The Domain Name System (DNS) essentially provides a phone directory for the Internet. You might want to type in apple.com to your web browser to buy iPhone accessories, but how will your request reach Apple’s web server at IP address 184.108.40.206? That’s what the domain name record system does for us.
If you’re a small business owner or WordPress blogger, you’ve probably been told to configure your A and CNAME records. Or, that time you tried to move your email, you were told to change your MX record. Or, a cool web service asked you to set up a TXT record before it would work with you. What’s all this for, and why is it so confusing?
Learning About DNS Record Types
When you bought your domain name, your registrar probably configured default DNS records for you and provided the Name Servers (NS) for them. You need to have a Name Server (which are often mirrored in pairs and triplets for redundancy, e.g. ns1.yourregistrarserver.com, ns2.yourregistrarserver.com) to tell the Internet’s DNS directory the numeric IP addresses of your web servers and services.
Here’s an example of my NS records for my website, JeffReifman.com:
All the settings we’ll describe below will be configured by you at your NS host and published by their server for the Internet to update their directories.
There are a handful of types of DNS record types, and the most common you’ve probably heard of are A Records.
If a web user types in jeffreifman.com, the request will be passed off to a directory which will look for a DNS record that corresponds to my root domain. By root, I mean no prefix, no www, i.e. no sub-domain, just http://jeffreifman.com. For example, the root-level A record of your domain might point to 220.127.116.11. That will tell the Internet to which IP address to send your browsing request.
I’ve used the Kloth website for years to check DNS records, but there are many you can use, e.g. Google Dig or KeyCDN, whose content delivery network services I wrote about for Tuts+ earlier this year. Many sites offer these tools.
Here’s an example query for an A record on Kloth:
You can also configure A records for a variety of sub-domains. For example, if you want www.yourwebsite.com to go to the same address, you can set up an identical A record for the sub-domain www, i.e. the root domain, and the www domain would have identical IP addresses.
Recently, I co-founded Flee the Jungle at http://fleethejungle.com to guide shoppers away from Amazon after my stories about the company’s harm to Seattle and the viral exposé published by the New York Times:
Soon, we’ll be launching city-specific sub-domains, e.g. portland.fleethejungle.com. If we wish to host these on different servers, we’d need to set up distinct A records for each city sub-domain to point to the servers’ unique IP addresses.
DNS records also allow wildcard entries (using an asterisk *) that make it easy to route all sub-domain traffic to one IP address. For example, if I want any city request for Flee the Jungle to be hosted by one server, I could do something like this:
Wildcards make it easier to catch traffic from many sub-domains to one server.
Inbound Routing on Your Server
When traffic arrives at your server from the DNS mapping system, how your server handles it must be configured there. For example, here’s my Apache site configuration for my root domain traffic and www traffic:
I also sell domains using a web site which dynamically prices them. So, here’s how I tell Apache to accept traffic for all those different domains and DNS records:
Next I’m going to tell you about CNAME records. These are helpful in a number of ways and can be especially helpful in simplifying the management of your IP addresses and future migrations from one server to another.
CNAMEs are essentially domain and sub-domain text aliases to map traffic to. For example, if you’ve ever set up a blog through a service such as WordPress or Tumblr, they may ask you to map your domain name to a CNAME rather than with an A record to an IP address.
I don’t use Tumblr much, but my friend has a website while ago try with them to at http://misc.jeffreifman.com. Here are their instructions for configuring your domain name. They allow either A records or CNAMEs. I used a CNAME:
Here’s my freinds DNS record for misc.jeffreifman.com:
misc.jeffreifman.com CNAME domains.tumblr.com.
Note: You should put a closing period on your CNAME addresses.
When a user requests misc.jeffreifman.com in their browser, the DNS points them to domains.tumblr.com which it will then recursively look up the IP address for, which will be 18.104.22.168.
One advantage of CNAMEs is that if Tumblr ever changes the IP address of their inbound server, I might not need to ever change my CNAME record. It could stay the same and Tumblr can manage the IP change by changing the A record for domains.tumblr.com.
I use this approach for my domain names for sale — most of them point to a CNAME for my web server. If I need to change hosts and change the IP address of my web server, I can change one sub-domain A record for the CNAME I used, rather than changing one hundred A records for each domain name.
