DNS records are the instructions that tell the rest of the internet how to reach your domain. There are several types, each with a specific job. This article explains what each one does and when you'd use it.
Quick reference
| Record | What it does | Common example |
|---|---|---|
| A | Points a hostname to an IPv4 address | yourdomain.com → 198.51.100.10 |
| AAAA | Points a hostname to an IPv6 address | yourdomain.com → 2001:db8::1 |
| CNAME | Points a hostname to another hostname | www → yourdomain.com |
| MX | Tells mail servers where to deliver email | yourdomain.com → mail.yourdomain.com (priority 10) |
| TXT | Plain text data — SPF, DKIM, DMARC, ownership verification | v=spf1 include:_spf.google.com ~all |
| NS | Delegates a subdomain to a different set of nameservers | sub.yourdomain.com → ns1.otherhost.com |
| SRV | Points a service to a hostname and port | _sip._tcp → sip.yourdomain.com:5060 |
| CAA | Restricts which certificate authorities can issue SSL certs for your domain | 0 issue "letsencrypt.org" |
| PTR | Reverse DNS — maps an IP to a hostname. Managed at the IP provider, not your registrar. | 198.51.100.10 → yourdomain.com |
A — address record
The most common record type. An A record maps a hostname to an IPv4 address. When a browser looks up yourdomain.com, an A record is what returns the IP address the browser connects to.
- Name: the hostname (
yourdomain.com, orwww, orshop, etc.) - Value: an IPv4 address like
198.51.100.10 - TTL: how long other DNS servers can cache this record (in seconds; 14400 = 4 hours is typical)
AAAA — IPv6 address record
Identical to an A record, but for IPv6 addresses. Pronounced "quad-A." You only need these if you're serving IPv6 traffic — many sites only use A records and it works fine. Our servers provide both.
CNAME — alias
A CNAME points one hostname at another hostname, rather than directly at an IP. It's commonly used to alias www to the main domain:
www.yourdomain.com CNAME yourdomain.comWhen a CNAME is resolved, the DNS system follows the chain until it finds an A record at the destination.
yourdomain.com itself) — only on subdomains. Use an A record for the root instead.MX — mail exchange
MX records tell other mail servers where to deliver email addressed to your domain. They have two parts:
- Priority — a number. Lower = higher priority. Mail servers try the lowest-priority record first.
- Hostname — the mail server to deliver to (not an IP address).
A typical MX record for a domain using external mail:
yourdomain.com MX 10 smtp.google.comThis says: "mail for yourdomain.com should be delivered to smtp.google.com." If you host email with us, cPanel sets this up automatically, pointing at mail.yourdomain.com. If you use Google Workspace, Microsoft 365, or another email provider, you'll replace our MX record with theirs — see Set up Google Workspace MX records or Set up Microsoft 365 MX records.
TXT — text record
TXT records hold arbitrary text data. They have dozens of uses, but the most common are:
- SPF — lists servers authorized to send email as your domain. Value starts with
v=spf1. - DKIM — a cryptographic public key used to verify outgoing email signatures. Name usually looks like
default._domainkey. - DMARC — email authentication policy. Name is always
_dmarc, value starts withv=DMARC1. - Domain verification — services like Google Workspace, Microsoft 365, Mailchimp, and Facebook ask you to add a TXT record to prove you own the domain. Typically looks like
google-site-verification=abc123....
See Set up SPF, DKIM, and DMARC for email authentication, and Verify your domain with a TXT record for third-party verifications.
NS — nameserver delegation
NS records say "the authority for this name lives over there." Most people never touch them directly — the NS records for your domain itself are set through your registrar (see How do I change my nameservers?).
The one case where you'd add an NS record inside your zone is to delegate a subdomain to different nameservers — for example, if you want api.yourdomain.com to be managed by a third-party service like AWS Route 53 or a separate DNS provider, while the main domain stays with us.
SRV — service record
SRV records point a specific service (like SIP, XMPP, or Minecraft) to a hostname and port. The most common use case for regular clients is Microsoft Teams / SIP phone systems and some game servers. Most users will never need to create one directly — services that require SRV records will tell you exactly what to enter.
CAA — certification authority authorization
A CAA record lists which certificate authorities are allowed to issue SSL certificates for your domain. It's a security feature: if someone tries to obtain a fraudulent certificate for your domain from a CA that isn't on the list, the CA refuses.
Our AutoSSL uses Let's Encrypt. If you have a CAA record on your domain, make sure it allows Let's Encrypt, or SSL issuance will fail:
yourdomain.com CAA 0 issue "letsencrypt.org"If you don't have any CAA records at all, every CA is implicitly allowed, and you don't need to worry about it.
PTR — reverse DNS
PTR records map an IP address back to a hostname — the inverse of an A record. These are not set in your domain's DNS zone; they're set at whoever controls the IP address (usually your hosting provider or ISP). For our shared hosting, the reverse DNS is already set correctly. For VPS and dedicated servers, you can request custom reverse DNS by opening a ticket.
TTL — how long caching lasts
Every DNS record has a Time To Live value (in seconds). It tells other DNS servers how long they can cache this record before asking again. Common values:
300(5 min) — for records you're actively changing3600(1 hour)14400(4 hours) — typical default86400(24 hours) — for records that almost never change
A shorter TTL means faster propagation when you change a record; a longer TTL means better caching and less DNS lookup overhead. When you're planning a migration, it's common to lower the TTL to 300 the day before, so the actual switchover is faster.
Related articles
- How do I manage DNS entries?
- Set up SPF, DKIM, and DMARC for your domain
- DNS propagation — what it is and how to check it
Still stuck? Open a support ticket
