DNS is one of those things that works invisibly until it doesn't — and when it breaks, everything breaks. Your website goes down, your email stops working, and your customers think you've gone out of business.
Despite being foundational to literally everything on the internet, DNS is poorly understood by most developers and virtually all business owners. This guide will change that. By the end, you'll understand how DNS actually works, how to configure it properly, and how to avoid the mistakes that cause outages.
What DNS Actually Does (The Simple Version)
DNS — Domain Name System — translates human-readable domain names (like yourcompany.com) into IP addresses (like 93.184.216.34) that computers use to find each other.
Think of it as the internet's phone book. When you type a URL into your browser, your computer asks a DNS server: "What's the IP address for this domain?" The DNS server responds with the address, and your browser connects to it. This happens billions of times per day, usually in under 50 milliseconds.
The Records You Actually Need to Know
DNS has dozens of record types, but you only need to understand five for 99% of real-world use:
A Record — Points your domain to an IPv4 address. This is the most basic record. When someone visits yoursite.com, the A record tells their browser which server to connect to.
yoursite.com. A 93.184.216.34AAAA Record — Same as an A record, but for IPv6 addresses. If your server supports IPv6, you should have both A and AAAA records.
CNAME Record — Points one domain name to another domain name. Commonly used for subdomains. For example, pointing www.yoursite.com to yoursite.com, or pointing a subdomain to a third-party service.
www.yoursite.com. CNAME yoursite.com.
blog.yoursite.com. CNAME your-blog.ghost.io.MX Record — Tells email servers where to deliver mail for your domain. Without MX records, you can't receive email. The priority number determines which server is tried first (lower = higher priority).
yoursite.com. MX 10 mail1.yourmailprovider.com.
yoursite.com. MX 20 mail2.yourmailprovider.com.TXT Record — Stores text data. Used primarily for email authentication (SPF, DKIM, DMARC) and domain verification. If your email is landing in spam, a missing or misconfigured TXT record is usually the culprit.
How to Set Up DNS for a New Domain (Step by Step)
Whether you just bought a domain or you're moving to a new host, here's the process:
Step 1: Decide where to manage your DNS. You have two options: use your domain registrar's DNS (GoDaddy, Namecheap, Google Domains) or use a dedicated DNS provider (Cloudflare, Route 53, DNSimple). I recommend Cloudflare for most people — it's free, fast, and gives you DDoS protection as a bonus.
Step 2: Point your nameservers. If you're using an external DNS provider like Cloudflare, you'll need to change your nameservers at your registrar. This tells the internet "Cloudflare manages DNS for this domain." Nameserver changes can take up to 48 hours to propagate, though it's usually done within 2-4 hours.
Step 3: Add your A record. Point your root domain (yoursite.com) to your server's IP address.
Step 4: Add a CNAME for www. Point www.yoursite.com to yoursite.com. This ensures both versions work.
Step 5: Set up MX records for email. If you're using Google Workspace, Microsoft 365, or any email provider, add their MX records. This is the step most people forget, and then wonder why their email stopped working after a migration.
Step 6: Add email authentication records. Add SPF, DKIM, and DMARC records as TXT records. These prevent your emails from being marked as spam. Your email provider will give you the exact values to use.
TTL: The Setting Everyone Ignores
TTL (Time to Live) tells DNS resolvers how long to cache a record before checking for updates. It's measured in seconds.
A TTL of 3600 means resolvers will cache the record for one hour. A TTL of 300 means five minutes.
The rule: Set your TTL low (300 seconds) before making changes, wait for the old TTL to expire, make your changes, then set the TTL back to a higher value (3600-86400) once everything is working. This gives you fast rollback capability during migrations while keeping DNS efficient during normal operations.
I've seen teams forget this step and then spend 24 hours waiting for a DNS change to propagate because their old TTL was set to 86400 seconds (24 hours). Lower it first. Always.
Common DNS Mistakes and How to Fix Them
"My website works but www doesn't" (or vice versa). You have an A record for the root domain but no CNAME for www (or the reverse). Add the missing record.
"My email goes to spam." You're missing SPF, DKIM, or DMARC records. Use a tool like MXToolbox to check your email authentication. Fix whatever's missing.
"DNS changes aren't taking effect." You probably didn't lower the TTL before making changes. Wait for the old TTL to expire, or flush your local DNS cache with sudo dscacheutil -flushcache on Mac or ipconfig /flushdns on Windows.
"Everything was working, then I changed nameservers and everything broke." When you switch nameservers, you need to recreate ALL your DNS records at the new provider. The new provider starts with a blank slate. Copy every record from your old provider before switching.
DNS Providers: What I Recommend
For most people: Cloudflare (free). Fast, reliable, includes DDoS protection, SSL, and caching. The free tier is genuinely excellent. The only downside is that it proxies your traffic through their network, which some advanced setups don't want.
For AWS users: Route 53. Tight integration with AWS services, 100% SLA, but costs $0.50 per hosted zone per month plus per-query charges. Overkill for a simple website, essential for AWS-heavy architectures.
For simplicity: Your registrar's DNS. Namecheap and Google Domains both have decent DNS management built in. If your needs are simple (a website and email), there's nothing wrong with using what you've already got.
The One Thing to Remember
DNS feels intimidating, but it's actually just a lookup table. Domain name goes in, IP address comes out. Everything else — MX records, CNAME records, TXT records — is just variations of "when someone asks about X, send them to Y."
Set it up once, set it up correctly, and you'll probably never have to think about it again. Set it up wrong, and you'll think about nothing else for the next 48 hours while you wait for propagation.
Choose wisely.
