DNS Record Types: The Complete Guide (2025)

Explore all major DNS record types with this guide. Learn what they are, how each one works, why they matter, and when to use them.

· 11 min read
dns record types: the complete guide

Not all DNS (domain name system) queries do the same thing. Some help you visit websites, while others send emails or route traffic. Each type needs the right DNS record to work properly.

DNS records are like instructions that help DNS servers know what to do when someone tries to visit a website or send an email.

There are dozens of DNS record types, each with its own specific functions, which is why effective DNS record management is crucial. It helps users navigate your website, allows you to troubleshoot problems, and find anomalies in traffic.

This article will explain what a DNS record is, explore the different types, the most common ones you should be aware of, and much more.

Quick Reference Table: Most Common DNS Record Types

Common DNS Record Types
Record Type Purpose Example When You Need It
A Maps domain to IPv4 address example.com → 147.185.34.1 Every website needs this
AAAA Maps domain to IPv6 address example.com → 2606:1a40:3::1 Modern web compatibility
CNAME Creates domain alias www.example.com → example.com Subdomains and redirects
MX Routes email for a domain
to a mail server
example.com → mail.google.com Custom email addresses
TXT Stores text information Domain verification codes Security and verification
NS Points to DNS server example.com → ns1.cloudflare.com DNS hosting setup
SOA Zone authority information Primary server details DNS zone management
PTR Reverse DNS lookup 147.185.34.1 → example.com Email deliverability

What Are DNS Record Types?

DNS record types – also known as zone files – are the rules that tell the internet how to handle different requests for your domain, like loading a website, sending an email, or verifying identity.

Each DNS record is a text-based entry stored on an authoritative DNS server. Think of them like instructions in a database. Every domain has multiple DNS records, and each one serves a specific purpose. Together, they help keep your domain connected, functional, and secure.

Top 8 DNS Record Types Explained

A record

What it does: Connects your domain name to an IPv4 address (like 147.185.34.1)

An A record, short for Address record, is the most fundamental DNS record type. It maps a domain name to its corresponding IP address – specifically, an IPv4 address – and is used in the IP lookup process.

It allows you to seamlessly access a website by entering a domain name in your browser instead of remembering every domain’s IP address.

Example:

  • Domain: controld.com
  • A Record: 147.185.34.1
  • Result: When someone types mystore.com, they reach the server at 147.185.34.1

AAAA record

What it does: Connects your domain name to an IPv6 address (like 2606:1a40:3::1)

AAAA records work exactly like A records, but they use the newer IPv6 address format. IPv6 addresses are longer but provide many more possible addresses.

IPv6 addresses are becoming more common because they solve a big problem: IPv4 only has about 4.3 billion possible addresses, but IPv6 has 340 trillion trillion trillion addresses (340 followed by 36 zeros). IPv6 ensures we'll never run out of internet addresses.

CNAME record (Canonical Name record)

What it does: Creates an alias that points one domain name to another

CNAME records let you point multiple domain names to the same destination without creating separate A records for each one.

Important note: CNAME records cannot be used for root domains (like example.com) but work perfectly for subdomains like www.example.com or blog.example.com.

Common use cases:

  • Point www.example.com to example.com
  • Redirect blog.example.com to your main site
  • Create easy-to-remember aliases for long domain names

This makes www.example.com and blog.example.com an alias domain name for example.com

MX record (Mail Exchange record)

What it does: Tells email systems which server handles email for your domain

MX records are essential if you want custom email addresses like yourname@yourdomain.com. They point incoming emails to the right mail server.

How it works:

  1. Someone sends an email to john@example.com
  2. Their email system checks the MX record for example.com
  3. The MX record says "send emails to mail.google.com"
  4. The email gets delivered to Google's servers

Priority numbers: MX records include priority numbers (lower numbers = higher priority). This lets you set backup mail servers in case your primary server is down.

Incorrect MX records can prevent emails from being received. Therefore, correct MX records are paramount in ensuring all emails sent to that email address successfully land in your inbox.

TXT record (Text record)

What it does: Stores text information for various purposes, especially security and verification

TXT records are like sticky notes attached to your domain. They hold important text information that other systems can read.

