Learn DNS Records: A Practical Guide to Real-World Scenarios and Troubleshooting
Understanding DNS records is essential for anyone managing websites, networks, or online services. Whether you're configuring a domain, troubleshooting connectivity, or optimising performance, knowing how DNS works in real-world scenarios is crucial. In this guide, we'll explore key DNS record types through practical examples to help you apply this knowledge effectively.
What is DNS? #
DNS (Domain Name System) is like the internet’s phonebook. It translates human-friendly domain names (such as example.com) into computer-friendly IP addresses (such as 192.0.2.1 or 2001:0db8::1), which are needed to locate and connect to websites and services.
When you enter a domain name in your browser:
- Your computer sends a DNS query to a DNS server.
- The DNS server looks up the domain and responds with its corresponding IP address.
- Your browser uses this IP address to connect to the website’s server.
Without DNS, you would have to remember the numerical IP address of every website you want to visit. DNS makes the internet easier to use by letting you access websites using names instead of numbers.
What is a DNS Resolver? #
A DNS resolver is a component (usually a server) that translates domain names (e.g. example.com) into IP addresses (e.g. 93.184.216.34).
How It Works
When you enter a domain in your browser:
- Your system’s stub resolver sends a DNS query to a recursive resolver.
- The recursive resolver checks its cache.
- If the answer is not cached, it queries authoritative DNS servers.
- The final IP address is returned to your system.
Types of DNS Resolvers
Public DNS resolvers like Cloudflare or Google are often faster and more private than default ISP resolvers.
- Recursive Resolver: Handles full DNS resolution on behalf of the client. Examples:
- Cloudflare:
1.1.1.1 - Google:
8.8.8.8
- Cloudflare:
- Caching Resolver: Stores DNS responses temporarily (based on TTL) to speed up repeated queries. Often the same as a recursive resolver.
- Stub Resolver: A lightweight client-side resolver (typically on your OS) that forwards queries to a recursive resolver.
DNS Records #
DNS records are individual entries in the Domain Name System that define how a domain behaves. Each record type serves a specific purpose, such as directing web traffic, handling email, or verifying domain ownership. Here are the most common types of DNS records:
1. A Record (Address Record) #
- Purpose: Maps a domain or subdomain to an IPv4 address.
- Scenario: You host your website
example.comon a VPS with the IP203.0.113.10. - Example:
DNS Setting
| Type | Name | Content | TTL |
|---|---|---|---|
| A | @ |
203.0.113.10 |
Auto |
Explanation:
@refers to the root domain.
TTL (Time to Live)
TTL refers to the duration a DNS record is cached by DNS resolvers and servers before they check for an updated version. This helps reduce the number of DNS queries made, speeding up the process and reducing server load.
- Short TTL (e.g., 300 seconds / 5 minutes):
DNS records are refreshed every 5 minutes. Use this when making frequent changes (e.g., during domain migrations) to ensure updates are applied quickly. - Long TTL (e.g., 3600 seconds / 1 hour):
DNS records are refreshed every hour. Ideal for stable records that rarely change (e.g., your main website IP address), reducing DNS query load. - Auto TTL:
The TTL adjusts dynamically based on the type of DNS record (e.g., A, CNAME, MX) and its typical update frequency. When set to auto, the DNS provider selects an optimal TTL, balancing speed and caching efficiency.
2. AAAA Record (IPv6 Address Record) #
IPv6 is the latest version of the Internet Protocol. It provides a much larger pool of IP addresses than IPv4, which is running out. IPv6 addresses are longer (e.g. 2001:0db8::1) and allow more devices to connect to the internet.
- Purpose: Maps a domain or subdomain to an IPv6 address.
- Scenario: Your server supports IPv6, and you want to enable it.
- Example:
DNS Setting
| Type | Name | Content | TTL |
|---|---|---|---|
| AAAA | @ |
2001\:db8::1 |
Auto |
3. CNAME Record (Canonical Name Record) #
- Purpose: Alias one domain to another. Cannot be used on root domains.
- Scenario: Point
www.example.comtoexample.com. - Example:
DNS Setting
| Type | Name | Content | TTL |
|---|---|---|---|
| CNAME | www |
example.com |
Auto |
Requests to www.example.com resolve to example.com.
4. MX Record (Mail Exchange Record) #
- Purpose: Directs email traffic to the mail servers responsible for a domain.
- Scenario: Use ProtonMail to handle email for
example.com. - Example:
DNS Setting
| Type | Name | Content | Priority |
|---|---|---|---|
| MX | @ |
mail.protonmail.ch |
10 |
| MX | @ |
mailsec.protonmail.ch |
20 |
MX records have a priority setting, with lower numbers indicating higher priority. This allows backup mail servers. For example, if mail.protonmail.ch is unavailable, emails will be sent to mailsec.protonmail.ch.
5. TXT Record (Text Record) #
- Purpose: Holds custom text. Common for domain verification and SPF, DKIM, DMARC settings.
- Scenario: Set up email authentication for ProtonMail.
- Example:
DNS Setting
| Type | Name | Content | TTL |
|---|---|---|---|
| TXT | @ | v=spf1 include:_spf.protonmail.ch -all |
Auto |
| TXT | protonmail._domainkey | v=DKIM1; k=rsa; p=MIIBIjANBgkqh... |
Auto |
| TXT | _dmarc | v=DMARC1; p=quarantine; adkim=s; aspf=s; pct=100; rua=mailto:[email protected] |
Auto |
6. NS Record (Name Server Record) #
NS records are managed at the domain registrar.
- Purpose: Delegates a domain or subdomain to another name server.
