DNS Record Types
Also Known As
A record
CNAME
MX record
TXT record
DNS records
TL;DR
DNS records map domain names to various targets — A (IPv4), AAAA (IPv6), CNAME (alias), MX (mail), TXT (verification/SPF), SRV (services), and NS (nameservers).
Explanation
Key record types: A (domain → IPv4 address), AAAA (domain → IPv6 address), CNAME (alias → another domain name, cannot coexist with other records at apex), MX (mail server + priority), TXT (arbitrary text — SPF, DKIM, domain verification), SRV (service location with port and protocol), NS (authoritative nameservers), SOA (zone authority), CAA (which CAs may issue certificates). ALIAS/ANAME records (provider-specific) solve the CNAME-at-apex limitation for load balancers. TTL controls caching duration.
Diagram
flowchart TD
DOMAIN[example.com] --> TYPES{DNS Record Types}
TYPES -->|A| A_REC[A Record<br/>domain to IPv4<br/>93.184.216.34]
TYPES -->|AAAA| AAAA_REC[AAAA Record<br/>domain to IPv6]
TYPES -->|CNAME| CNAME_REC[CNAME<br/>alias to another domain<br/>NOT at apex]
TYPES -->|MX| MX_REC[MX Record<br/>mail server + priority]
TYPES -->|TXT| TXT_REC[TXT Record<br/>SPF DKIM verification]
TYPES -->|NS| NS_REC[NS Record<br/>authoritative nameservers]
subgraph Common_Mistakes
APEX[CNAME at apex invalid<br/>use ALIAS or A record]
MX_C[MX pointing to CNAME<br/>RFC violation]
end
style A_REC fill:#238636,color:#fff
style MX_REC fill:#1f6feb,color:#fff
style TXT_REC fill:#d29922,color:#fff
style APEX fill:#f85149,color:#fff
Common Misconception
✗ A CNAME at the domain apex (@) is valid — CNAME records cannot coexist with other records (SOA, NS) at the apex; use ALIAS/ANAME records or A records pointing to the load balancer IP.
Why It Matters
Wrong DNS record types cause email delivery failures (wrong MX), broken root domain pointing (CNAME at apex), and missing certificate validation (CAA); understanding types prevents common deployment mistakes.
Common Mistakes
- CNAME at the apex — use ALIAS/ANAME or A records for the root domain.
- MX record pointing to a CNAME — MX must point directly to an A record, not a CNAME.
- Forgetting CAA records — without CAA, any CA can issue certificates for your domain.
- TTL too high before a planned change — set TTL to 300 (5 min) days before the change, not minutes before.
Code Examples
✗ Vulnerable
# Invalid CNAME at apex — breaks entire domain:
example.com. IN CNAME myapp.elb.amazonaws.com.
# This is invalid — CNAME at apex prevents SOA and NS records
# Result: entire domain stops resolving
# MX pointing to CNAME — RFC violation:
example.com. IN MX 10 mail.example.com.
mail.example.com. IN CNAME alias.mailprovider.com. # Invalid!
✓ Fixed
# Correct record usage:
# Apex: use A record or ALIAS (Route 53):
example.com. IN ALIAS myapp.elb.amazonaws.com. # Route 53 ALIAS
# Subdomain: CNAME is fine:
www.example.com. IN CNAME myapp.elb.amazonaws.com.
# MX with direct A record:
example.com. IN MX 10 mail.sendgrid.net. # Points directly, no CNAME chain
# TXT for SPF + domain verification:
example.com. IN TXT 'v=spf1 include:sendgrid.net ~all'
example.com. IN TXT 'google-site-verification=abc123'Tags
🤝 Adopt this term
£79/year · your link shown here
Added
15 Mar 2026
Edited
22 Mar 2026
Views
22
🤖 AI Guestbook educational data only
|
|
Last 30 days
Agents 0
No pings yet today
No pings yesterday
Amazonbot 8
Perplexity 3
Ahrefs 2
ChatGPT 1
Unknown AI 1
Google 1
SEMrush 1
Also referenced
How they use it
crawler 17
Related categories
⚡
DEV INTEL
Tools & Severity
🟡 Medium
⚙ Fix effort: Low
⚡ Quick Fix
Add CAA records to restrict which CAs can issue certificates for your domain; add SPF, DKIM, DMARC records for email authentication to prevent spoofing
📦 Applies To
any
web
🔍 Detection Hints
Domain without CAA record; no SPF DKIM DMARC records; missing AAAA record for IPv6; PHP app sending email without proper SPF alignment
Auto-detectable:
✓ Yes
dig
dnschecker
mxtoolbox
mail-tester
⚠ Related Problems
🤖 AI Agent
Confidence: Low
False Positives: High
✗ Manual fix
Fix: Medium
Context: File