How to Set Up DNS Records for Your Domain (A, CNAME, MX, etc.)

Setting up DNS records correctly is fundamental to getting your website online, configuring email, and ensuring your domain works exactly as intended. While DNS might seem technical at first, understanding the basic record types and how to configure them gives you complete control over how your domain functions.

In this comprehensive guide, we'll explain every major DNS record type, show you exactly how to set them up, and provide real-world examples that make DNS configuration straightforward and manageable.

What Are DNS Records?

DNS records are instructions stored in your domain's DNS zone file that tell the internet how to handle requests for your domain. When someone types your domain name into their browser, DNS records direct that request to the correct destination—whether that's a web server, email server, or another service.

Why DNS Records Matter:

• They connect your domain name to your web hosting
• They route email to the correct mail servers
• They verify domain ownership for services
• They implement security features like SPF and DKIM
• They enable subdomains and service-specific routing
• They control how quickly DNS changes propagate

DNS Records Are Stored: Each domain has a DNS zone file maintained by your DNS hosting provider (often your domain registrar, but not always). This zone file contains all your DNS records in a standardized format that DNS servers worldwide can read and interpret.

Essential DNS Record Types

Let's explore the most common DNS record types you'll encounter and use.

1. A Record (Address Record)

What It Does: An A record maps a hostname to an IPv4 address. This is probably the most fundamental DNS record type—it literally tells the internet "when someone visits example.com, send them to this IP address."

Common Uses:

• Pointing your main domain to your web server: example.com → 192.0.2.1
• Pointing www to your web server: www.example.com → 192.0.2.1
• Creating subdomains: blog.example.com → 192.0.2.2

How to Set It Up:

Record Type: A
Host/Name: @ (for main domain) or www or subdomain
Value/Points To: 192.0.2.1
TTL: 3600 (1 hour) or Auto

Real-World Example: If your web hosting provider gives you an IP address like 198.51.100.50, you'd create two A records:

@ → 198.51.100.50
www → 198.51.100.50

This ensures both example.com and www.example.com point to your website.

Important Note: Some providers require you to use @ for the root domain, while others use example.com or leave it blank. Check your DNS provider's documentation.

2. AAAA Record (IPv6 Address Record)

What It Does: AAAA records work exactly like A records but for IPv6 addresses instead of IPv4. As the internet transitions to IPv6, these records are becoming increasingly important.

Example IPv6 Address: 2001:0db8:85a3:0000:0000:8a2e:0370:7334

When to Use It: If your web hosting supports IPv6, add AAAA records alongside your A records to ensure visitors using IPv6 can reach your site.

3. CNAME Record (Canonical Name Record)

What It Does: A CNAME record makes one domain or subdomain an alias for another domain. Instead of pointing directly to an IP address, it points to another domain name that then resolves to an IP.

Common Uses:

• Making www an alias of your main domain
• Pointing subdomains to external services
• Creating branded URLs for third-party services

How to Set It Up:

Record Type: CNAME
Host/Name: www (or any subdomain)
Value/Points To: example.com (or external service domain)
TTL: 3600 or Auto

Real-World Examples:

Example 1 - WWW Subdomain:

www → example.com

This makes www.example.com automatically point to wherever example.com points.

Example 2 - External Services:

shop → mystore.shopify.com
calendar → ghs.google.com
help → support.zendesk.com

Critical Limitation: You cannot create a CNAME record for your root domain (@). This is because the root domain needs other records like MX records for email, and CNAME cannot coexist with other record types. Always use an A record for the root domain.

4. MX Record (Mail Exchange Record)

What It Does: MX records tell the internet where to deliver email for your domain. When someone sends an email to [email protected], DNS checks the MX record to find the mail server that handles your domain's email.

How to Set It Up:

Record Type: MX
Host/Name: @ (for main domain)
Priority: 10 (lower number = higher priority)
Value/Points To: mail.example.com or external mail server
TTL: 3600 or Auto

Real-World Examples:

Example 1 - Google Workspace:

Priority 1: aspmx.l.google.com
Priority 5: alt1.aspmx.l.google.com
Priority 5: alt2.aspmx.l.google.com
Priority 10: alt3.aspmx.l.google.com
Priority 10: alt4.aspmx.l.google.com

Example 2 - Microsoft 365:

Priority 0: yourdomain-com.mail.protection.outlook.com

Understanding Priority: Lower numbers indicate higher priority. If the primary server (priority 10) is unavailable, email tries the backup servers (priority 20, 30, etc.).

