OSINTProjects.com
·9 min readDomainDNS

How to Read DNS Records: A, AAAA, MX, TXT, NS & CNAME Explained

A beginner-friendly guide to DNS records — what A, AAAA, MX, TXT, NS, CNAME and SOA mean, how to read them, and how to check any domain's DNS for free.

DNS — the Domain Name System — is the phone book of the internet. It translates human-friendly names like example.com into the addresses and routing information machines actually use. If you've ever wondered what all those record types mean when you run a DNS lookup, this guide breaks each one down in plain English.

What is a DNS record?

A DNS record is a single instruction stored in a domain's zone file that tells the internet how to handle some aspect of that domain — where its website lives, where its email goes, how to verify ownership, and more. Each record has a type (A, MX, TXT, etc.), a name, a value, and a TTL (time to live) that controls how long it can be cached.

Look up any domain's DNS records

The record types you'll actually see

A record

Maps a hostname to an IPv4 address (e.g. example.com → 93.184.216.34). This is what makes a website reachable by name.

AAAA record

The same idea as an A record, but for IPv6 addresses. As the internet moves to IPv6, AAAA records sit alongside A records.

MX record

Mail Exchange records tell other mail servers where to deliver email for the domain. They include a priority value — lower numbers are tried first — so you can have primary and backup mail servers.

TXT record

Free-form text records used for a surprising number of things: SPF, DKIM and DMARC for email authentication, plus domain-ownership verification for services like Google and Microsoft. TXT records are a goldmine in OSINT because they reveal which third-party services a domain uses.

NS record

Nameserver records list the authoritative DNS servers for the domain — i.e. who is actually in charge of answering DNS queries for it. Great for fingerprinting which DNS provider an organisation uses.

CNAME record

A Canonical Name record points one name at another name rather than an IP (e.g. www.example.com → example.com). Often used for subdomains that should follow wherever the main domain points.

SOA record

The Start of Authority record holds administrative metadata about the zone: the primary nameserver, the responsible party's email, and timers that control how the zone is refreshed across servers.

Why DNS records matter for OSINT and security

  • TXT records expose which SaaS providers, email systems and verification services a domain uses.
  • MX records reveal the email provider (Google Workspace, Microsoft 365, etc.).
  • NS records fingerprint the DNS host and can hint at the hosting setup.
  • A/AAAA records let you pivot to IP and ASN data to map infrastructure.
  • Misconfigured records (missing SPF/DMARC) are common security findings.
Pair DNS with a WHOIS/RDAP lookup

A quick reading workflow

  1. Run a full DNS lookup to pull A, AAAA, MX, TXT, NS, CNAME and SOA at once.
  2. Read MX + TXT to understand the email setup and authentication.
  3. Read NS to identify the DNS provider.
  4. Take the A/AAAA addresses into an IP lookup to find the host and ASN.
Resolve the IP, ASN and owner

Once you can read DNS fluently, a single lookup tells you where a site is hosted, who handles its email, what services it trusts, and how its infrastructure is organised — all from public data.

Run a free DNS lookup now
Keep reading
How to Check if Your Password Was Leaked (Safely, for Free)WHOIS vs RDAP: What's the Difference and Which Should You Use?
Browse all free tools