24.2 Record Types: A, AAAA, CNAME, ALIAS, MX, TXT, NS, SOA
Right, let’s talk about the alphabet soup that makes the internet work. DNS records are the fundamental building blocks of Route 53, the instructions you leave for the internet on how to handle your domain. Think of them as the entries in a massive, distributed address book. If you get these wrong, your website is either offline, slow, or sending emails to the wrong place. So let’s get them right.
The A and AAAA Records: Your Digital Street Address
The A record (the ‘A’ stands for Address, because of course it does) is the OG. It maps a human-readable name like www.example.com to an IPv4 address, like 192.0.2.1. It’s the workhorse.
The AAAA record (pronounced “quad-A”) is its modern counterpart for IPv6 addresses. You know, those longer, more complicated-looking addresses like 2001:0db8:85a3::8a2e:0370:7334. The internet is slowly, painfully slowly, transitioning to IPv6, so if you’re not setting these yet, you’re not future-proofing. It’s like building a new driveway but only making it wide enough for a horse and cart.
Here’s what creating one looks like in Terraform. Notice the type is the key differentiator.
resource "aws_route53_record" "www" {
zone_id = aws_route53_zone.primary.zone_id
name = "www.example.com"
type = "A"
ttl = 300
records = ["192.0.2.1"]
}
resource "aws_route53_record" "www_v6" {
zone_id = aws_route53_zone.primary.zone_id
name = "www.example.com"
type = "AAAA"
ttl = 300
records = ["2001:0db8:85a3::8a2e:0370:7334"]
}
The TTL (Time To Live) is crucial here. It tells resolvers how long to cache this record. A low TTL (60 seconds) is great for rapid changes, like during a failover event. A high TTL (86400 seconds, or a day) reduces latency and load on DNS servers for stable records. Choose wisely.
CNAME vs. ALIAS: The Eternal Dance
This is where people’s brains short-circuit. A CNAME (Canonical Name) record is a redirect. It points one hostname to another hostname. For example, you can point shop.example.com to my-awesome-store.third-party-platform.com. The key limitation, and it’s a massive one: you cannot have a CNAME record at the apex (or “naked”) domain (example.com). This is because other critical records (like SOA and NS) must exist at that spot, and a CNAME would override them. It’s a DNS rule, and it’s non-negotiable.
This is where Route 53’s ALIAS record swoops in like a superhero. It’s AWS’s custom extension to DNS that acts like a CNAME but works at the apex. Even better, it’s free. When you create an ALIAS record pointing to an AWS resource (like an Elastic Load Balancer, CloudFront distribution, or an S3 bucket endpoint), Route 53 automatically resolves it to the resource’s IP addresses and returns them in an A or AAAA response. The client never knows the difference. It’s magic.
| Feature | CNAME | ALIAS |
|---|---|---|
Apex Domain (example.com) | No | Yes |
| Points to | Another DNS name | AWS Resource (ELB, CF, S3) |
| Cost | Standard query cost | Free (resolved by AWS) |
So, the rule of thumb: if you’re pointing to an AWS resource, use ALIAS. If you’re pointing to some other hostname on the internet, you must use CNAME (and never at the apex).
MX, TXT, and the Supporting Cast
MX Records (Mail eXchange) tell the world where to deliver email for your domain. The priority value is key: lower numbers are tried first. If you use Google Workspace or Office 365, they’ll give you these records to plug in.
resource "aws_route53_record" "mx" {
zone_id = aws_route53_zone.primary.zone_id
name = "example.com" # For the domain itself
type = "MX"
ttl = 3600
records = [
"10 mail-server.example.com", # Priority 10
"20 backup-mail.example.com" # Priority 20
]
}
TXT Records are the duct tape of DNS. They hold arbitrary text. Uses include:
- SPF/DKIM/DMARC: Email validation protocols to prove you’re not a spammer.
- Verification: Proving to some service (like Google Search Console) that you own the domain.
- Any other random nonsense some system demands you put in DNS.
NS Records delegate a subdomain to another set of name servers. Route 53 creates these automatically for you in your hosted zone. Don’t touch them unless you’re doing something very advanced (like delegating a subdomain to another AWS account or a different DNS provider).
SOA Records (Start of Authority) are the administrative records for the zone—they contain the primary name server, the admin’s email (with the @ replaced by a dot, because why make it easy?), and timers for refreshing the zone. You’ll almost never need to change these manually in Route 53. Consider them “advanced reading” for now.
The pitfall? Forgetting them. You’ll set up your A record for www but forget the apex ALIAS. You’ll configure your website but forget the MX records and wonder why no one is getting your emails. Always double-check your work. This isn’t code you can just roll back; DNS changes propagate at the speed of the internet’s stubbornness, dictated by the TTL you foolishly set to 86400 seconds yesterday.