Skip to main content

Managing DNS Records and DNSSEC

Think of DNS records as the address book of the internet. When someone types your domain name into their browser, DNS records are the instructions that tell the internet exactly where to go — which server hosts your website, which server handles your email, and how to verify that you actually own the domain. Without them, nobody could find your site. The FREAKHOSTING Web Hosting Control Panel at web.freakhosting.com gives you full control over all DNS records associated with your domains, along with the ability to enable DNSSEC for added security.

Difficulty

Intermediate

Time

10 Minutes
Before managing DNS records, make sure your domain is added to your hosting account and pointed to the FREAKHOSTING nameservers. See How to Manage Domains for setup instructions.
1

Open DNS Records

Log in to web.freakhosting.com, select your website, click the Domains tab, then click on the domain you want to manage. Select DNS records from the left sidebar. You will see a table listing all existing DNS records for the domain.
2

Use the Search Bar

If you have many records, click the search icon at the top of the table to quickly filter and find specific records by type, host, or value. This is especially handy once you have a dozen or more records and need to find that one TXT record you added last month.
3

Sort Your Records

Click the Type or Host column headers to sort your records. This makes it easy to group all your A records together, or find every record that applies to a specific subdomain.
4

Toggle Advanced Records

Click the Advanced records toggle to show or hide system-generated records. By default, only the records you have added or can edit are displayed. Enabling advanced records reveals everything the control panel manages behind the scenes — more on this below.

Understanding the DNS Table

Each DNS record is displayed in a table with four columns:
ColumnDescriptionExample
TypeThe kind of DNS record (A, AAAA, CNAME, MX, TXT, SRV, and more). Click to sort.A
HostThe hostname or subdomain the record applies to. Use @ for the root domain itself.@, www, mail
ValueThe data the record points to — an IP address, hostname, or text string depending on the type.191.96.94.5
TTLTime To Live in seconds — how long other servers will cache (remember) this record before checking for updates.21600

Understanding TTL (Time To Live)

TTL is expressed in seconds, which can look confusing at first glance. Here is a quick reference:
TTL ValueHuman-ReadableBest For
3005 minutesRecords you are actively testing or changing frequently
36001 hourRecords that might change occasionally
216006 hoursStandard default — good for most records
8640024 hoursRecords that rarely or never change
A TTL of 21600 (the default you will see on most FREAKHOSTING records) means that once another server looks up your record, it will remember the answer for 6 hours before checking again. Lower TTL values mean changes take effect faster, but they also increase the number of DNS lookups for your domain. For most situations, the default is perfectly fine.
Planning a server migration? A few days before the switch, lower your TTL to 300 (5 minutes). That way, when you update the IP address, the change will propagate quickly. After everything is settled, set it back to 21600.

