DNS record types and what they control
| Record | Points to | Common use |
|---|---|---|
| A | IPv4 address (e.g. 93.184.216.34) | Root domain and subdomains to a server |
| AAAA | IPv6 address | IPv6 server address — increasingly common with CDNs |
| CNAME | Another hostname | www → apex, or custom domain → CDN hostname |
| MX | Mail server hostname + priority | Email routing — required for receiving email |
| TXT | Arbitrary text | SPF, DKIM, DMARC, domain verification tokens |
| NS | Nameserver hostname | Delegates DNS authority to a specific provider |
| SOA | Zone metadata | Start of authority — read-only, set by registrar |
| CAA | Certificate Authority name | Restricts which CAs can issue SSL certs for the domain |
TTL and why DNS propagation takes time
TTL (Time To Live) is the number of seconds a resolver caches your DNS record before re-querying the authoritative nameserver. A TTL of 3600 means resolvers keep your old record for up to one hour after you change it. This is why "DNS propagation" takes time — every recursive resolver worldwide has its own cache, and they expire independently.
Best practice before a planned DNS change: lower your TTL to 300 (5 minutes) at least 24 hours before making the change. After the change is verified, raise the TTL back to 3600 or higher. Lower TTL = more DNS queries (slightly more load) but faster propagation. Production A records typically run at 3600; records you change frequently (like CNAME for feature flags) can stay at 300.
To check whether a DNS change has reached a specific resolver, use: dig @8.8.8.8 example.com A (queries Google's resolver) or dig @1.1.1.1 example.com A (queries Cloudflare). Seeing different results from different resolvers is expected during propagation — it just means their caches haven't expired yet.
DNS record types — what each record does
| Record type | Purpose | Common use cases |
|---|---|---|
| A | Maps domain to IPv4 address | Point example.com to your server IP — the most basic DNS record |
| AAAA | Maps domain to IPv6 address | IPv6 equivalent of A record — increasingly required for full coverage |
| CNAME | Alias from one domain to another | www → example.com; subdomain → CDN provider hostname |
| MX | Mail exchanger — where email is delivered | Required for email to work; set to your email provider (Google Workspace, Outlook, etc.) |
| TXT | Arbitrary text associated with the domain | SPF (email anti-spoofing), DKIM, DMARC, domain ownership verification for Google/Cloudflare |
| NS | Name servers for the domain | Points to which DNS servers are authoritative for your domain |
| SOA | Start of Authority — zone metadata | Contains primary NS, admin email, serial number, refresh intervals |
| CAA | Certificate Authority Authorization | Restricts which CAs can issue SSL certs for your domain |
| PTR | Reverse DNS — IP to hostname | Used by email servers to verify sender legitimacy; set at the hosting level |
| SRV | Service location record | Used by VoIP (SIP), XMPP, Microsoft Teams for service discovery |