What is DNS TTL and why does it matter?

TTL (Time To Live) is the number of seconds that a DNS record should be cached before resolvers recheck the authoritative server. A TTL of 300 means changes propagate within 5 minutes. A TTL of 86400 (24 hours) means changes can take a full day to propagate globally. Lower TTLs before planned changes, then raise them after.

What is the difference between a CNAME and an A record?

An A record maps a hostname directly to an IPv4 address. A CNAME (canonical name) maps a hostname to another hostname. CNAMEs are useful for pointing multiple hostnames (www, app, api) to the same target. A CNAME cannot be used for the root domain (apex) — most DNS providers use proprietary ALIAS or ANAME records for apex CNAME-like behavior.

DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS records to prevent DNS spoofing and cache poisoning attacks. When a resolver receives a signed DNS response, it can verify the signature against the public key published in the parent zone. DNSSEC is important for high-security domains but adds complexity to DNS management.

What is DNS TTL and why does it matter?

TTL (Time To Live) is the number of seconds that a DNS record should be cached before resolvers recheck the authoritative server. A TTL of 300 means changes propagate within 5 minutes. A TTL of 86400 (24 hours) means changes can take a full day to propagate globally. Lower TTLs before planned changes, then raise them after.

What is the difference between a CNAME and an A record?

An A record maps a hostname directly to an IPv4 address. A CNAME (canonical name) maps a hostname to another hostname. CNAMEs are useful for pointing multiple hostnames (www, app, api) to the same target. A CNAME cannot be used for the root domain (apex) — most DNS providers use proprietary ALIAS or ANAME records for apex CNAME-like behavior.

DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS records to prevent DNS spoofing and cache poisoning attacks. When a resolver receives a signed DNS response, it can verify the signature against the public key published in the parent zone. DNSSEC is important for high-security domains but adds complexity to DNS management.

What is DNS? — Domain Name System Explained

Definition

DNS (Domain Name System) is the internet's distributed directory service that translates human-readable domain names (like example.com) into IP addresses (like 93.184.216.34) that computers use to identify each other on the network. Without DNS, you would need to memorize IP addresses to visit websites. DNS is a hierarchical, decentralized system distributed across millions of name servers worldwide that work together to answer queries.

How It Works

When you type a domain name, your OS checks its local cache, then queries a recursive resolver (usually provided by your ISP or a public DNS like 8.8.8.8). If the resolver does not have a cached answer, it performs iterative resolution: first querying a root name server to find the TLD name server (.com), then the TLD server to find the authoritative name server for the domain, then the authoritative server to get the actual record. The result is cached for the duration specified by the record's TTL (Time To Live). DNS records include: A (IPv4 address), AAAA (IPv6), CNAME (canonical name alias), MX (mail server), TXT (text, used for SPF/DKIM), NS (name server), and SOA (start of authority).

Common Use Cases

▸Resolving website domain names to the IP addresses of hosting servers
▸Email routing via MX records to the correct mail servers
▸Verifying domain ownership with TXT records for services like Google Search Console
▸Load balancing by pointing a single domain to multiple A record IPs
▸Pointing custom domains to CDNs and cloud services with CNAME records

Example

DNS Records for example.com:

A record:     example.com → 93.184.216.34
AAAA record:  example.com → 2606:2800:220:1:248:1893:25c8:1946
CNAME record: www → example.com
MX record:    example.com → mail.example.com (priority 10)
TXT record:   v=spf1 include:_spf.google.com ~all
TTL:          3600 (cache for 1 hour)

Related Tools

🔗Domain Name Validator

Validate domain names against RFC 1035 rules: length, characters, labels, and TLD.

✓IP Address Validator

Validate IPv4 and IPv6 addresses with class, scope, and private/public detection.

FAQ

What is DNS TTL and why does it matter?: TTL (Time To Live) is the number of seconds that a DNS record should be cached before resolvers recheck the authoritative server. A TTL of 300 means changes propagate within 5 minutes. A TTL of 86400 (24 hours) means changes can take a full day to propagate globally. Lower TTLs before planned changes, then raise them after.
What is the difference between a CNAME and an A record?: An A record maps a hostname directly to an IPv4 address. A CNAME (canonical name) maps a hostname to another hostname. CNAMEs are useful for pointing multiple hostnames (www, app, api) to the same target. A CNAME cannot be used for the root domain (apex) — most DNS providers use proprietary ALIAS or ANAME records for apex CNAME-like behavior.
What is DNSSEC?: DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS records to prevent DNS spoofing and cache poisoning attacks. When a resolver receives a signed DNS response, it can verify the signature against the public key published in the parent zone. DNSSEC is important for high-security domains but adds complexity to DNS management.

Related Terms

IP Address Subnet SSL Certificate