Common uses:

  • Domain verification: Prove you own a domain to services like Google
  • Email security: Set up SPF, DKIM, and DMARC to prevent email spoofing
  • Site verification: Verify ownership for search engines and social media platforms

SPF Records: Sender Policy Framework (SPF) records are actually TXT records that specify which mail servers can send email from your domain. This helps prevent email spoofing and improves deliverability.

NS record (Name Server record)

What it does: Points to the DNS servers that have authority over your domain

NS records tell the internet which DNS servers contain the official information about your domain (= which DNS server is the authoritative nameserver for a domain). Think of them as directions to the right information booth.

How it works:

  • Your domain registrar stores NS records
  • These records point to your DNS hosting provider
  • Your DNS hosting provider stores all your other DNS records (A, MX, TXT, etc.)

When you need to update NS records:

  • Switching DNS hosting providers
  • Setting up DNS management with a new service
  • Delegating subdomain management to another service

SOA record (Start of Authority record)

What it does: Contains administrative information about your DNS zone

Every DNS zone must have exactly one SOA record. It's like the title page of a book - it tells you who's in charge and provides important details about the zone.

Information stored in SOA records:

  • Primary DNS server name
  • Administrator's email address
  • Serial number (for tracking changes)
  • Refresh interval (how often secondary servers check for updates)
  • Retry interval (how often to retry failed zone transfers)
  • Expire time (when secondary servers should stop answering queries)
  • Minimum TTL (default Time to Live for records)

SOA records, short for Start of Authority, store important administrative information about a domain or DNS zone, such as the administrator’s email address, server refresh rate, and primary authoritative nameserver.

Every DNS zone must have an SOA record, and zone transfers cannot be made without one.

PTR record (Pointer record)

What it does: Performs reverse DNS lookups (IP address to domain name)

PTR records work backwards from A records. Instead of finding an IP address from a domain name, they find a domain name from an IP address.

Why PTR records matter:

  • Email deliverability: Many email servers require PTR records to accept your emails
  • Security: Help identify legitimate servers and detect malicious activity
  • Logging: Make server logs more readable by showing domain names instead of just IP addresses

Without PTR records, your emails might end up in spam folders or be rejected entirely.

What Is TTL in DNS Records?

TTL stands for Time to Live. It's a number attached to every DNS record that tells other servers how long to cache (or "remember") the record before checking again for changes.

For example, if your A record has a TTL of 3600 seconds, that means DNS servers will remember it for 1 hour before looking it up again.

Why it matters:

  • A shorter TTL makes updates faster but can increase DNS traffic.
  • A longer TTL reduces traffic but makes changes slower to appear.

Less Common Types of DNS Record Types

ANAME/ALIAS record

What it does: Points your root domain to a hostname instead of an IP address

ANAME records fill a gap that CNAME records can't handle. While CNAME records only work for subdomains, ANAME records work for root domains.

Use case: Point example.com to a cloud service hostname like app.yourdomain.com

CAA record (Certificate Authority Authorization)

What it does: Controls which companies can issue SSL certificates for your domain

CAA records add security by specifying which Certificate Authorities (CAs) are allowed to issue SSL certificates for your domain. Without a CAA record, anyone can issue a certificate for that domain.

CERT record (Certificate record)

What it does: Stores public key certificates and certificate revocation lists (CRLs) in DNS

CERT records let you store SSL certificates and other security certificates directly in DNS. This creates an additional way to verify the authenticity of websites and secure communications.

Common uses:

  • Store backup certificates in case primary ones fail
  • Provide additional certificate verification methods
  • Support legacy systems that check DNS for certificates

DHCID record (DHCP Identifier Record)

​​What it does: Helps manage DNS updates when IP addresses change automatically

DHCID records work with DHCP (Dynamic Host Configuration Protocol) to keep DNS records accurate when devices get new IP addresses automatically.

It’s useful for large networks where computers and devices frequently get new IP addresses but need to keep the same domain names.

DNAME record (Delegation Name Record)

What it does: Redirects an entire domain and all its subdomains to another domain

DNAME records are like super-powered CNAME records. While CNAME only redirects one specific domain name, DNAME redirects everything under a domain, including subdomains.

