This short article is based on Route 53 supported record types, but it supposes to be a general knowledge that can be applied on any cloud platforms and DNS providers.

I'll only cover the most common ones you have a high chance to come across which are A, AAAA, CNAME, NS.

Overview

  • A - map a hostname to IPv4
  • AAAA - map a hostname to IPv6
  • CNAME - map a hostname to another hostname
  • NS - point to the name of the authoritative name server

That might sound simple enough, you might end up here because you don't understand when to use each of them.

A & AAAA

These guys are the simplest ones as A simply stands for Address.

A record is for IPv4 address, which means you can route www.example.com to IPv4 like 192.0.2.1 or something like that. On AWS, is
www.example.com -> 192.0.2.1

AAAA record is likewise, but for IPv6.
www.example.com -> 2001:0000:130F:0000:0000:09C0:876A:130B

Keep in mind that if you point two A or AAAA record with the same hostname to different IP addresses, it will randomly route towards those IP addresses. If you want to load balance, there are many better ways to do that.

For instance, if you're on AWS, you could make use of AWS's Application Load Balancer (ALB) by associating a single A record domain name with the ALB IP and let ALB load balances the traffic to all the destined resources.

Route53 (a DNS service) will return a random A or AAAA that is associated with the domain name.

Also, if your site has an English version along with a Chinese version that restricts some contents, you might want to host that on a different IP under the same hostname and route people from China to the Chinese version, but in that case, you could configure Route53's routing policy to route traffics based on geolocation.

That's a story for another time. The point is you have better ways to load balance/localize that's not setting up two A record type with different IP.

CNAME

CNAME stands for Canonical Name. It's a type you'd use to map a domain name to another domain name.
www.foo-bar.com -> www.example.com

That's simple enough, you can even route a traffic to a domain name hosted by another DNS provider.

However, you can't create CNAME record for the top node of a DNS, a.k.a zone apex. For instance, foo-bar.com can't be a CNAME, but www.foo-bar.com and test.foo-bar.com can. If you want to achieve that on AWS, you could use Alias Records instead, it can be enabled when you create A or AAAA record.

Apart from that, you can't have any other record with the same name as CNAME record. If you have a record of any type with www.foo-bar.com name, you can't create CNAME record with www.foo-bar.com.

NS

NS stands for Name Server. So, yeah, it's the same ns as in the nslookup command. NS record is a record that points to the authoritative name server.

At this point, you might be baffled like I used to. "What does it mean by authoritative name server?", you may ask. To put it simply, it's a record you use to tell DNS server who is responsible for the domain that is being looked up.

By default, on AWS, an NS record is automatically created when you create a Hosted Zone. It lists the four authoritative name servers of the Hosted Zone.

You can leverage this knowledge in many scenarios such as:

  • Delegation: If your site is getting big, you can separate hosted zone for a subdomain. For instance, you already have example.com and sub.example.com and as it grows, you come to have aaa.sub.example.com, bbb.sub.example.com and such. On AWS, you can just create another Hosted Zone of sub.example.com which contains A records of how aaa.sub.example.com and bbb.sub.example.com should resolve, then create an NS record on the root domain Hosted Zone (example.com) that has the name of sub.example.com and set the value to be default NS record of that Hosted Zone. The benefit of this is you can give the permissions to handle the subdomain to another team while restricting the permission for the root domain, hence least privilege permission is achieved.
    sub.example.com -> ns-1.example.com

  • Migration: You are migrating services from AWS to Google Cloud Platform (GCP), and you want GCP to handle the DNS routing from now on while continue using the same domain name, like, www.example.com. You can create an A record with that name on GCP and change your A record on AWS to NS. This will tell the DNS server that GCP is the one who has the authority to tell where www.example.com should resolve to. In this case, you can't just use CNAME instead of NS to route traffic because CNAME can't co-exist with another record of the same name.

It might be just a basic knowledge, but I hope the elaborated use cases of CNAME and NS record types could help you understand it better somehow.