Skip to Content

Understanding DNS records with Examples

DNS is short for Domain Name System. It is simply a database that links meaningful names (known as hostnames), such as, to a specific IP address, such as

Each device connected to the Internet has a unique IP address. With the system of DNS, we don’t have to memorize IP addresses.

DNS records type

All domains are required to have at least a few essential DNS records for a user to be able to access their website using a domain name. This is the key concept of DNS.

Here are 4 commonly used DNS records.

  • A record – A record is used to map a domain (e.g., or a sub-domain (e.g., to an IP address or many ips.
  • PTR record – Provides a domain name in reverse-lookups. eg. ( —
  • CNAME record – also known as canonical name records, are used to create aliases that point to other names. They are commonly used to map WWW, FTP and MAIL sub-domains to a domain.
  • MX record – MX (Mail Exchange) records control how incoming email is routed for your domain.


Check this post to learn more about DNS records.

How to query DNS record

Each application like Chrome has its own mechanism to get the DNS record. We will explain how to use the Linux command to query DNS records.

We can use dig name + record type + @dns server to query the DNS info from a DNS server. By default, dig performs a lookup for an A record if no type argument is specified.

  • server – the IP address or hostname of the name server to query. It is optional and if we don’t provide a server argument then dig uses the name server listed in /etc/resolv.conf.
  • name – the name of the resource record that is to be looked up.
  • record type – the type of query requested by dig. For example, it can be an A record, MX record, SOA record or any other types.


Example of DNS record

We can see that has 6 A records with the following example. The main purpose of this is for load balance and fault tolerance.

$ dig +short

Which port does DNS use?

DNS uses both TCP and UDP port 53. The most frequently used port for DNS is UDP 53. This is used for DNS queries on the client-side. Check more info about DNS port here.

Exploring DNS Port with Examples

How to use tcpdump to filter DNS Record packets?

We can use this tcpdump command to filter DNS query packets.

# tcpdump -i eth0 udp port 53

We can write these packets to a file with this tcpdump command and analyze these packets with Wireshark GUI.

# tcpdump -i eth0 -w /tmp/dns.pcap udp port 53

We can read these packets from dns.pcap file to get more details about the DNS query.

# tcpdump -vvv -r /tmp/dns.pcap port 53

Example of DNS Packet Analysis

We can get the A record for with the flowing command.

dig +short

This is the output of tcpdump command after we run the above dig command. Check more info about how to use dig command to query DNS records here.

20:11:00.466866 IP > 60712+ [1au] A? (39)

This is the packet we get from the DNS server for this DNS query.

20:11:00.560294 IP > 60712 6/4/1 A, A, A, A, A, A (207)

By default, the dig command query the A record for that domain name with UDP protocol. Check this post to learn more about other DNS records like AAAA, MX, PTR etc.