Multiple MX Records: Most email providers require multiple MX records for redundancy. Always configure all the MX records your email provider specifies.

5. TXT Record (Text Record)

What It Does: TXT records store text information about your domain. While originally designed for human-readable notes, TXT records now serve critical functions for email authentication, domain verification, and security.

Common Uses:

• Email authentication (SPF, DKIM, DMARC)
• Domain ownership verification
• Site verification for services
• Security policies

How to Set It Up:

Record Type: TXT
Host/Name: @ or specific subdomain
Value: "text string in quotes"
TTL: 3600 or Auto

Real-World Examples:

Example 1 - Google Site Verification:

@ → "google-site-verification=abc123xyz456"

Example 2 - SPF Record:

@ → "v=spf1 include:_spf.google.com ~all"

6. SPF Record (Sender Policy Framework)

What It Does: SPF records prevent email spoofing by specifying which mail servers are authorized to send email on behalf of your domain. This helps receiving servers determine if incoming email from your domain is legitimate.

How to Set It Up:

Record Type: TXT
Host/Name: @
Value: "v=spf1 include:_spf.google.com ~all"
TTL: 3600

SPF Syntax Explained:

• v=spf1 - Version identifier (always required)
• include:_spf.google.com - Authorize Google's servers
• ~all - Soft fail for all others (recommended)
• -all - Hard fail (reject all unauthorized)
• +all - Allow all (never use this!)

Real-World Examples:

Example 1 - Google Workspace Only:

"v=spf1 include:_spf.google.com ~all"

Example 2 - Multiple Email Services:

"v=spf1 include:_spf.google.com include:spf.protection.outlook.com ~all"

Example 3 - Including Your Web Host:

"v=spf1 include:_spf.google.com include:relay.mailchannels.net ~all"

Critical SPF Rules:

• You can only have ONE SPF record per domain
• If you already have an SPF record, modify it rather than creating a new one
• SPF has a 10 DNS lookup limit—exceeding this breaks SPF
• Always end with ~all or -all, never +all

7. DKIM Record (DomainKeys Identified Mail)

What It Does: DKIM adds a digital signature to your outgoing emails, allowing receiving servers to verify the email actually came from your domain and hasn't been tampered with in transit.

How to Set It Up:

Record Type: TXT
Host/Name: selector._domainkey (e.g., google._domainkey)
Value: "v=DKIM1; k=rsa; p=MIGfMA0GCS..." (long public key)
TTL: 3600

Real-World Example - Google Workspace:

Your email provider generates a DKIM key pair. For Google Workspace, you might receive:

Host: google._domainkey
Value: "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC..."

DKIM Key Points:

• DKIM records live at a subdomain (the "selector")
• Your email provider generates the keys for you
• The value is a very long cryptographic public key
• Different services use different selectors (google, s1, default, etc.)

8. DMARC Record (Domain-based Message Authentication)

What It Does: DMARC builds on SPF and DKIM to tell receiving servers what to do with emails that fail authentication checks. It also provides reporting so you can monitor email authentication for your domain.

How to Set It Up:

Record Type: TXT
Host/Name: _dmarc
Value: "v=DMARC1; p=quarantine; rua=mailto:[email protected]"
TTL: 3600

DMARC Policy Options:

• p=none - Monitor only (collect reports but don't reject)
• p=quarantine - Send suspicious emails to spam
• p=reject - Reject emails that fail authentication

Real-World Example:

"v=DMARC1; p=quarantine; pct=100; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1"

DMARC Parameters Explained:

• v=DMARC1 - Version
• p=quarantine - Policy for failed emails
• pct=100 - Apply to 100% of messages
• rua= - Aggregate reports email address
• ruf= - Forensic failure reports email address
• fo=1 - Generate failure reports

Implementation Recommendation: Start with p=none to monitor, then gradually increase to p=quarantine and finally p=reject once you're confident everything is configured correctly.

9. NS Record (Nameserver Record)

What It Does: NS records specify which nameservers are authoritative for your domain. These records tell the internet where to look up all your other DNS records.

When You'll Use It:

• Pointing your domain to custom nameservers
• Delegating subdomains to different DNS providers
• Using third-party DNS services

Real-World Example:

@ → ns1.dreamhost.com
@ → ns2.dreamhost.com
@ → ns3.dreamhost.com

Important: NS records are usually managed at your domain registrar, not within your DNS zone file. When you change nameservers, you're essentially telling your domain to use a different DNS provider.