Common DNS Record Types Explained

Every record type has a different job. Here is what each one does, explained in plain English with real-world examples.
An A record maps a domain or subdomain to an IPv4 address. This is the most fundamental DNS record — it is what tells the internet “when someone visits this domain, send them to this server.”Real example from your panel:
  • An A record with host @ pointing to 191.96.94.5 means: “When someone visits mybusiness.com, send them to the server at IP address 191.96.94.5.”
  • An A record with host mail pointing to 191.96.94.5 means: “When something needs to reach mail.mybusiness.com, send it to 191.96.94.5.”
When you need this: Almost always — every domain needs at least one A record for the root domain (@). If you create subdomains like blog.yourdomain.com or shop.yourdomain.com, each one needs its own A record (or a CNAME pointing to something that has an A record).
An AAAA record (pronounced “quad-A”) does the same thing as an A record, but uses an IPv6 address instead of IPv4. IPv6 addresses are the newer, longer format that looks like 2001:0db8:85a3::8a2e:0370:7334.Real example:
  • An AAAA record with host @ pointing to 2001:0db8:85a3::8a2e:0370:7334 means: “When someone visits mybusiness.com and their connection supports IPv6, send them to this IPv6 address.”
When you need this: If your server supports IPv6 (and you want to take advantage of the faster routing it can sometimes offer), add AAAA records alongside your A records. If you are not sure, you probably do not need to worry about this one yet.
A CNAME record (Canonical Name) creates an alias — it points one domain name to another domain name instead of directly to an IP address. Think of it as a forwarding address.Real example:
  • A CNAME record with host www pointing to yourdomain.com means: “When someone visits www.yourdomain.com, look up where yourdomain.com points and send them there too.” This way, you only need to update the A record in one place if your server IP changes.
Other common uses:
  • shop pointing to shops.myshopify.com — connects your subdomain to a Shopify store
  • blog pointing to your-site.ghost.io — connects your subdomain to a Ghost blog
  • links pointing to your-page.linktr.ee — connects a subdomain to Linktree
Important limitation: You cannot create a CNAME record for the root domain (@). The root domain must use an A record (or AAAA record). CNAME records are only for subdomains.
MX (Mail Exchange) records tell the internet which mail servers handle email for your domain. Without MX records, nobody can send email to any @yourdomain.com address.Real example — using FREAKHOSTING’s built-in email:
  • MX record with host @, value mail.yourdomain.com, priority 10
Real example — using Google Workspace:
  • MX record: host @, value aspmx.l.google.com, priority 1
  • MX record: host @, value alt1.aspmx.l.google.com, priority 5
  • MX record: host @, value alt2.aspmx.l.google.com, priority 5
What is priority? The priority number (sometimes called “preference”) tells email servers which mail server to try first. Lower numbers are tried first. So with Google Workspace, email tries aspmx.l.google.com (priority 1) first, and only falls back to the alternates (priority 5) if the primary is unavailable.When you need this: Whenever you set up email for your domain — whether using FREAKHOSTING’s built-in email, Google Workspace, Microsoft 365, Zoho Mail, or any other provider. Your email provider will give you the exact MX records to add.
TXT records store text-based information that other services can read. They do not affect how your website loads or how email is delivered directly — instead, they are used for verification and authentication.Common uses with real examples:Google Search Console verification:
  • Host: @
  • Value: google-site-verification=abc123xyz456...
  • This proves to Google that you own the domain.
SPF record (email authentication):
  • Host: @
  • Value: v=spf1 include:_spf.google.com ~all
  • This tells receiving mail servers “only Google’s servers are authorized to send email from my domain.” This helps prevent spam and phishing.
DMARC policy (email security):
  • Host: _dmarc
  • Value: v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com
  • This tells receiving mail servers what to do with emails that fail authentication checks.
Domain verification for other services:
  • Microsoft 365, Mailchimp, Stripe, Facebook, and many other services ask you to add a TXT record to prove you own the domain.
When you need this: Frequently. You will add TXT records whenever a service asks you to “verify your domain” or when setting up email security (SPF, DKIM, DMARC). See How to Configure Email Authentication and Routing for detailed email setup instructions.
SRV (Service) records are more specialized. They define the location of specific services by specifying a hostname, port number, priority, and weight. Most website owners will never need to touch these, but they are important for certain applications.Real example — Microsoft Teams / Skype for Business:
  • Service: _sip, Protocol: _tls, Host: @
  • Value: sipdir.online.lync.com, Port: 443, Priority: 100, Weight: 1
Other uses:
  • VoIP phone systems
  • XMPP chat servers
  • Game servers that need to advertise their port
  • CalDAV / CardDAV (calendar and contact syncing)
When you need this: Only when a specific service or application tells you to add an SRV record. The service provider will give you the exact values. If nobody has asked you to add one, you do not need one.

Adding a DNS Record

1

Click Add Record

At the top-right of the DNS records table, click the Add record button.
2

Select the Record Type

Choose the type of DNS record you want to create (A, AAAA, CNAME, MX, TXT, SRV, and so on) from the dropdown.
3

Fill In the Details

Enter the required fields based on the record type:
  • Host — The subdomain or @ for the root domain.
  • Value — The target IP address, hostname, or text value.
  • TTL — The time to live in seconds (the default of 21600 is fine for most situations).
  • Additional fields may appear depending on the record type (for example, Priority for MX records, Port for SRV records).
4

Save the Record

Click Save or Add to create the record. The new record will appear in the DNS table immediately, though it may take some time for DNS propagation to complete globally (anywhere from a few minutes to 24 hours, depending on TTL values and caching).

Practical Walkthroughs

Google gives you a TXT record value that looks something like google-site-verification=dBw5CkLmou....
  1. Click Add record
  2. Select TXT as the type
  3. Set the host to @
  4. Paste the full google-site-verification=... string as the value
  5. Leave TTL at the default
  6. Click Save
  7. Go back to Google Search Console and click Verify — it may take a few minutes for Google to detect the record
Google Workspace requires five MX records. For each one:
  1. Click Add record
  2. Select MX as the type
  3. Set the host to @
  4. Enter the mail server address as the value (for example, aspmx.l.google.com)
  5. Enter the priority number Google specifies (1, 5, 5, 10, 10)
  6. Click Save
Repeat for all five MX records. If you had any existing MX records from a previous email provider, delete them first to avoid conflicts.
Say you want shop.yourdomain.com to go to your Shopify store. Shopify tells you to create a CNAME record pointing to shops.myshopify.com.
  1. Click Add record
  2. Select CNAME as the type
  3. Set the host to shop
  4. Set the value to shops.myshopify.com
  5. Leave TTL at the default
  6. Click Save
Your subdomain will start pointing to Shopify after DNS propagation completes.

Editing or Deleting a DNS Record

To modify or remove an existing record:
1

Locate the Record

Find the record you want to change in the DNS records table. Use the search bar or sort by column headers if needed.
2

Open the Action Menu

Click the three-dot menu (⋮) on the right side of the record row.
3

Choose an Action

Select Edit to modify the record’s details (type, host, value, TTL), or Delete to permanently remove the record from your domain.
Be careful when deleting DNS records. Removing essential records can break things fast:
  • Delete your A record? Your website goes offline — visitors will see a DNS error.
  • Delete your MX records? Email to your domain will stop being delivered.
  • Delete your TXT records? Email authentication may fail, causing your outgoing emails to land in spam folders.
If you are unsure about a record’s purpose, leave it alone and contact our support team for guidance.

