T
dns networking cname dnssec web-infrastructure

DNS Records and Infrastructure Guide: A, CNAME, MX, and Beyond

How the internet's phonebook works. Learn about common DNS records like A, AAAA, CNAME, MX, and TXT, and why DNSSEC is vital for security.

2026-04-11

DNS Records and Infrastructure Guide: A, MX, TXT, and More

DNS, or the Domain Name System, is often called the "phonebook of the internet." It is the service that translates human-friendly domain names (like example.com) into computer-friendly IP addresses (like 192.0.2.1). Without DNS, the internet as we know it would not exist.

1. Common DNS Record Types

Every domain has a zone file that contains various records. Here are the most common types:

  • A Record: Maps a domain name to an IPv4 address.
  • AAAA Record: Maps a domain name to an IPv6 address.
  • CNAME (Canonical Name): Aliases one name to another (e.g., www.example.com to example.com).
  • MX (Mail Exchange): Specifies the mail servers responsible for receiving email for the domain.
  • TXT (Text): Allows an admin to store any text in the DNS record. Commonly used for security verification (SPF, DKIM, DMARC).
  • NS (Name Server): Identifies the servers that are authoritative for the domain.
  • PTR (Pointer): The opposite of an A record; it maps an IP address back to a domain name (Reverse DNS).
  • SRV (Service): Defines the location (hostname and port) of specific services.
  • SOA (Start of Authority): Contains administrative information about the zone.

2. DNS Infrastructure

Authoritative vs. Recursive DNS

  • Recursive DNS: The server that your computer talks to first. It "hunts" for the IP address by asking other servers.
  • Authoritative DNS: The final source of truth. It holds the actual records for a domain.

TTL (Time to Live)

TTL is a value in a DNS record that tells servers how long to cache the record before asking for an update. A lower TTL allows for faster changes but increases server load.

3. Security and Software

DNSSEC (DNS Security Extensions)

DNS was not originally designed with security in mind. DNSSEC adds cryptographic signatures to DNS records, preventing attackers from redirecting users to malicious websites via "DNS spoofing."

BIND (Berkeley Internet Name Domain)

BIND is the most widely used DNS software on the internet. It is open-source and has been the backbone of DNS infrastructure for decades.

Quick Reference: Record Use Cases

Record Purpose Example
A Connect to Web Server (IPv4) example.com -> 93.184.216.34
MX Route Emails mail.example.com (Priority 10)
TXT Verify Domain Ownership v=spf1 include:_spf.google.com ~all
CNAME Subdomain Redirection blog.example.com -> example.github.io
AAAA Connect to Web Server (IPv6) example.com -> 2606:2800:220:1:248:1893:25c8:1946

Conclusion

Understanding DNS is essential for managing any web property. Whether you are setting up email, improving security with DNSSEC, or optimizing performance by adjusting TTL values, a solid grasp of DNS infrastructure ensures your services remain reachable and secure.

Back to Blog