Internet Module 3

3.4 DNS Records

In the previous section, we learned how DNS finds a website.

  1. A device asks for DNS help.
  2. A DNS resolver follows the path through the DNS system.
  3. The resolver eventually reaches the authoritative name server for the domain.
  4. The authoritative name server then provides the DNS information that is needed.
  5. That information is stored in DNS records.
  6. A DNS record is an instruction connected to a domain name.

DNS records tell Internet systems how to handle websites, email, verification, security settings, and other services connected to a domain.

Why DNS Records Matter

A domain name by itself is not enough. A domain needs records that explain what should happen when someone tries to use it. For example, DNS records can answer questions like:

  • Where should the website load from?
  • Which server handles email for this domain?
  • Which servers are allowed to send email for this domain?
  • Which name servers are responsible for this domain?
  • Has the domain owner published security or verification information?

Without DNS records, a domain name would be like a label with no directions attached. People might know the name, but computers would not know what to do with it.

A Records

An A record connects a domain name to an IPv4 address.

IPv4 is the older and still widely used Internet address system. An IPv4 address looks like four groups of numbers separated by dots.

For example:

192.0.2.10

If a domain has an A record, that record can tell a browser which IPv4 address to connect to.

For example:

example.com → 192.0.2.10

This means that when someone visits example.com, DNS can point the browser toward that IPv4 address.

A records are one of the most common DNS record types.

AAAA Records

An AAAA record connects a domain name to an IPv6 address.

IPv6 is a newer address system created to support the massive number of devices connected to the Internet. An IPv6 address is longer than an IPv4 address and uses numbers and letters.

For example:

2001:db8::10

The name AAAA is pronounced “quad A.” An AAAA record works like an A record, but for IPv6.

For example:

example.com → 2001:db8::10

Many modern websites use both A records and AAAA records so they can support both IPv4 and IPv6 connections

CNAME Records

A CNAME record creates an alias.

CNAME stands for Canonical Name.

A CNAME record lets one domain name point to another domain name.

For example:

www.example.com → example.com

This means that www.example.com can act as an alias for example.com.

CNAME records are often used for subdomains.

For example, a company might point:

shop.example.com

to an online store platform.

Or it might point:

blog.example.com

to a blogging service.

Instead of pointing directly to an IP address, the CNAME points to another name. That other name then has its own DNS records.

MX Records

An MX record tells the Internet which mail servers handle email for a domain.

MX stands for Mail Exchange.

If someone sends an email to:

hello@example.com

the sending mail system needs to know where to deliver that message.

MX records help answer that question.

A domain can have more than one MX record. Each MX record usually has a priority number. The priority number helps mail systems know which mail server to try first.

For example, a domain might use one primary mail server and another backup mail server. MX records are essential for domain-based email.

TXT Records

A TXT record stores text information connected to a domain.

At first, that may sound vague, but TXT records are very useful.

TXT records are often used for verification and security. For example, a website owner may use a TXT record to prove they control a domain. A company may also use TXT records to help protect email from spoofing.

Email security systems such as SPF, DKIM, and DMARC often involve TXT records.

  • SPF can help identify which mail servers are allowed to send email for a domain.
  • DKIM can help verify that an email was authorized by the domain and was not changed in transit.
  • DMARC can tell receiving mail systems what to do when email fails certain checks.

These email security topics will be covered more later. For now the important thing to know is that TXT records often help prove ownership, verify services, and support email security.

NS Records

An NS record identifies the name servers for a domain.

NS stands for Name Server.

Name servers are responsible for answering DNS questions about a domain. For example, if a domain uses a certain hosting provider or DNS provider, its NS records may point to that provider’s name servers.

NS records help show which servers are authoritative for the domain. This matters because DNS needs to know where the official records are stored.

CAA Records

A CAA record is used for certificate authority authorization.

CAA stands for Certification Authority Authorization.

This record helps specify which certificate authorities are allowed to issue SSL/TLS certificates for a domain.

SSL/TLS certificates are used for HTTPS. For example, a domain owner may publish a CAA record saying that only certain certificate authorities are allowed to issue certificates for that domain.

CAA records help reduce the risk of unauthorized certificate issuance.

They do not make a website safe by themselves, but they add another layer of control.

