DNS Record Types Explained: Debug DNS Issues Fast

DNS is the phonebook of the internet. When something breaks — a website won't load, email bounces, or your CDN misbehaves — DNS is often the culprit. Understanding the different record types and how to interrogate them is a foundational skill for any developer or network engineer.

What Is a DNS Lookup?

A DNS lookup is the process of resolving a human-readable hostname (like example.com) to a machine-readable IP address. This happens through a chain of resolvers: your local stub resolver, a recursive resolver (usually your ISP or a public resolver like 8.8.8.8), and finally the authoritative nameserver for the domain.

Every step in that chain can fail — and knowing which record type to query is the fastest way to diagnose the issue.

Core DNS Record Types

A and AAAA Records

The A record maps a hostname to an IPv4 address. The AAAA record does the same for IPv6. These are the most queried records on the internet.

example.com.  300  IN  A     93.184.216.34
example.com.  300  IN  AAAA  2606:2800:220:1:248:1893:25c8:1946

A low TTL (like 300 seconds) means changes propagate quickly. A high TTL improves performance but slows rollbacks.

MX Records

MX records (Mail Exchanger) tell the world which servers accept email for your domain. Each record has a priority value — lower numbers are preferred.

example.com.  3600  IN  MX  10 mail1.example.com.
example.com.  3600  IN  MX  20 mail2.example.com.

If your email is bouncing, the first thing to check is whether your MX records point to the right mail server and whether that server has a valid A record.

CNAME Records

A CNAME (Canonical Name) creates an alias from one hostname to another. It cannot coexist with other record types at the same node, which is why you cannot CNAME your root domain (@) — use an ALIAS or ANAME record instead.

TXT Records

TXT records carry arbitrary text data. They are used for domain verification (Google, GitHub), SPF email authentication, and DKIM public keys. One domain can have multiple TXT records.

NS Records

NS records delegate a zone to a set of authoritative nameservers. If these are misconfigured, every DNS lookup for your domain fails.

SRV Records

Used heavily in VoIP and internal service discovery, SRV records encode a service, protocol, priority, weight, port, and target into a single record.

Debugging DNS Step by Step

1. Start with a basic A record lookup

dig example.com A

Check the ANSWER section. If it's empty, the record doesn't exist or the zone is broken.

2. Query a specific nameserver

dig @8.8.8.8 example.com A

Comparing the response from your ISP resolver versus a public resolver reveals caching issues or split-horizon DNS problems.

3. Trace the delegation chain

dig +trace example.com

This shows every hop from the root nameservers down to the authoritative answer — invaluable for diagnosing delegation failures.

4. Check DNSSEC

DNSSEC adds cryptographic signatures to DNS responses, preventing cache poisoning. If DNSSEC validation fails, resolvers may silently drop answers, causing mysterious lookup failures.

dig +dnssec example.com A

Look for the ad (Authenticated Data) flag in the response header. If it's absent and your domain has DNSSEC enabled, your DS records in the parent zone may be out of sync.

Common DNS Errors and What They Mean

Error	Likely Cause
NXDOMAIN	Domain doesn't exist or record type is missing
SERVFAIL	Authoritative server error or DNSSEC validation failure
REFUSED	Resolver is not configured to answer your query
Slow TTL propagation	Previous high TTL still being served by caches

Propagation vs. Caching

A common misconception is that DNS changes take "up to 48 hours" because of propagation. In reality, propagation between authoritative servers is fast (minutes). The delay is almost always old TTL values being served from recursive resolver caches. Reduce your TTL to 300 seconds before making a change, then raise it back after the migration is stable.

Use the DNS Toolbox

Rather than juggling command-line tools, use the DNS Toolbox on InfraHub. It lets you query any record type — A, AAAA, MX, TXT, CNAME, NS, SRV, and DNSSEC data — from your browser, with zero server-side logging. Results are formatted clearly so you can spot misconfigurations in seconds.

Whether you're debugging a failed email delivery, verifying a new domain setup, or auditing DNSSEC, the DNS Toolbox gives you authoritative answers without installing anything.