Updated: 2026-05-19

DNS basics

DNS answers a simple question: what data is attached to this name.
For a website, the most important parts are where the domain points, how quickly records update, and which resolver sees the current answer.

Main record types

Type	Purpose
`A`	IPv4 address
`AAAA`	IPv6 address
`CNAME`	Alias to another name
`MX`	Mail servers
`TXT`	Text data: SPF, DKIM, verification
`NS`	Authoritative DNS servers
`CAA`	Which CAs may issue certificates
`SOA`	Zone metadata

A and AAAA

A points to IPv4:

dig +short getsrv.app A

AAAA points to IPv6:

dig +short getsrv.app AAAA

If a site should work over both stacks, check both.

CNAME

CNAME makes one name an alias for another.

Example:

docs.example.com CNAME example-host.provider.net

A name with CNAME usually should not also have direct A/AAAA records.

NS

NS shows which DNS servers are authoritative for the zone:

dig +short getsrv.app NS

If the DNS provider was changed, check NS first.

TXT

TXT is commonly used for:

SPF;
DKIM;
domain verification;
service verification.

Check:

dig +short getsrv.app TXT

TTL

TTL is how long a resolver may cache an answer.

Check TTL:

dig getsrv.app A

You will see a line like:

getsrv.app. 300 IN A 203.0.113.10

300 is TTL in seconds.

Why DNS did not update immediately

Common reasons:

old answer is still cached by a resolver;
wrong NS were changed;
authoritative DNS is updated, but public resolver still has old cache;
local machine caches the answer;
wrong record type is being checked.

Check through different resolvers

Cloudflare:

dig @1.1.1.1 getsrv.app A +short

Google:

dig @8.8.8.8 getsrv.app A +short

Quad9:

dig @9.9.9.9 getsrv.app A +short

If answers differ, propagation is still happening or authoritative DNS has an issue.

Check authoritative answer

First get NS:

dig +short getsrv.app NS

Then query one of them directly:

dig @ns1.example.net getsrv.app A

Replace ns1.example.net with the real NS from the output.

DNS and HTTPS

DNS only tells where to connect.
It does not prove HTTPS works.

After DNS, check HTTP/TLS:

curl -kI https://getsrv.app/
openssl s_client -connect getsrv.app:443 -servername getsrv.app -brief

Common mistakes

Mistake 1. Checking only A and forgetting AAAA

If an IPv6 record exists, some clients may use IPv6.

Check:

dig +short getsrv.app A
dig +short getsrv.app AAAA

Mistake 2. CNAME points somewhere without the expected service

DNS resolves, but HTTP/TLS does not work. Follow DNS with curl.

Mistake 3. Checking an old resolver

Compare several resolvers and authoritative NS.

Mistake 4. TTL is too high

With a high TTL, changes may take longer to disappear from caches.

Minimal domain check

dig +short getsrv.app NS
dig +short getsrv.app A
dig +short getsrv.app AAAA
dig @1.1.1.1 getsrv.app A +short
dig @8.8.8.8 getsrv.app A +short
curl -kI https://getsrv.app/

If DNS returns expected answers and curl returns 200, the basic name chain works.