DNS Record Types Explained: A, AAAA, CNAME, MX, TXT, and More

DNS records are entries in a domain’s DNS zone file that tell the Domain Name System how to handle requests for that domain. Different record types serve different purposes: A records map domains to IPv4 addresses, AAAA records handle IPv6, MX records route email, CNAME records create aliases, and TXT records store everything from email authentication policies to domain ownership verification. Understanding these record types is essential for anyone managing a domain, running a website, or setting up email.

The Essential Records

A Record (Address)

The most fundamental DNS record. Maps a domain name to an IPv4 address.

whatismyip.wiki.    3600    IN    A    116.203.189.147

When someone types whatismyip.wiki in their browser, the DNS resolver returns this A record, and the browser connects to 116.203.189.147. Simple, direct, and by far the most commonly queried record type.

You can have multiple A records for the same domain (called round-robin DNS), and the resolver will return them in varying order to distribute traffic across multiple servers. This is a basic form of load balancing.

AAAA Record (IPv6 Address)

Exactly like an A record but for IPv6 addresses. The name “AAAA” (quad-A) reflects that IPv6 addresses are four times longer than IPv4.

whatismyip.wiki.    3600    IN    AAAA    2a01:4f8:1c1e:d73::1

As IPv6 adoption grows, having AAAA records becomes increasingly important. Many mobile networks are IPv6-native, and about 45% of internet traffic now uses IPv6. If you don’t have AAAA records, IPv6-only users need a translation layer to reach your site.

CNAME Record (Canonical Name)

An alias that points one domain name to another. Instead of pointing to an IP address, it points to another domain name which then resolves to an IP.

www.whatismyip.wiki.    3600    IN    CNAME    whatismyip.wiki.

This says “www.whatismyip.wiki is an alias for whatismyip.wiki.” The resolver follows the chain: look up the CNAME, get the target domain, then look up that domain’s A/AAAA record.

Important limitations:

CNAME records cannot coexist with other record types for the same name
You cannot use a CNAME on the root domain (e.g., whatismyip.wiki without www)
Each CNAME adds a DNS lookup, slightly increasing resolution time

The root domain limitation exists because the root domain needs SOA and NS records, which would conflict with a CNAME. Some DNS providers (Cloudflare, Route 53, DNSimple) offer proprietary “ALIAS” or “ANAME” records that work like CNAMEs on the root domain by resolving the target at the DNS server level.

MX Record (Mail Exchange)

Specifies which mail servers handle email for the domain.

whatismyip.wiki.    3600    IN    MX    10 mx1.mail.server.com.
whatismyip.wiki.    3600    IN    MX    20 mx2.mail.server.com.

The number before the server name is the priority. Lower numbers = higher priority. If the priority-10 server is down, email goes to the priority-20 server. Most email providers give you two or three MX records for redundancy.

Without MX records, nobody can send email to your domain. When someone emails [email protected], their email server looks up the MX records to find out where to deliver it.

TXT Record (Text)

Stores arbitrary text data. Originally designed for human-readable notes, TXT records have become the workaround for adding all kinds of metadata to DNS. Major uses:

SPF (Sender Policy Framework):

whatismyip.wiki.    3600    IN    TXT    "v=spf1 include:_spf.google.com ~all"

Tells receiving mail servers which servers are authorized to send email from your domain. This is critical for email deliverability and preventing spoofing.

DKIM (DomainKeys Identified Mail): Publishes the public key used to verify DKIM email signatures. The sending server signs each email, and recipients verify the signature against this DNS record.

DMARC (Domain-based Message Authentication):

_dmarc.whatismyip.wiki.    3600    IN    TXT    "v=DMARC1; p=reject; rua=mailto:[email protected]"

Tells receiving servers what to do when SPF or DKIM checks fail (none, quarantine, or reject).

Domain verification: Google Search Console, Facebook, Microsoft 365, and dozens of other services verify domain ownership by asking you to add a specific TXT record.

NS Record (Name Server)

Specifies which DNS servers are authoritative for the domain.

whatismyip.wiki.    86400    IN    NS    ns1.cloudflare.com.
whatismyip.wiki.    86400    IN    NS    ns2.cloudflare.com.

When a resolver needs to look up records for your domain, NS records tell it which servers to ask. Changing your NS records effectively changes who manages your DNS. This is what you update when moving your DNS to Cloudflare, Route 53, or any other provider.

SOA Record (Start of Authority)

Contains metadata about the DNS zone, including the primary nameserver, administrator email, serial number, and timing parameters (refresh, retry, expire, minimum TTL).

Every DNS zone has exactly one SOA record. You rarely need to modify it manually; your DNS provider handles it.

Less Common But Occasionally Important Records

PTR Record (Pointer)

The reverse of an A record. Maps an IP address back to a domain name. Used for reverse DNS lookups.

147.189.203.116.in-addr.arpa.    3600    IN    PTR    whatismyip.wiki.

PTR records live in a special reverse DNS zone and are managed by whoever owns the IP block (usually your hosting provider). Reverse DNS is important for email (many servers reject mail from IPs without valid PTR records) and for network diagnostics.

SRV Record (Service)

Specifies the hostname and port for specific services. Format: _service._protocol.domain.

_sip._tcp.whatismyip.wiki.    3600    IN    SRV    10 60 5060 sip.server.com.

Used by VoIP (SIP), XMPP (chat), LDAP, and some gaming protocols to discover service endpoints.

CAA Record (Certification Authority Authorization)

Specifies which Certificate Authorities are allowed to issue SSL certificates for your domain.

whatismyip.wiki.    3600    IN    CAA    0 issue "letsencrypt.org"

This prevents unauthorized CAs from issuing certificates for your domain, adding a layer of security against misissuance.

DNSKEY and DS Records

Used by DNSSEC (DNS Security Extensions) to store cryptographic keys and delegation signatures. These ensure that DNS responses haven’t been tampered with.

TLSA Record

Used by DANE (DNS-based Authentication of Named Entities) to associate TLS certificates with domain names via DNS, providing an alternative to the Certificate Authority system.

Best Practices for Managing DNS Records

Always have both A and AAAA records if your host supports IPv6
Set appropriate TTLs: 3600 (1 hour) for most records, 300 (5 minutes) when you’re about to make changes
Always configure SPF, DKIM, and DMARC for email-capable domains
Use CAA records to restrict certificate issuance
Test your records after any change with a DNS lookup tool
Document your records somewhere outside DNS itself
Keep NS records pointing to reliable providers with global anycast networks

Test It Yourself

DNS Lookup Tool

Query any domain and see all its DNS records. A, AAAA, CNAME, MX, TXT, NS, SOA, and more.

Open Tool →

Frequently Asked Questions

An A record points a domain directly to an IP address. A CNAME points a domain to another domain name (an alias). CNAME records can't be used on the root domain (the 'naked' domain without www). Many DNS providers offer ALIAS or ANAME records as a workaround for this limitation.

Ideally yes. An A record points to your IPv4 address, and an AAAA record points to your IPv6 address. If you only have an A record, IPv6-only users can't reach your site. If your hosting provider supports IPv6 (most do), add AAAA records.

At least one to receive email. Most email providers give you two or more MX records with different priorities for redundancy. If the primary mail server is down, email gets delivered to the secondary.

TXT records store text data and are used for domain verification (Google, Microsoft, etc.), email authentication (SPF, DKIM, DMARC), and security policies. They're the Swiss army knife of DNS records.