Note: The DNS standards don’t technically allow you to point root domain records to a CNAME address, e.g. jeffreifman.com CNAME domains.tumblr.com. That’s why Tumblr suggests an A record for your root domains. However, some DNS name servers do support this — so check with yours. To learn more, read this post by Josh Strange.
Another scenario you’ll use CNAMEs with is CDN services such as described in the KeyCDN tutorial I wrote for Tuts+. I set up four cloud subdomains named c1, c2, c3, c4, all pointing to KeyCDN’s content mirror at jr-faf.kxcdn.com.
What Happens When You Change DNS Records?
DNS records for root domains and sub-domains are generally independent of one another. A change to an A record for a root domain doesn’t affect the existing addressing of a sub-domain’s CNAME. However, I recently signed up with web security service Incapsula and found it requires two A records for the same root domain — this can make things a bit more complicated. In other words, you can technically have multiple A records for the same domain, which could create conflicts.
It’s also important to realize that DNS changes don’t take effect immediately. When you set up your DNS records for the first time (or when you change them), Internet users will not be connected to your most current settings immediately. This is one of the things that makes migrating from one server or hosting company to another more difficult. In fact, in a worst case, it can take more than 36 hours.
My registrar introduced me to WhatsMyDNS.net for a visual report of the propagation of my DNS changes to various areas. Below was a screenshot I took when my Flee the Jungle server moved, requiring changes that ended up taking several hours.
The map below shows that DNS servers around the world had finally caught up to my latest changes:
If you’re wondering by now what an MX record is, it’s time to tell you. MX records tell the DNS system where to send all that email you receive. So, if I bought StarWars.io and want to receive email at firstname.lastname@example.org, I need to do two things.
First, I need to sign up for an email service such as Google Apps or FastMail to host my email. Second, I need to follow their instructions for configuring MX records to their multiple redundant email servers.
For example, here’s what it looks like for Google Apps:
Priority Mail Server
Fast Mail looks something like this:
in1-smtp.messagingengine.com (first, priority=10)
in2-smtp.messagingengine.com (second, priority=20)
If you want to run your own email server, you’ll need to configure your MX record to point to the IP address of your own server.
A lot of people have begun using MX Toolbox for looking up their MX records, but you can use any DNS lookup service for that too.
Changing Email Providers and Moving Email
MX records only instruct the DNS system where to route today’s email — your existing email is stored in the cloud databases of your current email provider. If you wish to move all of your existing messages, you’ll need to rely on their tools or your mail client software. And, of course, you’ll also have to update your MX records to your new provider’s settings.
During the DNS propagation period, you may receive some emails at your old provider and some at your new.
Changing your MX record does not damage your prior email repository — but nothing new will ever arrive there.
TXT records allow the domain owner to authenticate themselves by posting secret codes within their DNS. When you register with Google Webmaster Tools, it will ask you to verify that you own the domain by doing just that.
For example, Google will ask you to post a code specific to your domain like this:
jeffreifman.com TXT google-site-verification=Ih8iC4iSOcBSkk
I actually have three TXT records posted for jeffreifman.com right now:
jeffreifman.com TXT "keybase-site-verification=qG2zMYf_hw2sXUCgtYWk"
jeffreifman.com TXT "v=spf1 include:spf.efwd.regsrvrs.com ~all"
jeffreifman.com TXT "google-site-verification=blTgEw5QFSx5M"
You can also use TXT records to tell spam detection servers that your mail server sends only legitimate emails as I did with the SPF record above. Services such as Mailgun use both SPF and DKIM records to use their email cannons.
As the Internet runs out of IP addresses, we’re slowly moving to a larger addressing scheme, IPV6. You can read Be the First On Your Block Running IPV6 (Tuts+) for more information about this.
If you decide to support IPv6 addressing, you’ll need to configure an AAAA record with its larger addressing scheme:
Today, most IPv4 to IPv6 conversion is handled transparently behind the scenes. Though at some point long after climate change has killed off the last polar bear (thanks Senator Inhofe), A records may become a relic and AAAA will be the primary DNS record to configure.
If you have any doubts feel free to ping me at Instagram.(Fazalur Rahman)