Example:

  • Set up DNAME: oldcompany.comnewcompany.com
  • Automatic redirects created:
    • www.oldcompany.comwww.newcompany.com
    • blog.oldcompany.comblog.newcompany.com
    • store.oldcompany.comstore.newcompany.com
    • Any subdomain gets redirected automatically

DNSKEY record 

What it does: Contains public keys used for DNSSEC security

DNSKEY records are part of DNS Security Extensions (DNSSEC) that protect against DNS spoofing and cache poisoning attacks. They contain the public keys to verify DNS record signatures.

HIP record (Host Identity Protocol record)

What it does: Provides secure communication by separating device identity from location

HIP records store cryptographic information that helps devices communicate securely, even when their IP addresses change.

The problem HIP solves:

  • Traditional internet ties device identity to IP addresses
  • When IP addresses change, connections break
  • Mobile devices constantly change networks and IP addresses

How HIP records help:

  • Store a permanent Host Identity Tag (HIT) for each device
  • Include cryptographic keys for secure communication
  • Allow devices to maintain connections even when moving between networks

IPSECKEY record

What it does: Provides information needed to establish secure IPsec VPN connections

IPSECKEY records store the public keys and connection details needed to set up IPsec (Internet Protocol Security) tunnels automatically.

Information stored:

  • Public encryption keys
  • Gateway IP addresses (optional)
  • Algorithm specifications
  • Connection parameters

Benefits:

  • Automatic VPN setup without manual configuration
  • Secure communication between networks
  • Simplified key distribution for large organizations

LOC record (Location record)

What it does: Stores the physical location of servers, networks, or domains

LOC records contain geographical coordinates (latitude, longitude, altitude) and size information for physical locations.

Information included:

  • Latitude and longitude coordinates
  • Altitude above sea level
  • Horizontal and vertical precision measurements
  • Size of the location area

Practical applications:

  • Emergency services: Help locate servers for emergency response
  • Content delivery: Route users to geographically closer servers
  • Compliance: Meet legal requirements for data location tracking
  • Network mapping: Visualize global infrastructure on maps

NAPTR record (Naming Authority Pointer record)

What it does: Provides complex rules for converting domain names into other formats or services

NAPTR records contain sophisticated pattern-matching rules that can transform domain names and connect them to various services.

Common applications:

  • ENUM services: Convert phone numbers to internet services
  • SIP/VoIP: Route voice calls over the internet
  • Dynamic service discovery: Find services automatically based on domain patterns

How it works:

  1. NAPTR record contains a pattern-matching rule
  2. When queried, it processes the input according to the rule
  3. Returns either a final result or points to another record type (like SRV)
  4. Can chain multiple NAPTR records together for complex transformations

NSEC record (Next Secure record)

What it does: Proves that specific DNS records don't exist (used in DNSSEC)

NSEC records are part of DNSSEC security that provide cryptographic proof when a DNS record doesn't exist, preventing attackers from exploiting missing records.

Why this matters:

  • Without NSEC, attackers could claim "this record doesn't exist" and redirect traffic
  • NSEC provides signed proof that a record truly doesn't exist
  • Prevents "negative response" attacks

How it works:

  1. NSEC records list which record types DO exist for a domain
  2. They're cryptographically signed like other DNSSEC records
  3. When a query asks for a non-existent record, NSEC proves it doesn't exist
  4. This prevents attackers from faking "record not found" responses

RRSIG record (Resource Record Signature record)

What it does: Contains digital signatures for other DNS records (part of DNSSEC)

RRSIG records are the digital signatures that prove other DNS records are authentic and haven't been tampered with.

How digital signing works:

  1. Each DNS record gets a digital signature created with a private key
  2. The signature gets stored in an RRSIG record
  3. Anyone can verify the signature using the public key in DNSKEY records
  4. If the signature doesn't match, the record has been tampered with

What RRSIG records protect:

  • A and AAAA records (prevent IP address hijacking)
  • MX records (prevent email interception)
  • TXT records (prevent security policy tampering)
  • All other DNS record types

RP record (Responsible Person record)

What it does: Stores contact information for the person responsible for a domain or specific DNS records

RP records provide a way to identify who to contact for DNS-related issues, security problems, or administrative questions.

When RP records are useful:

  • Security incidents: Security researchers need to report vulnerabilities
  • Network issues: Other network administrators need to coordinate problem-solving
  • Legal matters: Authorities need to contact the domain administrator(s)
  • Abuse reports: Report spam, malware, or other misuses

SPF Record (Sender Policy Framework Record)

What it does: Prevents email spoofing by specifying which mail servers can send email from your domain

Important note: SPF records are actually TXT records with a specific format, not a separate DNS record type.

