DNS records

What are DNS records?

DNS records are instructions stored on authoritative DNS servers. They translate your domain name into IP addresses and provide essential information about your services. Each DNS record contains specific directions for handling different types of requests to your domain.

Essential DNS records are:

A record (address record)

A records are the foundation of DNS. They connect your domain name to an IPv4 address. When someone types your domain in their browser, the A record provides the IP address of your web server. Unauthorized changes to A records can redirect traffic or lead to website hijacking.

example.com.    IN    A    192.0.2.1

AAAA record (IPv6 address record)

AAAA records work like A records but for IPv6 addresses. They're essential for modern internet infrastructure and ensure your site works on IPv6 networks. Having both A and AAAA records makes your site accessible to all users.

example.com.    IN    AAAA    2001:0db8:85a3:0000:0000:8a2e:0370:7334

CNAME record (canonical name)

CNAME records create aliases pointing from one domain to another. They're useful for services like CDNs and when multiple subdomains need to point to the same destination. Changes to CNAME records can affect all dependent aliases.

www.example.com.    IN    CNAME    example.com.

MX record (mail exchange)

MX records direct email traffic to your mail servers. They include priority values for backup mail servers. Incorrect MX records can disrupt email delivery or enable email hijacking. Regular monitoring prevents unauthorized changes.

example.com.    IN    MX    10    mail.example.com.

TXT record

TXT records store text information for various purposes. Common uses include:

• SPF records for email security
• DKIM records for email authentication
• Domain ownership verification
• Service configuration

example.com.    IN    TXT    "v=spf1 ip4:192.0.2.0/24 ~all"

NS record (name server)

NS records identify your domain's authoritative name servers. They're critical because they control who can make DNS changes. Protect NS records carefully as unauthorized changes can lead to complete domain takeover.

example.com.    IN    NS    ns1.example.com.

SOA record (start of authority)

SOA records contain vital administrative information about your DNS zone. They include refresh intervals, retry times, and expiration settings. These settings affect how quickly DNS changes propagate across the internet. Every time when you make changes to any of the DNS records the serial number in the SOA record changes.

example.com.    IN    SOA    ns1.example.com. admin.example.com. (
    2024010101    ; Serial
    3600          ; Refresh
    1800          ; Retry
    604800        ; Expire
    86400 )       ; Minimum TTL

CAA record (certificate authority authorization)

CAA records control which certificate authorities can issue SSL/TLS certificates for your domain. They add an extra layer of security against unauthorized certificate issuance. Monitor CAA records to maintain control over SSL certificate management.

example.com.    IN    CAA    0 issue "letsencrypt.org"

DNSKEY record

DNSKEY records are part of DNSSEC (DNS Security Extensions) and contain public keys used to verify signed DNS records. They're critical for maintaining the security and authenticity of your DNS infrastructure. Changes to DNSKEY records can break DNSSEC validation and affect domain availability.

DNS monitoring best practices

Regular DNS monitoring protects your domain from security threats and service disruptions. Key monitoring practices include:

• Checks for unauthorized changes
• Monitoring record expiration dates
• Verifying correct configuration
• Maintaining change history

StackChanges monitors your DNS records and alerts you to changes immediately. Start protecting your DNS with a free account.