How DNS works (fast mental model)

DNS is a phone book for the internet. A resolver asks your domain’s nameservers for answers, and records like A, CNAME, MX, and TXT tell browsers and mail servers where to connect.

A/AAAA vs CNAME (and when to use each)

• A/AAAA → hostname to IP (A = IPv4, AAAA = IPv6). Use for the apex (yourdomain.com).
• CNAME → hostname to hostname (e.g., www → yourdomain.com). Don’t place a CNAME at the apex.

MX & email routing basics

• MX records point inbound mail to your provider (lowest priority number tried first).
• Add SPF so receivers know who may send for your domain.
• Enable DKIM signing (your provider supplies a selector and TXT key).

TXT uses: SPF, DKIM, DMARC

Use one SPF record at @ that lists allowed senders; publish a DKIM public key at selector._domainkey; and add DMARC at _dmarc to define policy and report mailboxes.

TTL & propagation (how long it takes)

• TTL controls how long answers are cached (e.g., 300s, 3600s).
• Lower TTL before migrations; raise once stable.
• Most changes settle within minutes to a few hours depending on prior TTL.

Safe changes: staging, backups, rollback plan

• Export your current DNS zone before edits.
• Schedule changes in low‑traffic windows and keep a rollback plan.
• Test resolution from multiple locations after updates.

Handy tools (lookup & verification)

DNS Tools & Commands

Web tools:

• MXToolbox (MX/SPF/DKIM/DMARC lookups)
• Google Admin Toolbox Dig
• DNSChecker (global propagation)

CLI examples:

dig TXT _dmarc.yourdomain.com +short
dig A yourdomain.com +short
dig CNAME www.yourdomain.com +short
dig MX yourdomain.com +short
dig TXT yourdomain.com +short
dig TXT selector1._domainkey.yourdomain.com +short