Every time you type a website address into your browser, the Domain Name System (DNS) translates that human-readable name into an IP address that computers can use. DNS records are the instructions that make this translation possible. This guide explains every common record type, when you'd use each one, and how to look them up.
What is DNS?
The Domain Name System is often called the "phone book of the internet." Just as a phone book maps names to phone numbers, DNS maps domain names (like example.com) to IP addresses (like 93.184.216.34).
When you visit a website, your browser asks a DNS resolver (usually run by your ISP or a public service like Cloudflare's 1.1.1.1 or Google's 8.8.8.8) to look up the domain. The resolver queries authoritative nameservers to find the correct records, then returns the answer. This entire process typically takes 20-100 milliseconds.
A Record — The Foundation
The A record (Address record) maps a domain name to an IPv4 address. This is the most fundamental DNS record — it tells the internet where your website's server is located.
Example:
example.com → 93.184.216.34Most domains have at least one A record. Some have multiple A records pointing to different servers for load balancing — when a DNS resolver gets multiple A records, it typically rotates between them (round-robin DNS).
When to use it: To point your domain or subdomain to a server's IPv4 address. This is the first record you'll set up when launching a website.
AAAA Record — IPv6 Addresses
The AAAA record (also called "quad-A") does the same thing as an A record, but for IPv6 addresses. IPv6 addresses are the newer, longer format designed to replace IPv4 as the internet runs out of 4-billion-address space.
Example:
example.com → 2606:2800:220:1:248:1893:25c8:1946When to use it: When your server supports IPv6. Adding AAAA records alongside A records ensures your site is accessible to IPv6-only networks, which are increasingly common on mobile carriers.
CNAME Record — Aliases
A CNAME record (Canonical Name) creates an alias from one domain name to another. Instead of pointing to an IP address, it points to another domain name, which is then resolved to an IP.
Example:
www.example.com → example.com → 93.184.216.34The most common use is making www.example.com an alias for example.com. But CNAMEs are also essential for SaaS services — when you set up a custom domain for a tool like GitHub Pages or Vercel, you create a CNAME pointing to their servers.
Important rule: A CNAME cannot coexist with other records for the same name. You can't have both a CNAME and an MX record on example.com. This is why CNAMEs are typically used on subdomains, not the root domain.
MX Record — Email Routing
The MX record (Mail Exchange) tells email servers where to deliver mail for your domain. Without MX records, email sent to you@example.com has nowhere to go.
Example:
example.com MX 10 mail1.example.com
example.com MX 20 mail2.example.comThe number (10, 20) is the priority — lower numbers are tried first. In this example, mail servers will try mail1 first; if it's unavailable, they fall back to mail2. This provides redundancy for email delivery.
When to use it: Whenever you want to receive email on your domain. If you use Google Workspace, Microsoft 365, or any email provider, they'll give you specific MX records to add.
TXT Record — Verification and Security
The TXT record stores arbitrary text data. While it sounds simple, TXT records have become critical for email security and domain verification:
- SPF (Sender Policy Framework): Lists which mail servers are authorized to send email on behalf of your domain. Prevents email spoofing.
- DKIM (DomainKeys Identified Mail): Contains a public key used to verify that emails weren't tampered with in transit.
- DMARC: Tells receiving servers what to do with emails that fail SPF/DKIM checks — reject them, quarantine them, or let them through.
- Domain verification: Services like Google Search Console, Microsoft 365, and various SaaS tools ask you to add a specific TXT record to prove you own a domain.
Example SPF record:
example.com TXT "v=spf1 include:_spf.google.com ~all"This says "only Google's mail servers are authorized to send email for this domain."
NS Record — Nameserver Delegation
The NS record (Name Server) specifies which DNS servers are authoritative for your domain. These are the servers that hold the "source of truth" for all your other DNS records.
Example:
example.com NS ns1.cloudflare.com
example.com NS ns2.cloudflare.comWhen you buy a domain from a registrar and want to use Cloudflare's DNS, you update the NS records to point to Cloudflare's nameservers. Multiple NS records provide redundancy — if one nameserver is down, others can answer queries.
When to use it: When changing DNS providers or setting up subdomain delegation (pointing a subdomain to a different DNS provider than the parent domain).
SOA Record — Zone Authority
The SOA record (Start of Authority) contains administrative information about the DNS zone. Every domain has exactly one SOA record, and it's mostly managed automatically by your DNS provider.
It includes the primary nameserver, the responsible person's email (encoded in a specific format), a serial number that increments with each change, and timing values for how often secondary nameservers should refresh their copies.
When to use it: You rarely need to manually edit SOA records. DNS providers manage them automatically. The serial number is useful for debugging — if it hasn't changed, your DNS update hasn't propagated yet.
How to Look Up DNS Records
There are several ways to check a domain's DNS records:
Using ToolboxHub's DNS Lookup
The easiest way — enter any domain in our DNS Lookup Tool and check all record types (A, AAAA, MX, NS, TXT, CNAME, SOA) with one click. Results appear instantly with clear formatting.
Using the Command Line
On macOS and Linux, use dig:
dig example.com A
dig example.com MX
dig example.com TXTOn Windows, use nslookup:
nslookup -type=MX example.comCommon DNS Mistakes to Avoid
- Missing SPF/DKIM/DMARC: Without email authentication records, your emails are more likely to land in spam — and attackers can spoof your domain
- CNAME at the root: You can't use a CNAME on your bare domain. Use an A record (or ALIAS/ANAME if your DNS provider supports it)
- Forgetting the trailing dot: In some DNS configurations,
example.comis relative andexample.com.is absolute. Getting this wrong can create weird loops - Ignoring TTL: Setting very high TTL values means DNS changes take longer to propagate. Before making changes, lower the TTL first, wait for propagation, make your change, then raise it again
- Not verifying after changes: Always verify your DNS changes with a DNS Lookup after making them. DNS propagation can take up to 48 hours, but most changes are visible within minutes
Start Exploring Your DNS
Understanding DNS records gives you control over how your domain works — where your website points, how email is routed, and how your domain is verified. Use our free DNS Lookup Tool to explore any domain's records, or check domain registration details with the WHOIS Lookup. If you're shopping for a domain, the Domain Availability Checker can help you find the perfect name.