Understanding DNS: How Domain Names Connect to Websites and Email
Learn how DNS connects domain names to websites, email servers and online services, what DNS records do, and how to troubleshoot common DNS problems.
Introduction
DNS is the system that tells browsers, mail servers and other internet services where to find your domain. When someone visits your website or sends an email to your domain, DNS records decide which server should respond.
For most domain owners, DNS becomes important during website migrations, email setup, SSL validation, domain verification or troubleshooting. A small DNS mistake can make a website unavailable, break email delivery or prevent a service from verifying your domain.
Quick answer
DNS, or Domain Name System, connects a domain name like example.com to the servers that handle its website, email and other services. DNS works through records such as A, AAAA, CNAME, MX, TXT, NS and CAA. If these records are missing, outdated or incorrect, your website, email or domain verification may stop working.
What is DNS?
DNS is often described as the internet’s address system. Instead of requiring users to remember server IP addresses, DNS allows people to use readable domain names.
For example, when someone enters example.com in a browser, the browser needs to know which server hosts that website. DNS provides the answer by returning the correct record, usually an A or AAAA record.
DNS is also used for email. When someone sends an email to user@example.com, mail servers check the domain’s MX records to know where that email should be delivered.
Why DNS matters
What DNS controls
DNS records connect domain names to the services that run behind them.
Website loading
A, AAAA and CNAME records point visitors to the right server or CDN.
Email delivery
MX records tell mail systems where to deliver messages for the domain.
SSL certificate validation
DNS proves domain ownership during certificate issuance and renewal.
Domain verification
TXT and CNAME records confirm control for hosting, email and SaaS platforms.
CDN routing
CNAME records direct traffic through edge networks and caching layers.
Subdomains
Separate records control hosts such as www, mail, api and staging.
Security and reputation
SPF, DKIM, DMARC and rDNS affect email trust and deliverability.
Common symptoms of DNS problems
DNS issues usually appear as website, email, SSL or verification problems. The symptom often helps identify which record should be checked first.
| Symptom | Possible DNS cause |
|---|---|
| Domain not found | Missing DNS zone, incorrect nameservers or unavailable authoritative DNS. |
| Website not loading | Wrong A, AAAA or CNAME record, or DNS pointing to an old server. |
| Email bouncing | Missing or incorrect MX records, or email records configured at the wrong DNS provider. |
| SSL certificate validation failed | Wrong A/AAAA record, missing DNS validation TXT record or restrictive CAA record. |
| Domain verification failed | Missing or incorrect TXT/CNAME verification record. |
| Too many redirects | DNS may point to the wrong hosting/CDN setup, or the website redirect rules may conflict with the active destination. |
This is why DNS should always be checked after changing hosting, email providers, nameservers or domain settings.
How DNS lookup works
A simplified DNS lookup works like this:
- A user enters a domain in the browser.
- The browser checks local cache.
- The DNS resolver asks DNS servers for the domain records.
- The authoritative nameserver returns the answer.
- The browser connects to the returned IP address.
DNS responses can be cached. This is why DNS changes may not appear everywhere immediately.
Common DNS record types
A record
An A record points a domain or subdomain to an IPv4 address. It is commonly used for websites, servers and hosting setups.
example.com → 192.0.2.10
AAAA record
An AAAA record points a domain or subdomain to an IPv6 address. It is used when the server supports IPv6.
example.com → 2001:db8::1
CNAME record
A CNAME record points one hostname to another hostname. It is commonly used for www, CDN services, verification systems and third-party platforms.
www.example.com → example.com
MX record
MX records tell mail servers where to deliver email for a domain. Wrong MX records can cause incoming email to fail.
example.com → mail.example.com
TXT record
TXT records store text-based values used for verification and email authentication. Common TXT records include SPF, DKIM, DMARC and provider verification records.
NS record
NS records show which nameservers are authoritative for the domain. If nameservers are wrong, all other DNS records may be ignored.
CAA record
CAA records define which certificate authorities are allowed to issue SSL certificates for the domain. CAA is not always required, but incorrect CAA records can block SSL issuance.
How to check DNS
Use the DNS Lookup tool to inspect records such as A, AAAA, CNAME, MX, TXT, NS, SOA and CAA.
DNS checking checklist
A useful DNS check compares what should be configured, what public DNS currently returns, and which provider controls the live DNS zone.
Expected value
The value your hosting, email, CDN or SaaS provider says the record should have.
Example: For a website, this may be the server IP. For email, this may be the provider’s MX or TXT value.
Current DNS value
The value currently returned by public DNS resolvers when the domain is checked.
Example: This shows what visitors, mail servers and external services are likely to see.
Active nameserver
The DNS provider currently controlling the domain’s live DNS zone.
Example: If the domain uses Cloudflare nameservers, records edited in cPanel may not affect the live domain.