10. CAA Record (Certification Authority Authorization)

What It Does: CAA records specify which Certificate Authorities (CAs) are allowed to issue SSL certificates for your domain. This adds an extra security layer preventing unauthorized certificate issuance.

How to Set It Up:

Record Type: CAA
Host/Name: @
Flags: 0
Tag: issue
Value: letsencrypt.org

Real-World Example:

0 issue "letsencrypt.org"
0 issuewild "letsencrypt.org"
0 iodef "mailto:[email protected]"

CAA Tags:

• issue - Authorize CA to issue certificates
• issuewild - Authorize wildcard certificates
• iodef - Email for violation reports

Step-by-Step: Setting Up DNS Records

Let's walk through the complete process of setting up DNS records for a new domain.

Step 1: Access Your DNS Management Panel

Option A - DNS Managed by Registrar: If you're using your domain registrar's nameservers:

1. Log in to your domain registrar account
2. Find your domain in the domain list
3. Look for "DNS Management," "DNS Settings," or "Manage DNS"
4. Click to open the DNS zone editor

Option B - DNS Managed by Hosting Provider: If you've pointed your nameservers to your web hosting:

1. Log in to your web hosting control panel
2. Find "DNS Zone Editor" or similar
3. Select your domain
4. Access the DNS record editor

Option C - Third-Party DNS Service: If you're using Cloudflare, Route 53, or another DNS service:

1. Log in to the DNS service
2. Select your domain
3. Access DNS record management

Step 2: Configure A Records for Your Website

Create A records pointing to your web server's IP address:

Record Type: A
Host: @
Points To: [Your server IP, e.g., 198.51.100.50]
TTL: Auto or 3600

Record Type: A
Host: www
Points To: [Same IP address]
TTL: Auto or 3600

Alternative - CNAME for WWW:

Record Type: CNAME
Host: www
Points To: @
TTL: Auto or 3600

Step 3: Configure MX Records for Email

If using Google Workspace:

Priority 1: aspmx.l.google.com
Priority 5: alt1.aspmx.l.google.com
Priority 5: alt2.aspmx.l.google.com
Priority 10: alt3.aspmx.l.google.com
Priority 10: alt4.aspmx.l.google.com

Delete any existing MX records before adding new ones to avoid conflicts.

Step 4: Configure Email Authentication

SPF Record:

Record Type: TXT
Host: @
Value: "v=spf1 include:_spf.google.com ~all"
TTL: 3600

DKIM Record: Get this from your email provider (Google Workspace, Microsoft 365, etc.):

Record Type: TXT
Host: google._domainkey
Value: [Long key provided by Google]
TTL: 3600

DMARC Record:

Record Type: TXT
Host: _dmarc
Value: "v=DMARC1; p=none; rua=mailto:[email protected]"
TTL: 3600

Step 5: Verify Your Configuration

After setting up DNS records, verify they're working:

DNS Lookup Tools:

• Google Admin Toolbox: https://toolbox.googleapps.com/apps/dig/
• MXToolbox: https://mxtoolbox.com/
• WhatsMyDNS: https://www.whatsmydns.net/
• DNSChecker: https://dnschecker.org/

What to Check:

• A records resolve to correct IP
• MX records return expected mail servers
• SPF, DKIM, and DMARC records are present
• No conflicting or duplicate records exist

Common DNS Record Mistakes

Avoid these frequent errors when configuring DNS:

Mistake 1: Using CNAME for Root Domain

Wrong:

@ (root) → CNAME → example.hosting.com

Right:

@ (root) → A record → 198.51.100.50

The root domain cannot be a CNAME because it needs other record types like MX records.

Mistake 2: Multiple SPF Records

Wrong:

TXT: "v=spf1 include:_spf.google.com ~all"
TXT: "v=spf1 include:spf.protection.outlook.com ~all"

Right:

TXT: "v=spf1 include:_spf.google.com include:spf.protection.outlook.com ~all"

Only one SPF record is allowed. Combine all authorized senders into a single record.

Mistake 3: Forgetting TTL Impact

Setting very long TTL values (like 86400 = 24 hours) means DNS changes take much longer to propagate. Before making DNS changes, lower your TTL to 300-600 seconds a day in advance, then raise it back after changes propagate.

Mistake 4: Not Removing Old Records

When migrating email from one provider to another, delete the old MX records completely. Having MX records pointing to multiple providers splits your incoming email unpredictably.

Mistake 5: Copy-Paste Errors

DNS records are unforgiving. A single extra space, missing quote mark, or typo breaks the record. Triple-check every character, especially in long records like DKIM keys.

