The main function of DNS is to map names to IP addresses. Although machines are perfectly fine with using numbers to communicate, people aren't (especially with the gazilion of Internet devices these days).
But DNS is not just a server with records for other servers. The DNS system spans the globe , and is comprised by a hierarchy of organisational units, resembling a tree. At the root, there is ICANN, a nonprofit organisation responsible for policy, creation and management of new top-level domains (such as .com, and .uk) as well as for operating the root name servers, and managing the IPv4 and IPv6 address space.
Then there are the top-level domain registries (companies like VeriSign) which own and sell "in bulk" top-level domains to the registrars, which organisationally fall under them. Domain registrars are the companies you go to buy a domain for your website.
At the final level of the organisation, there is the domain (which you are responsible for) and its records. The nameserver that you select to hold the records of your domain, is called the authoritative name server. Meaning that it is this nameserver that holds the "official" records for your domain.
The DNS protocol describes a lot of different records for different purposes but the most common ones you will work with are A, AAAA, CNAME, TXT and MX records:
Address (A)
The Address (or simply A) record, is probably the most fundamental and widely used. It is the one that maps names to IP addresses. For example, the following record:
yourwebsite.com. IN A 23.9.62.14
will map the domain yourwebsite.com to IP address 23.9.62.14. The IP address is usually given to you by your hosting provider.
Note: Pressidium websites might use two (2) or more A records depending on the website type and domain name.
"Quad A" (AAAA)
An AAAA (Quad A) record is similar to an A record, but it maps a domain to an IPv6 address instead of an IPv4 address (e.g., example.com → 2001:0db8::1
).
Note: Pressidium websites might use two (2) or more AAAA records depending on the website type and domain name.
Canonical Name (CNAME)
The CNAME record is used to create a host alias. Instead of pointing directly to an IP address like an A record, a CNAME points to another domain name. This is typically used when you need to have multiple hostnames (www,ftp,mail) to point to the same domain. For example, the same server could also be responsible for ftp, or mail. For example:
www IN CNAME yourwebsite.com.
will create an 'www' alias to yourwebsite.com, so that when someone connects to www.yourwebsite.com, will be redirected to yourwebsite.com. An advantage of CNAME records is that if the target domain’s IP changes, you don’t need to update the CNAME. It always follows the canonical target. CNAME records do have some limitations:
Cannot be used at the apex (root) domain (see notes below for exceptions)
CNAME must be the only record for that hostname. You can’t have an A record and CNAME for the same name.
Mail Exchange (MX)
The MX record is used to define the A record that will handle all incoming email for that domain. For example, if you want mail.yourwebsite.com to handle all mail addressed to yourwebsite.com , you use the following MX records:
website.com. MX 10 mail.website.com
website.com. MX 20 mail-backup.website.com
The number next to the MX string corresponds to priority. If for some reason mail.website.com becomes unavailable, then all mail will be handled by mail-backup.website.com.
Text Record (TXT)
A type of DNS record used to store arbitrary text data. It was originally intended for human-readable notes but is now primarily used for verification and security purposes. Some of the most common uses include:
Domain Ownership Verification: Used by services to verify you own the domain.
Example: google-site-verification=abc123xyz
Email Security & Anti-Spam Measures:
e.g. SPF (Sender Policy Framework): Specifies which mail servers are allowed to send email on behalf of your domain.
v=spf1 include:_spf.google.com ~all
DKIM (DomainKeys Identified Mail): Stores the public key used to verify that email messages aren't tampered with.
v=DKIM1; k=rsa; p=MIGfMA0G...base64encodedkey
DMARC (Domain-based Message Authentication, Reporting, and Conformance): Provides instructions to mail servers on how to handle authentication failures.
v=DMARC1; p=none; rua=mailto:dmarc-reports@example.com
Additional DNS Glossary
Redirect Domain
A redirect domain automatically forwards visitors from one domain to another. For instance, if myblog.net
redirects to myblog.com
, any traffic to the former will be sent to the latter (this is achieved via HTTP redirects).
Subdomain
A subdomain is a prefix added to a domain to organize or separate content (e.g., blog.example.com
or shop.example.com
). It is part of the larger domain hierarchy.
Wildcard Domain
A wildcard domain uses an asterisk *
to represent all possible subdomains (e.g., *.example.com
). This is often used to apply DNS settings or SSL certificates to every subdomain.
*.example.com → all subdomains like:
- support.example.com
- mail.example.com
- any.example.com
Apex Domain
An apex domain, also known as a "naked" domain, is a domain name without any subdomains. It's the root or base of the domain — the simplest possible form.
Examples:
Apex/Naked Domain:
example.com
Subdomain:
www.example.com
,blog.example.com
,shop.example.com
Characteristics:
No prefix like
www
ormail
.It's what you register when you buy a domain.
Often used as the primary version of a website, though many sites redirect from
example.com
towww.example.com
or vice versa.
In DNS context, apex domains can be tricky because:
Traditionally, you can't set a CNAME record at the apex (since it conflicts with other necessary records like
NS
andSOA
). While this is not allowed per-se by the respective RFCs, many popular DNS providers support setting a CNAME record at the apex domain by using CNAME flattening (refer below).Alternatively, DNS providers often use ALIAS or ANAME records to let you point an apex domain to services that require a CNAME record at the apex domain level.
CNAME Flattening
CNAME flattening is a DNS feature that allows you to use CNAME-like behavior at the apex domain level (which normally only supports A or AAAA records). It resolves the target of the CNAME to an IP address and returns that instead. CNAME Flattening support varies by DNS provider, most popular providers support it.
Top Level Domain (TLD)
A TLD is the last segment of a domain name after the final dot (e.g., .com
, .org
, .net
, .io
). It signifies the domain's category or country association.
Examples:
.com
(commercial).org
(organization).net
(network).ai
(AI related).uk
,.jp
,.fr
(country-code TLDs)
example.com → TLD = .com