What DNS Actually Does
Domain Name System translates human-friendly names into IP addresses, email servers, verification keys, and more. Think of it as the internetβs phone book updated in real time.
Record Types Explained
- A β IPv4 address (192.0.2.42)
- AAAA β IPv6 address
- CNAME β alias to another hostname
- MX β mail server priority and hostname
- TXT β arbitrary text (SPF, DKIM, verification)
- NS β delegates subdomain to different nameservers
TTL: Time-To-Live
TTL is measured in seconds; 3600 = 1 hour. Lower TTL lets you change IPs quickly but increases query load. Before migrations drop TTL to 300 seconds; after stability raise to 86400 to reduce global queries.
Setting Up a New Site
Root: @ A record β server IP. WWW: CNAME β yourdomain.com (or A record to same IP). Both entries ensure visitors reach site whether they type www or not.
Email Configuration
Add MX records pointing to provider (e.g., ASPMX.L.GOOGLE.COM priority 10). Create TXT SPF: v=spf1 include:_spf.google.com ~all. Add 2048-bit DKIM TXT record supplied by mail host.
Subdomain Strategy
Use subdomains for dedicated functions: api.yourdomain.com β micro-service IP, shop.yourdomain.com β Shopify CNAME, blog.yourdomain.com β Ghost IP. This isolates services and simplifies scaling.
CDN Integration
Cloudflare or AWS CloudFront will give you new A and AAAA IPs. Update your DNS to those IPs (or CNAME if root flattening) to enable global caching and DDoS mitigation.
Propagation Testing
Use dig (Mac/Linux) or nslookup (Windows) against multiple resolvers: dig @8.8.8.8 yourdomain.com. Compare results; if some show old IP, wait or lower TTL further.
Security Best Practices
- Enable DNSSEC to prevent cache poisoning
- Lock registrar-level DNS to prevent unauthorized nameserver changes
- Use registrar that supports 2FA for DNS edits
Monitoring & Troubleshooting
Set up DNS propagation alerts (DNSCheck). If site down but IP pings, check MX, TXT conflicts or recent record typos. Keep an offline export of all records as CSV for disaster recovery.