What Is a DNS Record and How Does It Work? A, CNAME, MX, and TXT Explained
Every time you type a domain name into a browser, a chain of lookups happens in the background before a single byte of your website loads. DNS records are what make that chain work. This article explains what DNS is, what each record type does, and how it all connects when you add a custom domain to a Localtonet tunnel.
📋 What's in this article
What Is DNS?
DNS stands for Domain Name System. It is the distributed directory that maps human-readable domain names
to machine-readable IP addresses. When you type example.com into a browser,
your computer does not know where that is. It asks the DNS system, which looks up the answer
and returns an IP address. Your browser then connects to that IP address to load the page.
Without DNS, you would have to remember the IP address of every website you visit. With DNS, you type a name and the system handles the translation invisibly. DNS is also how email routing, domain verification, SSL certificate issuance, and dozens of other internet services know where to send traffic.
The phone book analogy
DNS is often compared to a phone book. A domain name is like a person's name. The IP address is like their phone number. You look up the name to find the number, then use the number to actually make the call. The phone book is DNS. The entries in the phone book are DNS records.
How DNS Resolution Works
When you visit a domain, your device goes through a chain of servers to find the answer. Understanding this chain explains why DNS changes take time to propagate and why different people sometimes see different results for the same domain.
Your device checks its local cache
If you visited the domain recently, the answer might already be stored locally. If it is, the lookup ends here instantly.
Your device asks a recursive resolver
If the cache is empty, your device asks a recursive resolver, usually run by your ISP,
or a public one like 1.1.1.1 (Cloudflare) or 8.8.8.8 (Google).
The resolver does the heavy lifting of finding the answer on your behalf.
The resolver asks a root nameserver
Root nameservers know which servers are responsible for each top-level domain .com, .org, .net, and so on.
They point the resolver to the TLD nameserver.
The resolver asks the TLD nameserver
The TLD nameserver for .com knows which nameservers are authoritative
for example.com specifically. It returns those nameserver addresses.
The resolver asks the authoritative nameserver
The authoritative nameserver is the one your domain registrar or DNS provider operates. This is where your actual DNS records live, the A records, CNAMEs, MX records, and others. The resolver gets the answer here and returns it to your device.
The entire chain typically completes in under 100 milliseconds. Once resolved, the answer is cached at multiple points in the chain so subsequent lookups are instant.
DNS Record Types Explained
A DNS record is a single entry in the authoritative nameserver for a domain. Each record has a type that determines what kind of information it holds and what it is used for. Here are the most common ones you will encounter.
A Record
An A record maps a domain name to an IPv4 address. It is the most fundamental record type. When you visit a website, an A record is what tells your browser which IP address to connect to.
| Name | Type | Value | TTL |
|---|---|---|---|
example.com | A | 203.0.113.10 | 3600 |
www.example.com | A | 203.0.113.10 | 3600 |
You can have multiple A records for the same name pointing at different IP addresses. DNS resolvers return all of them and clients typically try the first one, which is a simple form of load distribution.
AAAA Record
The same as an A record but for IPv6 addresses. The four As stand for the four times longer address length compared to IPv4. If your server has an IPv6 address, you add an AAAA record alongside the A record. Modern browsers try both and use whichever works.
CNAME Record
A CNAME (Canonical Name) record is an alias. Instead of pointing a name directly at an IP address, it points one name at another name. The resolver then looks up the target name to find the IP.
| Name | Type | Value | TTL |
|---|---|---|---|
blog.example.com | CNAME | example.com | 3600 |
shop.example.com | CNAME | stores.platform.com | 3600 |
CNAMEs are useful when the IP address of the target might change for example, when your hosting provider updates their infrastructure. You only need to update the A record on their side, not your DNS settings. Your CNAME just keeps pointing at the same name.
You cannot create a CNAME for the root domain (example.com with no subdomain).
CNAMEs only work on subdomains like www.example.com or app.example.com.
Some DNS providers offer a proprietary workaround called ALIAS or ANAME records for root domains,
but these are not part of the DNS standard.
MX Record
MX (Mail Exchanger) records tell the internet where to deliver email for a domain.
When someone sends an email to you@example.com, the sending mail server looks up
the MX records for example.com to find out which server accepts the mail.
| Name | Type | Priority | Value |
|---|---|---|---|
example.com | MX | 10 | mail1.example.com |
example.com | MX | 20 | mail2.example.com |
The priority number tells sending servers which mail server to try first. Lower numbers have higher priority. The second server acts as a fallback if the primary is unavailable.
TXT Record
TXT records hold arbitrary text values. They were originally intended for human-readable notes but became the standard way to verify domain ownership and configure email authentication.
| Name | Type | Value |
|---|---|---|
example.com | TXT | v=spf1 include:sendgrid.net ~all |
_dmarc.example.com | TXT | v=DMARC1; p=quarantine; |
example.com | TXT | google-site-verification=abc123xyz |
Common uses for TXT records:
- SPF — tells receiving mail servers which senders are authorised to send email for your domain
- DKIM — holds a public key used to verify email signatures
- DMARC — defines what to do with email that fails SPF or DKIM checks
- Domain verification — Google, GitHub, and others ask you to add a TXT record to prove you own the domain
NS Record
NS (Nameserver) records define which DNS servers are authoritative for a domain. They tell the rest of the internet where to go to find all the other DNS records for a domain. When you register a domain, your registrar lets you set NS records to point at any DNS provider you choose.
| Name | Type | Value |
|---|---|---|
example.com | NS | ns1.yourprovider.com |
example.com | NS | ns2.yourprovider.com |
Changing NS records is the most impactful DNS change you can make. It delegates control of all DNS records for the domain to a new provider. NS record changes can take up to 48 hours to propagate fully.
