Technology / System Admin

DNS Records Explained (with Examples)

by David Zomaya
DNS Records Explained (with Examples) picture: A
Follow us
Published on October 19, 2020

DNS makes the internet a lot easier for humans to navigate. DNS eliminates the need for us to know specific IP addresses like If we know the more human-friendly domain name — in this case — we can access the resources we want. That general IP address to name functionality is easy to comprehend.

However, there is a lot more going on once you dive into the nuts and bolts of DNS. A big part of understanding DNS is understanding DNS records. DNS records are effectively the instructions that make nameservers work. Understanding DNS records not only helps with various IT certifications, it's also useful in day-to-day systems administration tasks. Here, we'll look at eight common DNS records and explain what they do.

Using dig for Looking Up DNS records

Domain Information Groper (dig) is part of the Internet Systems Consortium's BIND suite of tools. Bind can be installed on *nix and Windows platforms and dig is a great tool for querying and troubleshooting DNS. Because of dig's popularity and utility, we recommend getting used to it early on in your DNS studies. To help you get started, we'll use dig for our examples in the following sections.

The output in our dig queries will give us back five specific fields for each resource record (RR):

  • Name. The host name associated with the record.

  • Time-to-Live (TTL). A TTL value in seconds. This is how long a given record can be stored in cache.

  • Class. Generally, this value is IN for "Internet Protocol". While there are other values you could see here, IN is all we need to worry about for now.

  • Type. The type of DNS record. For example, DNS A records will have an "A" in this field.

  • Data. This is the specific data associated with the record. Examples of data values include IPv4 addresses (in A records), IPv6 addresses (in AAAA records), and hostnames (in CNAME records).

You'll notice that all of our command examples here have "+noall +answer" in them. This is simply to clean up output to focus on the responses (a.k.a. answers). It's possible to use a .digrc to make this happen without typing "+noall +answer" every time, but sometimes full dig output is useful.

DNS A Records

A records, also known as Address records, are one of the most important types of DNS records. DNS A records map domain names (like to IPv4 addresses. To query the A records for, we can use the command "dig +noall +answer A" Let's see what that gets us:

:~$ dig +noall +answer A         60      IN      A         60      IN      A

Reading the output we can see that there are two IP addresses ( and that there are two separate addresses that resolve to Each has a 60 second TTL, uses the Internet Protocol class, and is an A record.

DNS AAAA records

AAAA records are the IPv6 answer to A records. We can query an AAAA record for using the  "dig +noall +answer A" command.

:~$ dig +noall +answer AAAA             111     IN      AAAA    2607:f8b0:4009:816::200

In the output we see 2607:f8b0:4009:816::200 is the IPv6 address associated with

DNS CAA records

A Certification Authority Authorization (CAA) DNS record is used to specify what Certificate Authorities (CAs) are allowed to issue certificates for a given domain. Not all websites will have CAA records. We can use the command "dig +noall +answer CAA" to see what CAs are valid for Google's privacy-focused competitor.

:~$ dig +noall +answer CAA         3600    IN      CAA     0 issue ""         3600    IN      CAA     0 issue ""

In the output we can see that and are the two CAs called out. The "0" value is a flag and issue is a tag. You can learn more about this syntax in section 5 of RFC6844.

DNS CNAME records

Canonical Name records (CNAME records) maps a subdomain (e.g. to another domain name (e.g. The domain name that you map to ( in our case) is the canonical name.

In many cases, when you do a CNAME lookup, you may see that a hostname is routed to a CDN (content delivery network) or web hosting platform. For example, check out the output when we use "dig +noall +answer CNAME":

:~$ dig +noall +answer CNAME       60      IN      CNAME

A few important notes about CNAME records:

  • CNAME records never point to IP addresses, only domain names.

  • MX and NS records must NOT point to CNAME aliases. See section 10.3 of RFC2181.

  • A CNAME alias should NOT have any other resource records associated with it. For example, if you have a CNAME entry for, you should not also have an A record or a TXT record.

DNS MX records

Mail exchanger records (MX records) tell us the mail server that accepts mail for a domain. You'll notice that the domains in an MX record's data field are preceded by a number. These numbers define priority. A server with a lower priority number is used first. We can use "dig +noall +answer MX" to take a peak at the different mail servers used by

:~$ dig +noall +answer MX             202     IN      MX      20             202     IN      MX      40             202     IN      MX      10             202     IN      MX      30             202     IN      MX      50

Based on that output, is the mail server that would be used first.

DNS NS records

Name server records (NS records) are the DNS records that indicate the authoritative DNS servers for a domain. An authoritative DNS server is the server that contains a given domain's DNS actual records. With the command "dig +noall +answer NS" we can see 5 authoritative DNS servers for

:~$ dig +noall +answer NS              156447  IN      NS              156447  IN      NS              156447  IN      NS              156447  IN      NS              156447  IN      NS

DNS PTR records

A pointer record (PTR record) is the opposite of an A record. This DNS record tells you the domain name of an IP address. If you want to do a reverse lookup, a PTR record query can help. Note that we use dig with the -x switch to do reverse lookups. Using our earlier A record query for as a reference, an example PTR query to check the IP address is "dig +noall +answer -x"

:~$ dig +noall +answer -x 300  IN      PTR

It may be confusing that the PRT record doesn't come back with the input for the A record query. Instead it points to the AWS cloud. This is a good example of how DNS and networking can be more complex as you dig into things. CDNs, cloud providers, load balancers, and firewalls can all add complexity. Don't worry about this too much for now, but keep it in mind as you go.

DNS TXT records

Text records (TXT records) are used to put human or machine readable data into DNS records. One common reason to use TXT records is to verify that you own and control a given domain. For example, Google lets users verify their domain with a TXT record. Facebook offers business users a similar TXT record-based verification process. We can use dig to look up TXT records associated with using the command "dig +noall +answer TXT"

:~$ dig +noall +answer TXT              868     IN      TXT     "v=spf1"              868     IN      TXT     "edb3bff2c0d64622a9b2250438277a59"              868     IN      TXT     "facebook-domain-verification=gysqrcd69g0ej34f4jfn0huivkym1p"

In the output, we can see is one of the many domains using TXT records for Facebook domain verification.

Final Thoughts

Those are some of the most common DNS records you'll come across. At this point, you should have a solid basic understanding of DNS records. However, there is plenty more to learn when it comes to networking in general and DNS in particular. For a deeper dive on DNS in Windows environments, check out Garth Schulte's Implement Domain Name System (DNS) training.


By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.

Don't miss out!Get great content
delivered to your inbox.

By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.

Recommended Articles

Get CBT Nuggets IT training news and resources

I have read and understood the privacy policy and am able to consent to it.

© 2024 CBT Nuggets. All rights reserved.Terms | Privacy Policy | Accessibility | Sitemap | 2850 Crescent Avenue, Eugene, OR 97408 | 541-284-5522