A_RECORD MARCH 6, 2023

DNS Configuration for Web Servers: TTL, A Records, CNAMEs, and Common Mistakes

11 min read 2,197 words
DNS Configuration for Web Servers: TTL, A Records, CNAMEs, and Common Mistakes featured image

DNS Errors Can Break Your Website in Ways You Do Not Expect

DNS configuration is one of those areas where small mistakes cause big problems. A misconfigured A record can take your website offline. A TTL set too high can mean hours of unnecessary downtime during a migration. A forgotten CNAME conflict can prevent SSL certificates from renewing properly.

If you manage a business website or a web server, understanding how DNS works at a practical level helps you avoid these problems and solve them faster when they occur. This guide covers the DNS record types most relevant to web servers, how TTL affects your operations, and the mistakes that appear most often in practice.

What DNS Does for Your Web Server

DNS stands for Domain Name System. It acts as the phonebook of the internet, translating human-readable addresses like example.com into IP addresses that servers use to communicate. When someone types your domain name into a browser, DNS directs that request to the correct server.

For a web server, DNS configuration determines where traffic is sent. Getting it right means visitors reach your site reliably. Getting it wrong means your website becomes unreachable, email goes astray, and troubleshooting becomes frustrating because the problem is invisible from inside the browser.

A Records: Pointing a Domain to an IP Address

An A record maps a domain name directly to an IPv4 address. It is the most common DNS record type for web servers. When you set up a web server, you create an A record that tells DNS where to send traffic for your domain.

The basic structure is straightforward. You specify the hostname, select A as the record type, and enter the IPv4 address of your server.

example.com    A    203.0.113.42
www.example.com    A    203.0.113.42

In this example, both the root domain and the www subdomain point to the same server. Some administrators prefer to redirect www to the root domain or handle it separately depending on their web server configuration strategy.

A few practical points worth knowing about A records:

  • IPv4 only: A records work with IPv4 addresses. For IPv6, you need AAAA records, which map hostnames to IPv6 addresses.
  • One IP per record: You can create multiple A records for the same hostname with different IP addresses. DNS queries will return all of them, and the browser typically uses the first responding address.
  • Propagation happens automatically: Changes to A records spread across the internet based on your TTL settings, which affects how quickly updates take effect.

CNAMEs: Creating Aliases for Your Domain

A CNAME record creates an alias, pointing one domain name to another. Rather than resolving to an IP address directly, a CNAME resolves to another hostname that eventually resolves to an IP address through its own DNS chain.

blog.example.com    CNAME    safe.example.com

CNAMEs are useful when you want to point a subdomain to an external service. Common examples include pointing www to your main domain, or pointing a subdomain to a third-party platform like a CDN, email service, or staging environment.

CNAMEs have an important limitation worth noting. You cannot create a CNAME for the root domain (the apex) in most DNS systems. This means example.com cannot be a CNAME. You must use an A record or an ALIAS record if your DNS provider supports it.

CNAMEs also follow the entire resolution chain before returning a result. If the target hostname changes its IP, the CNAME automatically follows those changes. This makes CNAMEs convenient for services that move between servers, because you only update one record instead of many.

Understanding TTL and How It Controls DNS Caching

TTL stands for Time To Live. It tells resolvers how long to cache a DNS record before requesting a fresh copy. TTL is measured in seconds, though many DNS providers display it in minutes or hours for easier reading.

A TTL of 3600 seconds equals one hour. A TTL of 86400 seconds equals one day. When you change a DNS record, the old value remains cached across the internet until every resolver's cached copy expires.

This caching behaviour has direct consequences for website operations. Consider a scenario where you migrate your web server to a new IP address. If your TTL is set to 86400 seconds (one day), some visitors will continue trying the old IP address for up to 24 hours after you make the change. During that window, your website appears down for a portion of your audience.

The practical approach before a planned server migration looks like this:

  1. Lower your TTL in advance: Change the TTL to 300 seconds (five minutes) at least 24 hours before the migration. This ensures that most cached records expire quickly once you make the change.
  2. Update the A record: Point your domain to the new server IP address.
  3. Monitor: Test that DNS resolves correctly to the new address. Use online DNS lookup tools to verify propagation across different locations.
  4. Raise TTL after migration: Once everything works reliably, increase the TTL back to a longer value like 3600 seconds or higher to reduce DNS query load and improve response times.

Common DNS Mistakes That Affect Web Servers

DNS mistakes tend to fall into a few recurring patterns. Recognising them helps you avoid them in your own setup.

Setting TTL Too High and Forgetting It

When DNS is working well, it is easy to ignore. Many administrators leave TTL at 86400 seconds (one day) and never think about it again. This becomes a problem the moment you need to make a change. High TTL values extend the window during which visitors might reach an outdated server address. For any active web server, keeping TTL reasonable gives you operational flexibility.

Deleting Records Instead of Updating Them

When correcting a DNS mistake, it is tempting to delete the bad record and create the correct one. This causes a brief period where no record exists at all, which means DNS lookups fail completely. Updating the existing record is safer because at least one valid answer exists at every stage of the change.

Creating Conflicting Records

Having both an A record and a CNAME for the same hostname causes unpredictable behaviour. Some DNS providers reject this configuration outright. Others allow it, which leads to resolution failures that are difficult to diagnose because the records look correct individually.

Not Accounting for DNS Propagation Time During Migrations

Migrating a website without adjusting TTL first means accepting a long propagation window where some visitors still reach the old server. For business websites, this translates to lost traffic, failed transactions, and support queries from confused customers. Planning DNS changes around TTL values prevents most of this disruption.