SRV Record
SRV records specify the location of a service not just an IP address, but also a port number and protocol. They are used by applications like SIP (VoIP), XMPP (chat), and some game servers to discover where a service is running without hardcoding a port number into client applications.
CAA Record
CAA (Certification Authority Authorization) records specify which certificate authorities are allowed to issue SSL certificates for a domain. If you add a CAA record, only the listed CAs can issue certificates for that domain. This prevents certificate mis-issuance by unauthorised CAs.
TTL and DNS Propagation
Every DNS record has a TTL (Time to Live) value measured in seconds. TTL tells resolvers and caches how long they should keep the answer before asking again. A TTL of 3600 means the record is cached for one hour. A TTL of 300 means five minutes.
When you change a DNS record, the old answer stays cached at resolvers around the world until their cached copy expires. This is what people mean by DNS propagation: the old answer is gradually replaced by the new one as caches expire and resolvers fetch fresh data. The time it takes depends entirely on the TTL of the record you changed.
Practical TTL strategy
- Before a planned change: lower the TTL to 300 seconds (5 minutes) a day in advance. When you make the change, it propagates quickly.
- After the change is stable: raise the TTL back to 3600 or higher. This reduces load on your nameservers and makes lookups faster for end users.
- For stable records: a TTL of 86400 (24 hours) is fine. These records rarely change so long caching is beneficial.
Tools like dnschecker.org show whether your DNS changes have reached resolvers in different countries. If some locations show the old value and others show the new one, propagation is still in progress, the TTL of the old record has not expired everywhere yet.
How This All Connects to Localtonet Custom Domains
When you create a Localtonet tunnel, you get a free subdomain on localto.net automatically.
That is enough for development and testing. For production use, sharing a URL with clients,
or making a service feel permanent, you can attach your own domain to the tunnel.
Localtonet manages its own DNS infrastructure. To use your domain with Localtonet, you point your domain's NS records at Localtonet's nameservers. This delegates DNS control for your domain to Localtonet's DNS Manager, where you can then create records and assign them to tunnels.
Add your domain to the Localtonet DNS Manager
Go to localtonet.com/dnsmanager and add your domain. Localtonet shows you the nameserver addresses to use.
Update the NS records at your domain registrar
Log in to wherever you bought your domain Namecheap, GoDaddy, Cloudflare Registrar, or any other registrar.
Find the nameserver settings and replace the existing NS records with Localtonet's nameservers:
ns1.localtonet.com and ns2.localtonet.com.
This step delegates DNS control to Localtonet.
Wait for NS propagation
NS changes take longer to propagate than regular record changes, typically a few hours, sometimes up to 48 hours. You can check propagation status at dnschecker.org.
Assign your domain to a tunnel
Once propagation is complete, you can select your custom domain when creating
an HTTP tunnel in Localtonet. You can also customise the subdomain for example api.yourdomain.com for one tunnel and app.yourdomain.com for another.
A valid HTTPS certificate is provisioned automatically.
The complete custom domain setup walkthrough with images is available in the How to Add a Custom Domain on Localtonet guide.
Frequently Asked Questions
What is the difference between an A record and a CNAME?
An A record maps a name directly to an IP address. A CNAME maps a name to another name, and the resolver then follows that name to find the IP. CNAMEs add one extra lookup step but are useful when the target IP might change, because you only need to update the A record in one place. CNAMEs can only be used on subdomains, not on the root domain itself.
Why do DNS changes sometimes take a long time to take effect?
Because the old answer is cached at resolvers around the world according to the TTL value. If a record had a TTL of 86400 (24 hours) when you changed it, resolvers that recently cached it will keep using the old value for up to 24 hours. Lowering the TTL to 300 before making a change speeds this up significantly.
What happens to my email if I change my domain's NS records to Localtonet?
If your domain has existing MX records for email, you need to recreate them in Localtonet's DNS Manager after the NS change. Changing NS records transfers DNS management but does not automatically copy your existing records. Before changing NS records, note down all your current DNS records especially MX, SPF (TXT), and DKIM (TXT) records so you can recreate them in the new DNS manager.
Can I use a subdomain with Localtonet without changing my nameservers?
Yes, if your DNS provider supports it. Instead of changing nameservers for the whole domain, you can delegate just a subdomain by adding NS records for that subdomain at your current registrar pointing at ns1.localtonet.com and ns2.localtonet.com. This leaves your root domain and other subdomains managed by your existing provider. Check your registrar's documentation for subdomain NS delegation support.
What is the difference between a DNS provider and a domain registrar?
A domain registrar is where you buy and renew a domain name Namecheap, GoDaddy, Google Domains, and similar. A DNS provider runs the nameservers that host your DNS records. These can be the same company or different ones. By default your registrar often also provides DNS hosting, but you can point your NS records at a different DNS provider Cloudflare, AWS Route 53, Localtonet, or any other without changing where the domain is registered.
Do I need a custom domain to use Localtonet?
No. Every Localtonet HTTP tunnel gets a free public HTTPS URL on the localto.net domain automatically. A custom domain is optional and useful when you want a permanent, branded URL for a production service, a client-facing deployment, or any setup where the URL should not change between tunnel restarts.
Put Your Own Domain on a Localtonet Tunnel
Create a free account, open an HTTP tunnel, and point your domain's nameservers at Localtonet. Your service gets a permanent HTTPS URL on your own domain in a few hours.
Create Free Localtonet Account →