SRV Records

An SRV record provides information about specific services connected to a domain.

SRV stands for Service.

SRV records can tell systems where to find certain services and which port to use.

They are often used for communication tools, directory services, and other network services.

For example, a service may need to know not only a server name, but also the correct port and priority.

SRV records are less visible to everyday users, but they are useful in many technical environments.

PTR Records

A PTR record is used for reverse DNS lookup.

Most DNS lookups begin with a name and try to find an address.

A reverse DNS lookup does the opposite. It starts with an IP address and tries to find the domain name connected to it.

PTR records are often used in email systems, logging, security investigations, and network administration. For example, a mail server may check reverse DNS as part of deciding whether an email source looks legitimate.

PTR records are usually managed by whoever controls the IP address, such as an Internet service provider, hosting company, or cloud provider.

HTTPS and SVCB Records

Some newer DNS record types help devices learn more about how to connect to a service.

Two related examples are SVCB records and HTTPS records.

SVCB stands for Service Binding.

An SVCB record is a general record type that can provide connection information for a service. Instead of only saying, “Go to this address,” it can help describe how a client should connect to a service.

An HTTPS record is a specialized version of this idea for websites.

Despite the name, an HTTPS record is not the same thing as HTTPS itself.

HTTPS is the secure web protocol used to protect the connection between a browser and a website.

An HTTPS DNS record is a DNS record that can help browsers learn useful connection details for a website.

For example, HTTPS records can help a browser learn whether a website supports certain modern connection options. This can make some connections faster or more efficient because the browser may need fewer extra steps to discover how the site should be reached.

For now, the most important distinction is this:

HTTPS is the secure connection protocol. An HTTPS record is a DNS record that can help provide connection details for websites.

SVCB is the broader record type.

HTTPS records are a website-specific form of SVCB.

Most website owners will not need to manage these records manually, especially if they use a hosting provider, DNS provider, or CDN that handles them automatically.

They are worth mentioning because they show that DNS is still evolving. DNS is not only an old system that points names to IP addresses. It is also being updated to support modern performance, privacy, and connection needs.

DNS Records and Subdomains

DNS records can apply to the main domain or to subdomains.

For example:

example.com

www.example.com

mail.example.com

shop.example.com

support.example.com

Each of these names can have its own DNS records. This allows one domain to support many different services.

For example:

example.com may point to the main website.

www.example.com may point to the same website.

mail.example.com may be used for email-related services.

shop.example.com may point to an online store.

support.example.com may point to a help desk platform.

Subdomains help organize services under the same main domain name.

DNS Records and TTL

DNS records usually include a TTL.

TTL stands for Time To Live.

TTL tells systems how long they should keep a DNS answer before checking again for updated information.

A shorter TTL means changes may be noticed sooner. A longer TTL means records may be cached for a longer time.

TTL matters when changing website hosts, email providers, or important domain settings.

If the old DNS information is still cached, some users may continue reaching the old destination until the cached record expires. This is why DNS changes can appear gradually rather than instantly.

DNS Records and Security

DNS records are powerful because they control how a domain works.

That also means mistakes can cause serious problems.

  • A wrong A record can send a website to the wrong server.
  • A wrong MX record can break email delivery.
  • A missing TXT record can cause email verification problems.
  • A weak or incorrect SPF, DKIM, or DMARC setup can make email spoofing easier.
  • A misconfigured CNAME can point users to an abandoned or unsafe service.

Domain and DNS settings should therefore be protected carefully. Someone who gains access to a domain’s DNS settings may be able to redirect websites, interfere with email, or weaken security controls.

DNS records are not just technical details. They are part of the security and identity of a domain.

Why This Matters

DNS records are the instructions behind a domain name. They tell Internet systems where websites live, where email should go, which servers are responsible for the domain, and what verification or security information has been published.

A domain name is what people remember.

DNS is the system that helps find the information.

DNS records are the specific instructions the system uses.

Understanding DNS records prepares you to understand web hosting, email delivery, HTTPS, domain security, phishing, spoofing, cloud services, and cybersecurity investigations.

 In the next section, we will look at web hosting and web servers. DNS records can point a browser toward the right destination, but web hosting is where the website actually lives and responds.