DNSfish.com
APISign in
Learn DNS

The DNS handbook for people who have to actually fix things.

Real-world guides written by SREs and DNS operators. No "DNS is like a phonebook" analogies. Just clear explanations, RFCs cited, and copy-pasteable examples.

Featured · 12 min read

SPF, DKIM, DMARC — a guided tour

Three protocols, one goal: making sure your emails actually arrive. We'll set up all three for a fresh domain, show you the records you should publish, and explain why each line of the DMARC report matters.

SPFDKIMDMARCBIMIMTA-STS
example.com TXTverified
# SPF — who is allowed to send
"v=spf1"
include:_spf.google.com
ip4:192.0.2.0/24
~all
# DMARC — what to do on failure
"v=DMARC1"
p=reject
rua=mailto:dmarc@example.com

All articles

12 guides
Record types4 min

What is an A record?

The foundational DNS record type that maps a hostname to an IPv4 address.

Read article
Record types3 min

AAAA records explained

IPv6 addressing for DNS — when, why, and how to publish them.

Read article
Record types6 min

CNAME records and the apex problem

Why you can't CNAME the apex of a zone — and what to do instead.

Read article
Email5 min

MX records and mail routing

How priority works, what 0 means, and why having backup MX is a 1995 idea.

Read article
Email12 min

SPF, DKIM, DMARC — a guided tour

Three protocols, one goal: making sure your emails actually arrive.

Read article
Email8 min

Setting up MTA-STS

Force TLS on incoming mail — the modern way to protect SMTP.

Read article
Security15 min

DNSSEC, RFC by RFC

Trust chains, NSEC vs NSEC3, key rollover ceremonies, and what can go wrong.

Read article
Security4 min

CAA records: who can issue your TLS cert?

Stop unauthorized CAs from issuing certs for your domain.

Read article
Security9 min

Subdomain takeover attacks

Dangling CNAMEs are how attackers steal your subdomain. Here's how to find them.

Read article
Performance6 min

TTL tuning: short vs long

How TTL affects cache hits, failover speed, and your DNS bill.

Read article
Performance7 min

Anycast vs unicast DNS

Why every serious DNS provider uses anycast — and what it actually does.

Read article
Debugging5 min

dig, host, nslookup: when to use which

A field guide to DNS command-line tools, with practical examples.

Read article

Record type glossary

Quick reference · RFC-linked
A

Address (IPv4)

Points a hostname to an IPv4 address. The most common record on the internet.

AAAA

Address (IPv6)

The IPv6 equivalent of an A record. 128-bit addresses.

CNAME

Canonical Name

Alias one hostname to another. Cannot coexist with most other records.

MX

Mail Exchange

Directs email delivery to mail servers, ordered by priority.

TXT

Text

Arbitrary text. Used for SPF, DKIM, DMARC and domain verification.

NS

Name Server

Delegates a zone to the authoritative DNS servers for it.

SOA

Start of Authority

Administrative info about the zone — primary NS, contact, serial, timers.

CAA

Certificate Authority

Restricts which CAs can issue SSL certificates for the domain.

PTR

Pointer

Reverse mapping — IP address back to a hostname.

SRV

Service

Locates services on the network, used by VoIP, XMPP, Minecraft and more.

DS

Delegation Signer

Holds the hash of a DNSKEY in the parent zone, part of DNSSEC trust chain.

DNSKEY

DNS Key

Public keys used to verify DNSSEC signatures on records.