DNS Records Explained: A, AAAA, CNAME, MX, TXT and When to Use Each

What Is a DNS Record?

The Domain Name System (DNS) is essentially the internet's phone book. When someone types your domain into a browser, DNS records tell the internet where to find your website, where to deliver your email, and how to verify your identity. Understanding each record type is essential for managing any domain effectively.

The Core DNS Record Types

A Record (Address Record)

An A record maps a domain or subdomain to an IPv4 address (e.g., 192.168.1.1). This is the most fundamental DNS record — it's what ultimately points yourdomain.com to your web server.

• Example: yourdomain.com → 203.0.113.42
• Use it when: you want a domain to resolve to a specific server IP

AAAA Record

Identical in purpose to an A record, but maps to an IPv6 address (e.g., 2001:0db8::1). As IPv6 adoption grows, having an AAAA record alongside your A record ensures future-proof connectivity.

CNAME Record (Canonical Name)

A CNAME record creates an alias that points one domain name to another domain name — not an IP address. It's commonly used to point subdomains to external services.

• Example: www.yourdomain.com → yourdomain.com
• Example: shop.yourdomain.com → yourbrand.shopify.com
• Important: You cannot use a CNAME on the root domain (@). Use an A record or a provider that supports CNAME flattening.

MX Record (Mail Exchanger)

MX records define which mail servers should receive email for your domain. They include a priority value — lower numbers mean higher priority.

• Example: yourdomain.com MX 10 → mail.yourdomain.com
• If you use Google Workspace or Microsoft 365, they'll provide specific MX records to add
• Always set MX records before switching email providers to avoid delivery gaps

TXT Record (Text Record)

TXT records store arbitrary text associated with your domain. In practice, they're used for domain verification and email authentication.

• SPF: Authorizes which servers can send email on your domain's behalf
• DKIM: Provides a cryptographic signature to verify email authenticity
• DMARC: Defines how mail servers should handle emails that fail SPF/DKIM checks
• Domain verification: Google Search Console, AWS, and others use TXT records to prove ownership

NS Record (Name Server)

NS records specify which name servers are authoritative for your domain. When you point your domain to a new hosting provider or DNS service, you update NS records at your registrar. These changes can take up to 48 hours to propagate globally.

Common DNS Mistakes to Avoid

1. Setting TTL too high before a migration — lower TTL values (300–600 seconds) before making changes so old records expire quickly
2. Adding a CNAME to the root domain — this breaks mail delivery; use an A record instead
3. Forgetting to add both A and AAAA records — serve both IPv4 and IPv6 users
4. Missing SPF/DKIM records — emails will land in spam without proper authentication records

How to Check Your DNS Records

You can verify any DNS record from the command line using dig or nslookup. For example: dig yourdomain.com MX will return your mail exchange records. Online tools like MXToolbox or DNSChecker let you check propagation status from multiple global locations simultaneously.