Try the DNS Lookup

Every DNS Record Type Explained: A Practical Reference for A, CNAME, MX, TXT, NS & More

A practical reference for every DNS record type: A, AAAA, CNAME, MX, TXT, NS, SOA, PTR, SRV, CAA — what each does, critical constraints, TTL strategy, and common use cases developers encounter regularly.

By sadiqbd · June 8, 2026

Share:
Every DNS Record Type Explained: A Practical Reference for A, CNAME, MX, TXT, NS & More

DNS records are the phonebook entries of the internet — here's what every type does

Domain Name System records translate human-readable domain names into the machine-readable information that servers need to communicate. Most people know that A records point to IP addresses. Beyond that, the taxonomy gets murkier — CNAME, MX, TXT, NS, SOA, SRV, CAA each serve distinct purposes, and misunderstanding them causes broken email, failed migrations, security gaps, and infrastructure mysteries.

This is the practical reference for each record type.

A record — the basic address record

What it does: maps a domain or subdomain to an IPv4 address.

Format:

example.com.      IN  A     93.184.216.34
www.example.com.  IN  A     93.184.216.34

Common uses:

  • Pointing a domain to a web server
  • Setting static IP assignments for specific subdomains (api., mail., ftp.)

Important detail: multiple A records can exist for the same name (DNS-based load balancing). Resolvers typically return all of them; clients use one (often the first, sometimes randomly selected).

AAAA record — IPv6 address

What it does: same as A record, but for IPv6 addresses.

Format:

example.com.  IN  AAAA  2606:2800:220:1:248:1893:25c8:1946

Modern stacks query both A and AAAA and prefer IPv6 when available.

CNAME — canonical name (alias)

What it does: creates an alias from one domain name to another. The CNAME target must eventually resolve to an A or AAAA record.

Format:

www.example.com.    IN  CNAME  example.com.
shop.example.com.   IN  CNAME  shops.myplatform.com.

The critical rule: a CNAME cannot coexist with other records at the same name. In particular, you cannot have a CNAME at the zone apex (the root domain — example.com) because the zone apex must have NS and SOA records. This is why services like Cloudflare offer "CNAME flattening" (also called ANAME or ALIAS records) to work around this limitation.

Common uses:

  • Pointing www. to the root domain
  • Pointing custom subdomains to third-party platforms (Shopify, GitHub Pages, Vercel)

MX — mail exchanger

What it does: specifies which mail servers accept incoming email for the domain, and their priority order.

Format:

example.com.  IN  MX  10  mail1.example.com.
example.com.  IN  MX  20  mail2.example.com.

Lower priority number = higher preference. Mail is delivered to the lowest-numbered server first; the higher number serves as fallback if the primary is unavailable.

Common uses:

  • Google Workspace: aspmx.l.google.com. (priority 1) + backup servers
  • Microsoft 365: example-com.mail.protection.outlook.com.

Important: MX targets must be A or AAAA records — never CNAME records.

TXT — text record (the multi-purpose record)

What it does: stores arbitrary text. Originally for human-readable notes; now used extensively for machine-readable verification and authentication strings.

Format:

example.com.  IN  TXT  "v=spf1 include:_spf.google.com ~all"
example.com.  IN  TXT  "google-site-verification=abc123xyz"

Common uses:

  • SPF — sender policy for email authentication
  • DMARC — email policy at _dmarc.<domain>
  • DKIM — public signing keys at <selector>._domainkey.<domain>
  • Domain verification — Google Search Console, AWS, Cloudflare, and many others verify domain ownership via TXT records
  • BIMI — brand logo record at default._bimi.<domain>

Multiple TXT records can exist at the same name. For SPF, only one SPF TXT record is allowed per name — multiple SPF records cause SPF failure.

NS — nameserver record

What it does: specifies which nameservers are authoritative for the domain. These are the servers that hold the actual DNS records.

Format:

example.com.  IN  NS  ns1.nameserver.com.
example.com.  IN  NS  ns2.nameserver.com.

Who controls NS records: the NS records at the zone apex are controlled by the domain registrar, not the DNS hosting provider. When you "change nameservers" for a domain, you're updating NS records at the registrar level. Once NS records point to a new provider, that provider's DNS servers serve all the other records.

Important: NS records at the zone apex cannot be a CNAME.

SOA — start of authority

What it does: every DNS zone has exactly one SOA record. It contains administrative information about the zone: the primary nameserver, the email of the zone administrator, and several timing parameters.

Format:

example.com.  IN  SOA  ns1.nameserver.com. admin.example.com. (
    2024061001  ; Serial number (typically YYYYMMDDNN)
    3600        ; Refresh interval (seconds)
    900         ; Retry interval
    604800      ; Expire interval
    300 )       ; Minimum TTL

The serial number is incremented every time the zone changes. Secondary nameservers compare their serial to the primary's — if the primary's is higher, they transfer the updated zone. Many DNS tools auto-increment; manually edited zones require manual increment.

