactly one SOA record—the contract that tells secondary nameservers who's in charge, how often to check for updates, and when stale data becomes too stale to serve.
SRV records answer a question DNS was never designed for: not just where a server lives, but how to connect—the port, the protocol, and which server to try first when there are many.
TXT records were designed for human-readable notes. Now they authenticate billions of emails and prove domain ownership. How a DNS sticky note became critical security infrastructure.
Was this page helpful?