- Scenario: Configure your domain registrar to use Cloudflare as DNS provider.
- Example:
| Type | Name | Content |
|---|---|---|
| NS | @ |
ed.ns.cloudflare.com |
| NS | @ |
walt.ns.cloudflare.com |
7. PTR Record (Pointer Record) #
PTR records are configured via the hosting provider.
- Purpose: Maps an IP address to a domain name (reverse DNS). Mainly for mail server authentication.
- Scenario: You self-host email or services on your VPS.
- Example:
- IP:
203.0.113.10 - PTR:
mail.example.com
- IP:
8. SOA Record (Start of Authority Record) #
SOA records are managed automatically by the domain registrar.
- Purpose: Provides metadata about the domain, such as the primary name server, contact email, and DNS refresh timings.
- Scenario: Every DNS zone must have one SOA record.
- Example:
| Field | Value |
|---|---|
| Primary NS | ed.ns.cloudflare.com |
| Hostmaster | dns.cloudflare.com |
| Serial | Auto-generated |
| Refresh | 3600 |
| Retry | 900 |
| Expire | 604800 |
| Minimum TTL | 3600 |
Summary Table #
A quick reference to DNS record types, their purposes, and common use cases:
| Record | Purpose | Common Usage |
|---|---|---|
| A | IPv4 address | Point domain to web server |
| AAAA | IPv6 address | Point domain to IPv6 server |
| CNAME | Alias to another domain | www to root, CDN, or SaaS services |
| MX | Mail servers | Routing emails (e.g., to ProtonMail) |
| TXT | Text info | SPF, DKIM, DMARC, domain verification |
| NS | Authoritative DNS servers | Delegation, usually to Cloudflare |
| PTR | Reverse IP to hostname | Mail server legitimacy, logging |
| SOA | Zone authority info | Required, managed by DNS host |
Best Practices #
Following DNS best practices ensures your domain remains secure, reliable, and maintainable. The guidelines below are prioritised by importance to minimise risk and improve service availability.
1. Implement Email Authentication
- Implement and validate SPF, DKIM, and DMARC records to prevent spoofing and ensure reliable email delivery.
- Regularly test email headers to confirm authentication passes.
2. Enable DNSSEC
- DNSSEC protects your domain from DNS spoofing and cache poisoning.
- Enable it if both your DNS provider and domain registrar support it.
3. Restrict Internal Exposure
- Do not publish internal or development services in public DNS unless absolutely necessary.
- Use private zones or restrict access using firewalls and access controls.
4. Back Up DNS Settings
- Export your full DNS zone regularly and before making changes.
- Backups help quickly restore previous configurations after errors or accidental deletions.
5. Set TTLs Wisely
- Use shorter TTLs (e.g. 300s) during changes or migrations to minimise propagation delay.
- Use longer TTLs (e.g. 3600s or more) for stable records to reduce DNS lookup traffic.
6. Name Subdomains Clearly
- Name subdomains clearly based on their function (e.g.
mail,api,admin). - Avoid vague or ambiguous labels that complicate troubleshooting.
Troubleshooting #
Website Not Loading
Symptoms:
- Browser shows "Server not found" or "DNS address could not be found".
- Ping to the domain fails.
Cause:
- Missing or incorrect A (IPv4) or AAAA (IPv6) records.
- DNS propagation not complete.
Solution:
- Verify that the A/AAAA records point to the correct IP address of your server.
- Ensure no typos or outdated IPs are used.
- Allow up to 48 hours for DNS changes to propagate globally.
Email Not Delivering
Symptoms:
- Inbound or outbound emails fail.
- SMTP or IMAP errors appear in email clients.
Cause:
- Missing or incorrect MX records.
- Priority values improperly configured.
Solution:
- Check that MX records point to the correct mail server addresses.
- Confirm that MX priority values are set appropriately (lower numbers = higher priority).
- Avoid using IP addresses directly in MX records.
Emails Going to Spam
Symptoms:
- Emails land in spam folders.
- Email delivery fails due to authentication errors.
Cause:
- Missing or incorrect SPF, DKIM, or DMARC TXT records.
- Misconfigured domain authentication settings.
Solution:
- Add a valid SPF record indicating authorised sending servers.
- Ensure DKIM is enabled and the public key is published as a TXT record.
- Define a DMARC policy to instruct how receiving servers handle unauthenticated messages.
DNS Propagation Delay
Symptoms:
- Recent changes to DNS records are not reflected when querying the domain.
- Old IPs or configurations are still being resolved.
Cause:
- DNS propagation delay.
- Local or upstream DNS cache still active.
Solution:
- Wait up to 24–48 hours for global propagation.
- Clear your local DNS cache or test using a different network.
- Use online tools to check propagation status.
CNAME Redirect Not Working
Symptoms:
www.example.comor other subdomains do not resolve correctly.- Redirects fail or resolve to an unexpected destination.
Cause:
- Incorrect or missing CNAME records.
- Attempting to use CNAME on the root domain (not allowed by DNS standards).
Solution:
- Verify the CNAME record points to the correct target domain.
- Use an A or ALIAS/ANAME record for root domains instead of CNAME.
Incorrect Name Server Settings
Symptoms:
- DNS changes are ignored or never apply.
- Domain resolves to old data even after updates.
Cause:
- Incorrect NS (Name Server) records at the domain registrar.
- Records changed at a DNS provider not currently authoritative for the domain.
Solution:
- Confirm which name servers are authoritative for the domain using a WHOIS lookup.
- Ensure the NS records at your domain registrar match the DNS provider you're using.
- Only make DNS record changes at the provider listed in the NS records.