Many DNS issues happen not because the value is wrong, but because changes are made in the wrong DNS zone.
Check DNS now
Use DNS Lookup to inspect DNS records and confirm whether your domain points to the correct services.
Common DNS problems
Record points to the wrong IP
HighThe domain or subdomain points to an old hosting server, wrong VPS or incorrect provider IP.
Next step: Check the correct IP from your hosting provider and update the A or AAAA record.
Missing MX records
HighThe domain has no mail exchange records, so incoming email may not know where to deliver messages.
Next step: Add MX records from your email provider.
Duplicate or conflicting TXT records
MediumThis often happens with SPF. A domain should not publish multiple SPF TXT records.
Next step: Merge SPF values into one valid SPF record.
Nameservers are wrong
HighThe domain is using nameservers from an old provider, so DNS changes made elsewhere do not apply.
Next step: Confirm the active nameservers at the registrar and update records in the correct DNS zone.
DNS propagation delay
LowDNS changes are correct, but not visible everywhere yet because old values are cached.
Next step: Wait for TTL/cache expiry and check from multiple resolvers.
CNAME used incorrectly
MediumA CNAME may be used where another record type is required, or it may conflict with other records.
Next step: Review whether the hostname should use A, AAAA, CNAME or another record type.
How to fix DNS issues
-
Confirm where DNS is hosted
Check the domain’s active nameservers. These nameservers decide which DNS zone is used. Make changes only at the provider that controls the active nameservers.
-
Identify the affected record
Decide what is broken: website loading → A, AAAA or CNAME; incoming email → MX; email authentication → SPF, DKIM or DMARC TXT records; SSL issuance → CAA; subdomain routing → A, AAAA or CNAME.
-
Get the correct value from your provider
Use values from your hosting, email, CDN or SaaS provider. Do not copy DNS examples blindly. DNS records must match your real provider setup.
-
Update the record
Apply the correct value in your DNS manager. Use a reasonable TTL, such as 300 seconds during migration or 3600 seconds for stable records.
-
Verify from multiple locations
After changing DNS, check again using DNS Lookup, Domain Health Checker, your provider dashboard and external DNS resolvers. Some resolvers may still show old values until cache expires.
Example DNS checks
dig example.com A
dig example.com MX
dig example.com TXT
dig example.com NS
These examples are for testing only. Replace example.com with your actual domain.
DNS and email authentication
DNS is not only for websites. Email authentication depends heavily on DNS records.
Email records controlled by DNS
Several email authentication and routing settings live in DNS. If any are missing or wrong, deliverability can suffer.
| Record | DNS location |
|---|---|
| SPF | TXT record on the root domain |
| DKIM | TXT record on a selector subdomain |
| DMARC | TXT record at _dmarc.example.com |
| MX | Mail routing records for the domain |
| PTR/rDNS | Reverse DNS for sending IP addresses |
If any of these records are missing or incorrect, email deliverability can be affected.
DNS and SSL certificates
SSL certificate providers use DNS to validate domain ownership and check issuance rules.
How DNS affects SSL
Certificate validation and issuance depend on DNS pointing to the correct server and allowing the right certificate authority.
| DNS issue | SSL impact |
|---|---|
| A or AAAA records point to the wrong server | The CA cannot validate the site on the expected server. |
| CAA records block the certificate authority | Certificate issuance is denied for that CA. |
| DNS validation TXT records are missing | Domain ownership checks fail during issuance or renewal. |
| www and non-www point to different systems | A certificate may validate for one hostname but fail on the other. |
If SSL installation fails, DNS should be checked before assuming the certificate itself is the problem.
Frequently asked questions
How long do DNS changes take?
Many DNS changes appear within minutes, but cached records can remain visible until the TTL expires. In some cases, full propagation can take several hours.
Can I have multiple A records?
Yes, a domain can have multiple A records. This is sometimes used for redundancy or load balancing. However, it should be configured intentionally.
Can I have multiple SPF records?
No. A domain should publish only one SPF record. If multiple SPF records exist, SPF validation can fail.
Why do DNS changes not work?
Common reasons include editing DNS at the wrong provider, cache or TTL delays, incorrect nameservers, record conflicts or typing errors.
What is the most important DNS record?
It depends on the service. For websites, A, AAAA and CNAME records are usually most important. For email, MX, SPF, DKIM and DMARC matter most.
Should I use Cloudflare or my hosting provider for DNS?
Both can work. The important part is knowing which nameservers are active and making DNS changes in the correct place.
Related tools
Use these free tools to verify your configuration after applying changes.
Related guides
Browse all DNS & Domain guides →Need help applying this fix?
Send us your domain, report link or issue details. CheckDomainHealth will review the request and route it to the right technical team if hands-on support is needed.
Was this guide helpful?
Your feedback helps us improve our guides for everyone.
Thanks for your feedback!