PTR — pointer record (reverse DNS)

What it does: maps an IP address to a hostname — the reverse of an A record. Used for reverse DNS (rDNS) lookup.

Format:

34.216.184.93.in-addr.arpa.  IN  PTR  example.com.

Important for email: many receiving mail servers perform rDNS lookups on the sending IP. A sending IP without a matching PTR record, or with a PTR that doesn't match the hostname, is a spam signal. Email servers should have PTR records matching their sending hostname.

Who controls PTR records: the IP block owner (your hosting provider or ISP), not the domain registrar. You typically request PTR records through your server provider.

SRV — service record

What it does: specifies the hostname and port for specific services. Enables service discovery without hardcoded port information.

Format:

_service._protocol.example.com.  IN  SRV  priority weight port target.

_xmpp-client._tcp.example.com.   IN  SRV  5 0 5222 xmpp.example.com.
_sip._tls.example.com.            IN  SRV  10 20 5060 sip.example.com.

Common uses:

  • XMPP (Jabber) server discovery
  • SIP for VoIP
  • Microsoft Autodiscover for Exchange/Microsoft 365
  • Various federation and service discovery protocols

CAA — certification authority authorisation

What it does: specifies which certificate authorities (CAs) are permitted to issue SSL/TLS certificates for the domain. Any CA not listed is forbidden from issuing certificates.

Format:

example.com.  IN  CAA  0 issue "letsencrypt.org"
example.com.  IN  CAA  0 issue "digicert.com"
example.com.  IN  CAA  0 issuewild "letsencrypt.org"

Tags:

  • issue — authorises the CA to issue single-name certificates
  • issuewild — authorises wildcard certificate issuance
  • iodef — email/URL to notify if an unauthorised issuance attempt is detected

Security value: mitigates certificate misissuance — if an attacker compromises a CA, CAA records prevent that CA from issuing certificates for your domain unless explicitly authorised.

TTL: how long records are cached

Every DNS record has a TTL (Time to Live) in seconds — how long resolvers cache the record before re-querying.

Common TTL values:

  • 300 (5 minutes): good for records you might need to change quickly
  • 3600 (1 hour): standard for most records
  • 86400 (24 hours): common for stable records like NS

Before DNS migrations: lower TTL to 300–600 seconds a few days before making changes. This ensures old records expire quickly after the change. Raise TTL back to normal after the migration is confirmed stable.

How to use the DNS Lookup tool on sadiqbd.com

  1. Enter the domain
  2. Select the record type — A, AAAA, CNAME, MX, TXT, NS, SOA, SRV, CAA, PTR
  3. Query — the tool returns the current DNS records as seen from the lookup server
  4. Check across multiple record types — a full DNS audit requires checking several types

Frequently Asked Questions

Why does DNS sometimes return different results from different locations? DNS propagation: when records change, nameservers update immediately, but caches around the world hold the old value until their TTL expires. Different resolvers (Google's 8.8.8.8, Cloudflare's 1.1.1.1, your ISP's) may have cached the old or new value at any moment. Low TTL before changes reduces the propagation window.

Can I have both A and CNAME records for the same name? No — CNAME cannot coexist with any other record at the same name. If a name has a CNAME, it can only have other CNAME records pointing to the same target.

What's the difference between looking up example.com A and www.example.com A? These are separate DNS names. The root domain and www subdomain can resolve to different IPs. Most configurations point both to the same server, but they're independent records.

Is the DNS Lookup tool free? Yes — completely free, no sign-up required.

DNS records are infrastructure plumbing — invisible until something breaks. Knowing what each type does, and which constraints apply, prevents the configuration mistakes that produce hours of mysterious debugging.

Try the DNS Lookup tool free at sadiqbd.com — query any record type for any domain instantly.

Share:
Try the related tool:
Open DNS Lookup

More DNS Lookup articles

DNS Lookup — Query Any Record Type for Any Domain Instantly DNS Lookup — Query Any Record Type for Any Domain Instantly DNS as a Security Tool and Target: Cache Poisoning, Hijacking, and DNSSEC DNS as a Security Tool and Target: Cache Poisoning, Hijacking, and DNSSEC DNS Propagation, TTLs, and Caching: What Actually Happens When You Change a DNS Record DNS Propagation, TTLs, and Caching: What Actually Happens When You Change a DNS Record DNS over HTTPS: Why Your Browser and Your DNS Lookup Tool Might Be Talking to Different Servers DNS over HTTPS: Why Your Browser and Your DNS Lookup Tool Might Be Talking to Different Servers