DNS Records for Popular Services

Here are DNS configurations for common scenarios:

Google Workspace

MX Records:

1  aspmx.l.google.com
5  alt1.aspmx.l.google.com
5  alt2.aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com

SPF:

"v=spf1 include:_spf.google.com ~all"

DKIM: Provided in Google Admin console under Apps → Google Workspace → Gmail → Authenticate email

Microsoft 365

MX Record:

0 yourdomain-com.mail.protection.outlook.com

SPF:

"v=spf1 include:spf.protection.outlook.com ~all"

CNAME Records:

autodiscover → autodiscover.outlook.com

Cloudflare (Proxy)

A Records:

@ → [Your origin server IP]
www → [Your origin server IP]

Enable the orange cloud icon to proxy traffic through Cloudflare's CDN.

Advanced DNS Configuration

Once you've mastered the basics, consider these advanced techniques.

Split DNS (Different Services, Same Domain)

You can host different services on different providers:

@ → A record → 198.51.100.50 (main website)
www → A record → 198.51.100.50 (main website)
blog → CNAME → myblog.ghost.io (Ghost blog)
shop → CNAME → mystore.shopify.com (Shopify store)
MX records → Google Workspace (email)

Subdomain Delegation

Delegate a subdomain to different nameservers:

NS records for api.example.com:
api → ns1.aws.com
api → ns2.aws.com

This allows you to manage api.example.com's DNS separately from your main domain.

Geographic DNS Routing

Some DNS providers (like Route 53 or Cloudflare) offer geographic routing, returning different IP addresses based on the visitor's location for improved performance.

DNS Propagation and TTL

After making DNS changes, they don't take effect instantly worldwide.

DNS Propagation Time:

• Typically 1-48 hours for complete global propagation
• Cloudflare DNS updates propagate in under 5 minutes
• Changes to TTL-controlled records propagate after the old TTL expires

TTL (Time To Live): TTL specifies how long DNS records should be cached. Lower TTL = faster propagation but more DNS queries. Higher TTL = slower changes but better performance.

Recommended TTL Values:

• Standard operation: 3600 seconds (1 hour)
• Before changes: 300 seconds (5 minutes)
• After changes stabilize: 3600-86400 seconds

Pre-Change Strategy:

1. Lower TTL to 300 seconds
2. Wait for old TTL to expire (e.g., 24 hours if TTL was 86400)
3. Make DNS changes
4. Verify changes propagated
5. Raise TTL back to 3600+

Choosing a DNS Provider

While your domain registrar provides DNS by default, you might consider dedicated DNS services for better performance, features, or reliability.

Popular DNS Providers:

Cloudflare (Free + Paid):

• Extremely fast global network
• Free tier includes DDoS protection
• Advanced features on paid plans
• Web Application Firewall integration

Amazon Route 53:

• Enterprise-grade reliability
• Advanced routing policies
• Integrates with AWS services
• Pay-per-use pricing

Google Cloud DNS:

• Highly reliable and fast
• Integrates with Google Cloud Platform
• Affordable pricing
• Anycast network

Your Registrar's DNS: Most registrars offer perfectly adequate DNS hosting. Unless you need advanced features or have performance concerns, using your registrar's DNS is completely fine.

Getting Started with DNS

If you're setting up a new domain, follow this workflow:

1. Register your domain - Use Namr to find and register the perfect domain name
2. Choose hosting - Select web hosting like DreamHost Web Hostingg](/go/dreamhost-web-hosting) for your website files
3. Get your server IP - Your hosting provider provides this
4. Configure A records - Point your domain to your server
5. Set up email - Configure MX records for your email provider
6. Add authentication - Configure SPF, DKIM, and DMARC records
7. Verify everything - Use DNS lookup tools to confirm
8. Wait for propagation - Allow 24-48 hours for worldwide propagation

Conclusion

DNS records are the foundation of how your domain functions on the internet. While the terminology might feel technical initially, understanding A records, CNAME records, MX records, and email authentication records gives you complete control over your domain's configuration.

Start with the basics—A records for your website and MX records for email—then expand to more advanced configurations as needed. Use the examples in this guide as templates, verify your configuration with DNS lookup tools, and don't hesitate to reach out to your hosting provider's support team if you get stuck.

Ready to register your domain and start configuring DNS? Use Namr to find the perfect domain name, then follow this guide to set up your DNS records like a pro. With proper DNS configuration, your website, email, and services will work flawlessly together.