DNS (Domain Name System) records are entries in the global internet database that translate domain names into IP addresses and define how traffic is handled for a given domain. Thanks to them, your browser knows which server to connect to when you type a website address. In this article we explain what DNS records are, what their types are and what they are used for.
Check your domain's DNS records
You can quickly check the DNS records of any domain using our tool: DNS Lookup.
What is DNS?
DNS (Domain Name System) is a distributed naming system that works like the internet's phone book. When you type a website address in your browser, the DNS server translates that name into the IP address of the server your device needs to connect to. Without DNS you would have to remember the IP addresses of every site you visit.
~1 mld
domains in the world
< 100 ms
typical DNS query time
13
main root DNS servers
UDP 53
standard DNS port
How does a DNS query work?
Every time you type an address in the browser, a series of queries is triggered before your device connects to the server.
Browser
Checks the local DNS cache. If the address is cached — the response is immediate.
ISP Resolver
If there is no cache, the query goes to your internet provider's DNS server.
Root Server
The resolver asks the root DNS server for the location of the TLD server (.com, .pl etc.).
TLD Server
The TLD server refers to the name server responsible for the given domain.
Domain Name Server
Returns the specific DNS record with the IP address — the response goes back to the browser.
DNS Record Types
Each type of DNS record serves a different function. Below you will find the most popular ones.
example.com → 93.184.216.34
Points the domain to an IPv4 address. The most important DNS record — without it the site does not work.
example.com → 2606:2800:220:1::93
Like an A record, but for IPv6 addresses. Four A's from the 128-bit (4×32 bits) address.
www.example.com → example.com
An alias pointing to another domain. Often used for the www subdomain. Cannot coexist with other records for the same name.
10 mail.example.com
Points to the mail server handling emails for the domain. The number is the priority — lower means more important server.
v=spf1 include:_spf.google.com ~all
Any text assigned to the domain. Used for domain verification, SPF, DKIM and DMARC.
ns1.example-dns.com
Points to the name servers responsible for the domain's DNS zone. Usually there are at least two for redundancy.
34.216.184.93.in-addr.arpa → example.com
The reverse of an A record — translates an IP address into a domain name. Used in reverse DNS and mail server verification.
A mandatory record for every DNS zone. Contains information about the primary server, administrator email address and zone refresh parameters.
_sip._tcp.example.com 10 20 5060 sip.example.com
Points to the server and port for a specific service (e.g. VoIP, XMPP). Contains priority, weight and port number.
0 issue "letsencrypt.org"
Specifies which certificate authorities (CA) may issue SSL certificates for the domain. Increases HTTPS security.
What is TTL?
TTL (Time To Live) is the time in seconds for which a DNS record can be stored in cache by resolvers and browsers. It is crucial when making DNS configuration changes.
300
5 minutes — for planned changes
3 600
1 hour — standard setting
86 400
24 hours — stable records
Before changing DNS — lower the TTL
Before migrating a server or changing an IP address, set the TTL to 300 seconds 24-48 hours in advance. After the change you can restore a higher TTL. Otherwise the old address may be served for many hours.
DNS records and email security
Three TXT records are crucial for email authenticity and deliverability. The absence of any one of them can cause your messages to end up in spam.
SPF - Sender Policy Framework
Defines the list of servers authorized to send emails on behalf of the domain. Protects against sender spoofing.
v=spf1 include:_spf.google.com ~all
DKIM - DomainKeys Identified Mail
A cryptographic signature added to emails, allowing the recipient to verify that the message was not modified during transit.
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3...
DMARC - Domain-based Message Authentication
Combines SPF and DKIM, defining a policy for what to do with an email that fails verification. Also enables reporting.
v=DMARC1; p=quarantine; rua=mailto:[email protected]
How to check DNS records?
2 Linux / macOS - terminal
dig example.com A dig example.com MX dig example.com TXT nslookup example.com
3 Windows - command prompt
nslookup -type=MX example.com Resolve-DnsName example.com -Type A
FAQ
DNS propagation is the time needed to update records on servers around the world. It usually takes from a few minutes to 48 hours, depending on the record's TTL and infrastructure. To speed up propagation, lower the TTL to 300 seconds before making a change.
An A record points the domain directly to an IP address. CNAME is an alias — it points the domain to another domain whose IP address is then resolved. CNAME cannot be used for the root domain (apex), only for subdomains.
The most common cause is missing or incorrect configuration of SPF, DKIM or DMARC records. Check whether your domain has all three records correctly configured. You can use our DNS Lookup tool to verify them.
Reverse DNS is the reverse of the standard process — instead of translating a domain to an IP, it translates an IP address to a domain. Implemented through PTR records. Used mainly by mail servers for sender verification and in network diagnostics.
DNSSEC (DNS Security Extensions) is a DNS extension that adds cryptographic signatures to DNS records. It protects against DNS spoofing and cache poisoning attacks, where an attacker could redirect traffic to a fake server.