DNS & Domain Guides

Understanding DNS: How Domain Names Connect to Websites and Email

Learn how DNS connects domain names to websites, email servers and online services, what DNS records do, and how to troubleshoot common DNS problems.

By CheckDomainHealth Editorial Team Reviewed by Dionis Ceban Updated Jun 28, 2026 8 min read Beginner

Introduction

DNS is the system that tells browsers, mail servers and other internet services where to find your domain. When someone visits your website or sends an email to your domain, DNS records decide which server should respond.

For most domain owners, DNS becomes important during website migrations, email setup, SSL validation, domain verification or troubleshooting. A small DNS mistake can make a website unavailable, break email delivery or prevent a service from verifying your domain.

Quick answer

Quick answer

DNS, or Domain Name System, connects a domain name like example.com to the servers that handle its website, email and other services. DNS works through records such as A, AAAA, CNAME, MX, TXT, NS and CAA. If these records are missing, outdated or incorrect, your website, email or domain verification may stop working.

What is DNS?

DNS is often described as the internet’s address system. Instead of requiring users to remember server IP addresses, DNS allows people to use readable domain names.

For example, when someone enters example.com in a browser, the browser needs to know which server hosts that website. DNS provides the answer by returning the correct record, usually an A or AAAA record.

DNS is also used for email. When someone sends an email to user@example.com, mail servers check the domain’s MX records to know where that email should be delivered.

Why DNS matters

What DNS controls

DNS records connect domain names to the services that run behind them.

Website loading

A, AAAA and CNAME records point visitors to the right server or CDN.

Email delivery

MX records tell mail systems where to deliver messages for the domain.

SSL certificate validation

DNS proves domain ownership during certificate issuance and renewal.

Domain verification

TXT and CNAME records confirm control for hosting, email and SaaS platforms.

CDN routing

CNAME records direct traffic through edge networks and caching layers.

Subdomains

Separate records control hosts such as www, mail, api and staging.

Security and reputation

SPF, DKIM, DMARC and rDNS affect email trust and deliverability.

Common symptoms of DNS problems

DNS issues usually appear as website, email, SSL or verification problems. The symptom often helps identify which record should be checked first.

Symptom Possible DNS cause
Domain not found Missing DNS zone, incorrect nameservers or unavailable authoritative DNS.
Website not loading Wrong A, AAAA or CNAME record, or DNS pointing to an old server.
Email bouncing Missing or incorrect MX records, or email records configured at the wrong DNS provider.
SSL certificate validation failed Wrong A/AAAA record, missing DNS validation TXT record or restrictive CAA record.
Domain verification failed Missing or incorrect TXT/CNAME verification record.
Too many redirects DNS may point to the wrong hosting/CDN setup, or the website redirect rules may conflict with the active destination.

This is why DNS should always be checked after changing hosting, email providers, nameservers or domain settings.

How DNS lookup works

A simplified DNS lookup works like this:

  1. A user enters a domain in the browser.
  2. The browser checks local cache.
  3. The DNS resolver asks DNS servers for the domain records.
  4. The authoritative nameserver returns the answer.
  5. The browser connects to the returned IP address.

DNS responses can be cached. This is why DNS changes may not appear everywhere immediately.

Common DNS record types

A record

An A record points a domain or subdomain to an IPv4 address. It is commonly used for websites, servers and hosting setups.

example.com → 192.0.2.10

AAAA record

An AAAA record points a domain or subdomain to an IPv6 address. It is used when the server supports IPv6.

example.com → 2001:db8::1

CNAME record

A CNAME record points one hostname to another hostname. It is commonly used for www, CDN services, verification systems and third-party platforms.

www.example.com → example.com

MX record

MX records tell mail servers where to deliver email for a domain. Wrong MX records can cause incoming email to fail.

example.com → mail.example.com

TXT record

TXT records store text-based values used for verification and email authentication. Common TXT records include SPF, DKIM, DMARC and provider verification records.

NS record

NS records show which nameservers are authoritative for the domain. If nameservers are wrong, all other DNS records may be ignored.

CAA record

CAA records define which certificate authorities are allowed to issue SSL certificates for the domain. CAA is not always required, but incorrect CAA records can block SSL issuance.

How to check DNS

Use the DNS Lookup tool to inspect records such as A, AAAA, CNAME, MX, TXT, NS, SOA and CAA.

DNS checking checklist

A useful DNS check compares what should be configured, what public DNS currently returns, and which provider controls the live DNS zone.

Expected value

The value your hosting, email, CDN or SaaS provider says the record should have.

Example: For a website, this may be the server IP. For email, this may be the provider’s MX or TXT value.

Current DNS value

The value currently returned by public DNS resolvers when the domain is checked.

Example: This shows what visitors, mail servers and external services are likely to see.

Active nameserver

The DNS provider currently controlling the domain’s live DNS zone.