Advanced Records Toggle

The Advanced records toggle at the top of the DNS records table controls the visibility of system-generated records. These are records that the control panel creates and manages automatically behind the scenes to keep your hosting working properly.
  • Toggle off (default): Only the records you have created and can edit are shown. This is the cleanest view for day-to-day management, and what most users should stick with.
  • Toggle on: Everything is visible, including system records such as:
    • SOA (Start of Authority) — Contains metadata about the DNS zone, like the primary nameserver and the zone serial number.
    • NS (Nameserver) records — Define which nameservers are authoritative for your domain.
    • Default A records — System-generated records that point to your hosting server.
    System records are typically greyed out or marked as non-editable so you can tell them apart from your own records.
System-generated records should not be modified or deleted unless you are absolutely sure of what you are doing. Changing them can break your website, email, or the entire DNS zone for your domain. The toggle exists so you can inspect these records, not so you can edit them.

DNSSEC

What Is DNSSEC?

DNS Security Extensions (DNSSEC) adds a layer of cryptographic security to your domain’s DNS records. Here is an analogy: regular DNS is like mailing a letter with just an address on it — anyone along the way could theoretically swap the letter for a different one, and the recipient would have no way to know. DNSSEC is like adding a tamper-evident seal to every letter. If someone intercepts and changes the contents, the seal breaks, and the recipient knows not to trust it. Without DNSSEC, an attacker could potentially intercept DNS responses and redirect your visitors to a fake version of your website (an attack known as DNS spoofing or cache poisoning). With DNSSEC enabled, every DNS response is digitally signed, so browsers and mail servers can verify that the response actually came from your authoritative nameserver and was not tampered with.

Enabling DNSSEC

1

Navigate to DNSSEC

In the domain settings sidebar (the same place you found DNS records), click DNSSEC.
2

Enable DNSSEC

Follow the on-screen instructions to enable DNSSEC for your domain. The control panel will generate the required DS (Delegation Signer) records — these are the cryptographic keys that link your domain’s DNS zone to the parent zone.
3

Add DS Records at Your Registrar

Depending on where you registered your domain, you may need to add the DS records to your domain registrar’s dashboard to complete the DNSSEC chain of trust. The control panel will display the exact values you need to copy:
  • Key Tag — A short numeric identifier
  • Algorithm — The signing algorithm used
  • Digest Type — The hash algorithm
  • Digest — The actual hash value
Paste these into your registrar’s DNSSEC settings. If your domain is also registered through FREAKHOSTING, this step may be handled automatically.
DNSSEC is recommended for all domains, but it is especially important for websites that handle sensitive information — online stores, login portals, banking, healthcare, or anything where a visitor being sent to a fake site could cause real harm.

Frequently Asked Questions

Most DNS changes propagate within 15 minutes to a few hours, but full worldwide propagation can take up to 24-48 hours. The actual time depends on the TTL values of your records and how aggressively different internet service providers cache DNS data. If you need changes to take effect quickly, lower the TTL on the record before you make the change, wait for the old TTL to expire, and then update the value.
Deleting the A record for your root domain (@) will cause your website to stop loading. Visitors will see a DNS resolution error because there is no longer a record telling browsers which server to connect to. If this happens by mistake, add a new A record with host @ pointing to your server’s IP address (you can find this in your hosting account details or by contacting support).
Yes, and it is quite common. For example, you will often have multiple MX records (primary and backup mail servers), multiple TXT records (one for SPF, one for domain verification, one for DMARC), and multiple A records (one for @, one for mail, one for other subdomains). Each record just needs a unique combination of type and host, or a different value.
DNSSEC is optional but recommended, especially for websites that handle sensitive data. It adds cryptographic verification to your DNS records, preventing attackers from redirecting your visitors to malicious websites through DNS spoofing. The main downside is a small amount of added complexity, but the security benefit is well worth it.
These include SOA (Start of Authority), NS (Nameserver), and default A records that the control panel creates automatically when you add a domain. They ensure your hosting account functions correctly and should not be modified unless you have a specific, well-understood reason. Accidentally changing an NS record, for example, could make your entire domain unreachable.
A few common things to verify:
  • Did you wait long enough? Check the TTL of any existing record you changed — that is the minimum time before the change can take effect everywhere.
  • Is the host value correct? Remember that @ means the root domain. If you typed your full domain name in the host field, you may have accidentally created a record for yourdomain.com.yourdomain.com.
  • Is there a conflicting record? Two A records for the same host, or a CNAME and an A record on the same host, can cause unexpected behavior.
  • Are you checking from a cached location? Try using a DNS lookup tool like dig or an online checker to see what the rest of the world sees, rather than relying on your own browser (which may have cached the old result).

Need Extra Help?

If you encounter any issues, our support team is ready to assist:

Save on Your Hosting

Ready to launch your website? Use code KB20 at checkout for 20% off your first month!
Last Updated: March 2026 | Web Hosting Support: DNS records and DNSSEC management made simple.