Leaving Stale Records After Decommissioning Servers

Old A records pointing to decommissioned servers create security and reliability issues. Those IP addresses may be reassigned to other services, meaning traffic intended for your domain ends up somewhere unexpected. Regular audits of your DNS records, particularly when managing server access and configuration, help keep this under control.

How DNS Affects Website Performance and SSL

DNS resolution adds a small delay to every first visit to your site. The browser must resolve your domain name before it can establish a connection. While this delay is typically measured in milliseconds, it contributes to overall page load time, especially on mobile networks or when DNS resolvers are slow to respond.

Using a CDN can reduce this impact by serving content from edge servers closer to the visitor. CDN providers typically assign you a hostname to use as a CNAME target, which means your DNS setup directly affects how the CDN integrates with your domain. If you are considering setting up a CDN for your business website, understanding how CNAME records work becomes part of the implementation process.

SSL certificate validation also depends on DNS. When a certificate authority validates your domain, it may make DNS lookups to confirm you control the domain. If your DNS records are misconfigured or propagation has not completed, validation fails and your certificate does not issue. This is particularly relevant when setting up new servers or migrating to new hosting.

Checking Your DNS Configuration

Several tools help you verify your DNS setup. The dig command is available on Linux and macOS and provides detailed DNS query results.

dig example.com A
dig example.com CNAME
dig example.com MX

Online DNS lookup tools offer similar information with the advantage of showing results from different geographic locations. This helps you verify that propagation has completed after making changes.

When troubleshooting DNS issues, check these items in order:

  1. Is the record present? Query the specific record type for your domain.
  2. Does it point to the correct value? Compare the result against what you expect.
  3. What is the TTL? Check how long cached copies will persist.
  4. Are there conflicting records? Make sure you have not created duplicate record types for the same hostname.

DNS and Server Security Considerations

DNS configuration intersects with server security in a few important ways. DNS records determine where traffic flows, which means they also determine where malicious traffic might be directed if someone gains control of your domain settings.

Protecting your domain registrar account is essential because anyone who can modify your DNS records can redirect your traffic. Use strong, unique passwords and enable two-factor authentication on your registrar account. Consider using registry lock if your registrar offers it, which requires additional verification steps before any DNS changes can be made.

For web servers specifically, ensuring that DNS changes take effect reliably means your server logs will show the correct client IP addresses. When migrating or changing DNS, reviewing your server security rules helps ensure that legitimate traffic continues to be allowed while suspicious activity remains blocked.

When to Get Professional Help With DNS

Many DNS tasks are straightforward and can be handled by anyone with access to their domain registrar or DNS provider's control panel. However, certain situations benefit from professional review.

If you are planning a server migration, particularly one involving multiple subdomains or complex CNAME chains, a quick DNS audit beforehand can identify potential problems before they cause downtime. Similarly, if your website experiences intermittent availability issues that do not correspond to server problems, DNS misconfiguration is worth investigating.

Businesses that rely on their website for customer transactions should consider DNS as part of their regular maintenance routine, not something to deal with only when problems arise.

If you need help reviewing your current DNS setup or planning a server migration, prepare a note with your domain name, current DNS records, the changes you are considering, and any error messages you have seen. This gives a clear starting point for the review.

Frequently Asked Questions

What is a safe TTL value for a business website?
A TTL of 3600 seconds (one hour) works well for most business websites under normal operation. It balances reasonable caching performance with enough flexibility to make changes within a practical timeframe. Some administrators use 7200 seconds for busier sites to reduce query load further.
How long does DNS propagation actually take?
True propagation, where every resolver worldwide has the updated record, can take up to 48 hours in rare cases. However, most resolvers update within minutes to a few hours once your TTL has expired. After a planned change with a low TTL, most visitors see the new record within 30 minutes to two hours.
Can I have both an A record and a CNAME for the same subdomain?
No. Having both record types for the same hostname creates a conflict. DNS specifications do not allow a CNAME to coexist with other record types for the same name. Remove the conflicting record to resolve the issue.
Why is my website showing the wrong server after a migration?
This is almost always a TTL caching issue. The old IP address is still cached by some resolvers. Lower your TTL well before the next migration, wait for caches to clear, then make the change. If the problem persists beyond the expected propagation window, verify that the A record actually points to the new IP address.
Do I need to update DNS when renewing an SSL certificate?
Not usually. SSL certificate renewal through automated services like Let's Encrypt typically verifies domain control through HTTP or DNS challenges. If your DNS is working correctly and pointing to your server, the renewal process should complete without DNS changes. However, if you are switching hosting providers during a renewal, DNS updates may be needed.
What happens if I delete my A record by mistake?
Your domain stops resolving entirely. Visitors see errors or a blank page. The fix depends on your DNS provider, but if you have a recent backup of your records or remember the correct IP address, you can recreate the record immediately. This is why maintaining clear documentation of your DNS configuration matters.
Should I use ALIAS records instead of CNAMEs?
ALIAS records are a provider-specific extension offered by some DNS services. They behave like CNAMEs at the root domain, resolving to the target's IP address rather than stopping at the hostname. If your DNS provider supports ALIAS records and you need root domain aliases, they are a practical solution. Otherwise, you must use an A record for the root domain.
A record AAAA record CNAME record DNS configuration DNS mistakes DNS propagation DNS TTL web server DNS

Related Articles

Google Earth flight simulator

What Google's Earth Flight Simulator Means for Small Business SEO

Jul 7, 2026 Backup Strategy

Website Backup Strategy for WordPress and Custom PHP Sites

Jun 15, 2026 ai tools

How Google Keep with Gemini Can Support Your Small Business SEO

Jun 15, 2026
Cookie choices

Your privacy choices matter.

We use an essential cookie to remember your preferences. Optional analytics and diagnostics help us understand visits, identify issues, and improve the site, but they stay off unless you allow them.

Read the privacy notice