DNS (Domain Name System) translates human-friendly domain names like example.com into the IP addresses computers use to connect. It also holds records that route your email and prove your identity — so DNS misconfigurations can break your site, your email, or your security.
DNS is the lookup system that turns domain names into server addresses. Its records (A, AAAA, CNAME, MX, TXT) control where your website and email live and underpin email authentication like SPF and DMARC.
Check your website
See how your site handles what is dns? how domain names become websites — free, no account needed.
For business owners
DNS is invisible until it goes wrong — and when it does, your entire site or email can vanish. Beyond reachability, DNS records like SPF and DMARC prove your emails are really from you, protecting customers from spoofing and keeping your messages out of spam. Getting DNS right is foundational to both uptime and trust.
How it works (technical)
Key record types:
- A / AAAA — map a domain to an IPv4 / IPv6 address.
- CNAME — alias one name to another.
- MX — where email for the domain is delivered.
- TXT — arbitrary text, used for SPF, DKIM and DMARC email authentication and domain verification.
Records have a TTL (time-to-live) controlling how long resolvers cache them, which is why DNS changes are not instant. Misconfigured or missing SPF/DMARC records let attackers spoof your domain and hurt deliverability.
Real-world example
A company's invoices kept landing in customers' spam folders. The cause was a missing SPF record and no DMARC policy, so receiving servers could not verify the mail was legitimate. Adding correct SPF, DKIM and DMARC records restored deliverability and blocked spoofing attempts.
Why it matters
DNS controls reachability and email trust. Scanners check DNS-based email authentication (SPF/DMARC) because their absence enables spoofing and phishing in your name.
How to fix it
Confirm your A/AAAA (and CNAME) records point to the right server.
Set correct MX records for your email provider.
Publish an SPF record listing who may send email for your domain.
Add DKIM signing and a DMARC policy to prevent spoofing.
Use sensible TTLs and plan changes around cache expiry.
Best practices
Keep SPF, DKIM and DMARC configured and aligned.
Lower TTLs before a planned migration, then raise them after.
Document your records so changes are deliberate.
Common mistakes
No SPF/DMARC, allowing anyone to spoof your domain.
Editing records without accounting for TTL caching.
Pointing records at a decommissioned server after a move.
Frequently asked questions
Why do DNS changes take time?
Resolvers cache records for the duration of their TTL. Until that expires, some users see the old value. Lowering TTL before a change speeds propagation.
What do SPF and DMARC do?
They are DNS TXT records that let receiving mail servers verify your email is genuinely from your domain, reducing spoofing and improving deliverability.
Put this into practice
See how your site scores with Plexa Trust — start with a free scan, then unlock the complete audit on Pro.
Scan your website free