Example: If the domain uses Cloudflare nameservers, records edited in cPanel may not affect the live domain.

Many DNS issues happen not because the value is wrong, but because changes are made in the wrong DNS zone.

Check DNS now

Use DNS Lookup to inspect DNS records and confirm whether your domain points to the correct services.

Run DNS Lookup →

Common DNS problems

Record points to the wrong IP

High

The domain or subdomain points to an old hosting server, wrong VPS or incorrect provider IP.

Next step: Check the correct IP from your hosting provider and update the A or AAAA record.

Missing MX records

High

The domain has no mail exchange records, so incoming email may not know where to deliver messages.

Next step: Add MX records from your email provider.

Duplicate or conflicting TXT records

Medium

This often happens with SPF. A domain should not publish multiple SPF TXT records.

Next step: Merge SPF values into one valid SPF record.

Nameservers are wrong

High

The domain is using nameservers from an old provider, so DNS changes made elsewhere do not apply.

Next step: Confirm the active nameservers at the registrar and update records in the correct DNS zone.

DNS propagation delay

Low

DNS changes are correct, but not visible everywhere yet because old values are cached.

Next step: Wait for TTL/cache expiry and check from multiple resolvers.

CNAME used incorrectly

Medium

A CNAME may be used where another record type is required, or it may conflict with other records.

Next step: Review whether the hostname should use A, AAAA, CNAME or another record type.

How to fix DNS issues

  1. Confirm where DNS is hosted

    Check the domain’s active nameservers. These nameservers decide which DNS zone is used. Make changes only at the provider that controls the active nameservers.

  2. Identify the affected record

    Decide what is broken: website loading → A, AAAA or CNAME; incoming email → MX; email authentication → SPF, DKIM or DMARC TXT records; SSL issuance → CAA; subdomain routing → A, AAAA or CNAME.

  3. Get the correct value from your provider

    Use values from your hosting, email, CDN or SaaS provider. Do not copy DNS examples blindly. DNS records must match your real provider setup.

  4. Update the record

    Apply the correct value in your DNS manager. Use a reasonable TTL, such as 300 seconds during migration or 3600 seconds for stable records.

  5. Verify from multiple locations

    After changing DNS, check again using DNS Lookup, Domain Health Checker, your provider dashboard and external DNS resolvers. Some resolvers may still show old values until cache expires.

Example DNS checks

Example DNS checks
dig example.com A
dig example.com MX
dig example.com TXT
dig example.com NS

These examples are for testing only. Replace example.com with your actual domain.

DNS and email authentication

DNS is not only for websites. Email authentication depends heavily on DNS records.

Email records controlled by DNS

Several email authentication and routing settings live in DNS. If any are missing or wrong, deliverability can suffer.

Record DNS location
SPF TXT record on the root domain
DKIM TXT record on a selector subdomain
DMARC TXT record at _dmarc.example.com
MX Mail routing records for the domain
PTR/rDNS Reverse DNS for sending IP addresses

If any of these records are missing or incorrect, email deliverability can be affected.

DNS and SSL certificates

SSL certificate providers use DNS to validate domain ownership and check issuance rules.

How DNS affects SSL

Certificate validation and issuance depend on DNS pointing to the correct server and allowing the right certificate authority.

DNS issue SSL impact
A or AAAA records point to the wrong server The CA cannot validate the site on the expected server.
CAA records block the certificate authority Certificate issuance is denied for that CA.
DNS validation TXT records are missing Domain ownership checks fail during issuance or renewal.
www and non-www point to different systems A certificate may validate for one hostname but fail on the other.

If SSL installation fails, DNS should be checked before assuming the certificate itself is the problem.

Frequently asked questions

How long do DNS changes take?

Many DNS changes appear within minutes, but cached records can remain visible until the TTL expires. In some cases, full propagation can take several hours.

Can I have multiple A records?

Yes, a domain can have multiple A records. This is sometimes used for redundancy or load balancing. However, it should be configured intentionally.

Can I have multiple SPF records?

No. A domain should publish only one SPF record. If multiple SPF records exist, SPF validation can fail.

Why do DNS changes not work?

Common reasons include editing DNS at the wrong provider, cache or TTL delays, incorrect nameservers, record conflicts or typing errors.

What is the most important DNS record?

It depends on the service. For websites, A, AAAA and CNAME records are usually most important. For email, MX, SPF, DKIM and DMARC matter most.

Should I use Cloudflare or my hosting provider for DNS?

Both can work. The important part is knowing which nameservers are active and making DNS changes in the correct place.

Use these free tools to verify your configuration after applying changes.

Browse all DNS & Domain guides →

Need help applying this fix?

Send us your domain, report link or issue details. CheckDomainHealth will review the request and route it to the right technical team if hands-on support is needed.

Get Help Run Domain Health Check

Was this guide helpful?

Your feedback helps us improve our guides for everyone.