DNS Record Types Explained (A, AAAA, CNAME, MX, TXT, SPF)

DNS has dozens of record types and a confusing notation. This reference lists every commonly-used record type with its format, an example, and what you actually use it for. Search by name (spf), use case (mail), or just browse.

How to use the DNS Record Types Explained (A, AAAA, CNAME, MX, TXT, SPF)

Type any keyword — record type abbreviation (A, MX, TXT), full name (Sender Policy Framework), or general topic (mail, ipv6, email auth). The reference cards filter live.

About DNS Record Types Explained (A, AAAA, CNAME, MX, TXT, SPF)

DNS records are the entries in zone files that map names to values. Each record has a type (A, MX, CNAME, etc.), a name (the subdomain), a TTL (cache lifetime), and a value (the data, format depending on type).

The most-used types:

  • A / AAAA — map a name to an IPv4 / IPv6 address. The foundation of every domain.
  • CNAME — alias one name to another name. Common for www.example.comexample.com.
  • MX — Mail eXchanger. Routes email for the domain. Includes a priority value (lower = preferred).
  • TXT — Arbitrary text. Used for SPF, DKIM, DMARC, domain verification (Google / Microsoft), and ad-hoc metadata.
  • NS — Name Servers authoritative for the zone.
  • SOA — Start Of Authority. Zone metadata: primary NS, contact email, serial, TTLs.
  • CAA — Certificate Authority Authorization. Restricts which CAs can issue certs for this domain (security).
  • SRV — Service location. Used by SIP, XMPP, LDAP, Kerberos to advertise service endpoints.
  • PTR — Reverse DNS. IP → name. Important for mail server reputation.

SPF, DKIM, and DMARC all live in TXT records but enforce different things: SPF says "these IPs may send mail as @example.com", DKIM signs outgoing messages with a key published in DNS, DMARC tells receivers what to do when SPF/DKIM fail.

Common use cases

  • Setting up email for a new domain — MX + SPF + DKIM + DMARC, plus PTR coordination with the ISP.
  • Adding HTTPS to a domain — Often need CAA records to restrict cert issuers.
  • Migrating to a new host — knowing which records need updating and which can stay.
  • Debugging email deliverability — confirming SPF / DKIM / DMARC are set correctly.
  • SaaS verification — adding a TXT record to prove domain ownership to Google Workspace, Microsoft 365, etc.