How SPF prevents email spoofing:

  1. You create an SPF record listing authorized mail servers
  2. When someone receives an email from your domain, their mail server checks your SPF record
  3. If the email came from an authorized server, it passes SPF checks
  4. If it came from an unauthorized server, it fails and might be marked as spam

SRV record (Service record)

What it does: Defines the hostname and port number for specific services

SRV records help applications find services like:

  • Voice over IP (VoIP) servers
  • Instant messaging services
  • Game servers
  • Email services with specific ports

URLFWD Record (URL Forwarding record)

What it does: Redirects web traffic from one URL to another

Note: URLFWD is not a standard DNS record type but a feature offered by some DNS providers to simplify URL redirection.

How URL forwarding works:

  1. Someone types oldsite.com in their browser
  2. The DNS provider's servers receive the request
  3. Instead of returning an IP address, they return a redirect response
  4. The browser automatically goes to newsite.com

Types of URL forwarding:

  • 301 Redirect (Permanent): Tells search engines the move is permanent
  • 302 Redirect (Temporary): Indicates the redirect is temporary
  • Frame forwarding: Shows the new content but keeps the old URL

Common uses:

  • Redirect old domain names to new ones
  • Forward multiple domains to one main website
  • Create short, memorable URLs that redirect to longer ones
  • Temporary redirects during website maintenance

How to Check DNS Records (4 Methods)

Want to see what DNS records your domain currently has? Here are four reliable methods, from beginner-friendly to advanced:

Method 1: Online DNS Lookup Tools (Easiest)

Best for: Non-technical users who want quick results

Steps:

  1. Go to a free DNS checker website
  2. Enter your domain name (example.com)
  3. Select the record type you want to check (A, MX, TXT, etc.)
  4. Click "Search" or "Lookup"
  5. View results from multiple locations worldwide

What you'll see: A list showing your DNS records and their current values, often with a map showing global propagation status.

Method 2: Command Line Tools (For Tech Users)

Windows Command Prompt

For basic lookups:

  • nslookup example.com

For specific record types:

  • nslookup -type=MX example.com
  • nslookup -type=TXT example.com

Mac/Linux Terminal

Using dig (more detailed):

  • dig example.com A
  • dig example.com MX
  • dig example.com TXT

Using nslookup:

  • nslookup example.com
  • nslookup -type=MX example.com

Pro tip: The dig command provides more detailed information, including TTL values and query times.

Method 3: Your DNS Provider's Dashboard

Best for: Managing and viewing all records in one place

Most DNS hosting providers offer web dashboards where you can:

  • View all your current DNS records
  • Edit records directly
  • See propagation status
  • Access historical changes
  • Set up monitoring alerts

Method 4: Browser Developer Tools

For advanced troubleshooting:

  1. Open your browser's developer tools (F12)
  2. Go to the Network tab
  3. Visit your website
  4. Look for DNS resolution times and any DNS-related errors

This method helps identify DNS performance issues that might be slowing down your website.

Are DNS Records Important for Security?

Yes. DNS records play a big role in online security. For example:

  • TXT records can stop email spoofing using SPF, DKIM, and DMARC.
  • CAA records control who can issue SSL certificates for your site.
  • DNSSEC records like DNSKEY and RRSIG help prevent fake DNS responses.

By managing these correctly, you can stop phishing, spoofing, and other attacks.

Final Thoughts

DNS records are rules and instructions that help authoritative DNS servers handle DNS queries, making it the foundation on which the internet works. 

From basic A records that connect domain names to IP addresses, to advanced security records that protect against attacks, each type serves a specific purpose.

Understanding these DNS record types helps you manage your domain effectively, improve security, and ensure reliable service for your users.

🧑‍💻
Learn more about how Control D can keep your business safe online within minutes. Book a no-obligation call with a product expert👇
Blocks threats, unwanted content, and ads on all devices within minutes

Secure, Filter, and Control Your Network

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices. Onboard in minutes, and forget about it.

Deploy Control D in minutes on your device fleet using any RMM

Block malware, harmful content, trackers and ads in seconds

Go beyond blocking with privacy features