DNS records are the invisible infrastructure that makes your website reachable, your email deliverable, and your domain verifiable. Most website owners set them up once during initial hosting configuration and never think about them again — until something breaks. Understanding which records you need and what each one does prevents downtime, email delivery failures, and security vulnerabilities before they happen.
The Five Essential DNS Records
Every website with an active web presence and email should have these five record types configured correctly. You can verify all of them instantly using our DNS Lookup Tool.
A Record — Points Your Domain to a Server
The A record is the most fundamental DNS entry. It maps your domain name to the IPv4 address of the server where your website is hosted. Without an A record, browsers have no way to find your site. When someone types your domain into a browser, the DNS system resolves the A record to get the IP address, then routes the request to that server.
Most websites need only one or two A records. If you’re using a CDN like Cloudflare, your A record points to Cloudflare’s proxy IP rather than your origin server — Cloudflare then routes the request internally. If you’re using a load balancer, you might have multiple A records pointing to different servers, and DNS will distribute requests between them (round-robin DNS).
If your DNS lookup shows no A record at all, your website is unreachable. If it shows an A record pointing to an IP you don’t recognize, someone may have modified your DNS without authorization — investigate immediately.
MX Records — Route Your Email
MX (Mail Exchange) records tell the internet which servers handle email for your domain. If you use Google Workspace, your MX records point to Google’s mail servers (aspmx.l.google.com and its alternates). Microsoft 365 uses records like yourdomain-com.mail.protection.outlook.com. If you use a dedicated email service like Fastmail or Zoho, they’ll have their own MX values.
Each MX record has a priority number — lower numbers get tried first. This creates a fallback system: if your primary mail server is down, email routes to the secondary server instead of bouncing.
Missing MX records is one of the most common causes of “I’m not receiving emails” problems. If your DNS lookup shows no MX records, your domain cannot receive email at all. Our reputation checker flags this automatically as part of its DNS configuration assessment.
TXT Records — Email Authentication and Verification
TXT records store text data for various verification and security purposes. The three most important TXT records are SPF, DKIM, and DMARC — collectively known as email authentication records.
SPF (Sender Policy Framework) specifies which servers are authorized to send email on behalf of your domain. An SPF record looks like v=spf1 include:_spf.google.com ~all. Without SPF, anyone can forge emails that appear to come from your domain — and most recipients’ spam filters will reject or quarantine your legitimate emails as a result.
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to outgoing emails, proving they haven’t been tampered with in transit. DKIM records are typically set up through your email provider’s admin panel.
DMARC (Domain-based Message Authentication, Reporting & Conformance) ties SPF and DKIM together and tells receiving servers what to do with emails that fail authentication — reject them, quarantine them, or let them through. A DMARC record lives at _dmarc.yourdomain.com and looks like v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com.
If you run a reputation check on your domain and see failures on the email authentication check, adding these three TXT records is the fix. It takes about 15 minutes and dramatically improves your email deliverability.
NS Records — Delegate DNS Authority
NS (Nameserver) records identify which DNS servers are authoritative for your domain. If you use Cloudflare for DNS, your NS records point to Cloudflare’s nameservers. If you use your registrar’s default DNS, they point to the registrar’s nameservers.
NS records are usually set at the registrar level, not in your DNS dashboard. They’re the first thing the DNS resolution system checks — they determine where all your other records (A, MX, TXT) are hosted. If your NS records point to the wrong provider, none of your other DNS changes will take effect.
CNAME Record — Alias Your Subdomains
A CNAME (Canonical Name) record creates an alias from one domain to another. The most common use is pointing www.yourdomain.com to yourdomain.com, so both versions work. CNAMEs are also used for subdomains — pointing blog.yourdomain.com to your hosted blog platform, or shop.yourdomain.com to your e-commerce provider.
One important limitation: you cannot place a CNAME on the root domain (the “naked” domain without www). Root domains require A records. Some DNS providers like Cloudflare offer a workaround called CNAME flattening, but standard DNS doesn’t support it.
Quick DNS Health Check
Run your domain through our DNS Lookup Tool right now and verify you see all five record types. If anything is missing or looks unfamiliar, address it before it causes problems. Pay special attention to MX records (email depends on them) and TXT records (email authentication depends on them). A properly configured DNS setup with all five record types is the foundation of a reliable, secure web presence.
