DNS Record Types

DNS (the Domain Name System, the internet’s phone book that turns names like example.com into IP addresses) does its work through small entries called records. Each record type answers a different question: “What is this domain’s IP address?”, “Where does its email go?”, “Who is allowed to manage this domain?” In Amazon Route 53 (AWS’s managed DNS service) you create these records inside a hosted zone (a container for all the DNS records of one domain). This page explains the records you will actually use, and one Route 53-only record — the Alias — that solves a problem plain DNS cannot.

The common record types

A record is stored as a name, a type, a value, and a TTL (Time To Live — how many seconds resolvers are allowed to cache the answer before asking again). Here is what each type does.

Type	Answers	Example value	Notes
A	What IPv4 address serves this name?	192.0.2.10	The most common record. IPv4 is the older 32-bit address format.
AAAA	What IPv6 address serves this name?	2001:db8::1	”quad-A”. IPv6 is the newer 128-bit address format.
CNAME	This name is an alias for another name	lb.example.net	Returns another name, not an IP. Cannot live at the zone apex (see below).
MX	Where does email for this domain go?	10 mail.example.com	The number is a priority — lower is tried first.
TXT	Arbitrary text (often verification/email security)	"v=spf1 include:_spf.google.com ~all"	Used for SPF, DKIM, domain ownership proofs.
NS	Which name servers are authoritative for this zone?	ns-123.awsdns-45.com	Route 53 creates these for you when you make a hosted zone.

Tip: Keep TTLs moderate (300-3600 seconds). A short TTL lets you change records quickly during a migration; a long TTL reduces query volume and cost. Lower the TTL a day before a planned change, then raise it again after.

When to use which

• Use an A (and ideally an AAAA) record to point a name at a fixed IP address, such as an Elastic IP (a permanent public IP address you attach to an EC2 instance).
• Use a CNAME to point www.example.com at another hostname, like a third-party SaaS endpoint or a sub-resource you don’t control the IP of.
• Use MX + TXT together to set up email (MX routes mail; TXT carries SPF/DKIM to stop spoofing).
• Do not create A records by hand for AWS resources whose IP changes (load balancers, CloudFront) — use an Alias instead.

The zone apex problem and CNAME

The zone apex (also called the root or naked domain) is example.com with nothing in front of it. A core DNS rule says the apex must also hold the zone’s SOA and NS records, and a CNAME is not allowed to coexist with any other record on the same name. So you cannot put a CNAME at the apex. This is a hard rule of the DNS standard, not an AWS limitation.

That is a real problem, because the things you most want example.com to point at — an Application Load Balancer (ALB) or a CloudFront distribution — only give you a DNS name (like d111111abcdef8.cloudfront.net), never a stable IP. A plain A record needs an IP; a CNAME would work but is banned at the apex.

Route 53 Alias records

Route 53 solves this with the Alias record — an AWS-specific extension. An Alias looks like an A or AAAA record to the outside world, but instead of a hard-coded IP its value is an AWS target (a CloudFront distribution, ALB, S3 website bucket, API Gateway, another Route 53 record, etc.). Route 53 resolves the target’s current IP addresses at query time and returns them directly. This means:

• It works at the zone apex. You can alias example.com straight to CloudFront or an ALB.
• It is free of per-query charges when the target is an AWS resource (plain DNS queries against Route 53 cost money; Alias queries to AWS targets do not).
• It returns IPs directly in one answer, so resolution is one hop faster than a CNAME (which forces clients to look up the second name afterwards).
• It auto-updates — if the ALB’s IPs change, the Alias keeps working with no edit from you.

Gotcha: To point a root domain at an ALB, CloudFront, or an S3 static website, you must use an Alias record. A CNAME at the apex will be rejected, and a manual A record would break the moment the target’s IP changes.

CNAME vs Alias — when to use which

	CNAME	Alias (Route 53)
Works at zone apex?	No	Yes
Points to	Any hostname	AWS targets or another Route 53 record
Per-query cost	Charged	Free for AWS targets
Resolution	Extra lookup (slower)	Resolved to IP directly
Use when	Pointing a subdomain at a non-AWS host	Pointing any name at an AWS resource

How to create records

Console steps

1. Open the Route 53 console and choose Hosted zones.
2. Click your domain (for example example.com).
3. Click Create record.
4. Enter the Record name (leave blank for the apex, or type www for a subdomain).
5. Choose the Record type (e.g. A).
6. To make an Alias, toggle Alias on, then pick the target — for example Alias to CloudFront distribution and select your distribution from the dropdown.
7. For a non-alias record, leave Alias off and type the Value (the IP or hostname) and set the TTL.
8. Click Create records.

CLI: a plain A record

The CLI uses a “change batch” JSON document with UPSERT (create or replace).

aws route53 change-resource-record-sets \
  --hosted-zone-id Z0123456789ABCDEFGHIJ \
  --change-batch '{
    "Changes": [{
      "Action": "UPSERT",
      "ResourceRecordSet": {
        "Name": "api.example.com",
        "Type": "A",
        "TTL": 300,
        "ResourceRecords": [{ "Value": "192.0.2.10" }]
      }
    }]
  }'

Output:

{
    "ChangeInfo": {
        "Id": "/change/C0987654321ZYXWVUTSRQ",
        "Status": "PENDING",
        "SubmittedAt": "2026-06-15T10:24:31.000Z"
    }
}

The status stays PENDING for a few seconds while the change propagates across Route 53, then becomes INSYNC.

CLI: an Alias record at the apex

For an Alias you omit TTL and ResourceRecords and supply AliasTarget instead. The HostedZoneId inside AliasTarget is the target service’s zone ID — for CloudFront it is always the fixed value Z2FDTNDATAQYW2.

aws route53 change-resource-record-sets \
  --hosted-zone-id Z0123456789ABCDEFGHIJ \
  --change-batch '{
    "Changes": [{
      "Action": "UPSERT",
      "ResourceRecordSet": {
        "Name": "example.com",
        "Type": "A",
        "AliasTarget": {
          "HostedZoneId": "Z2FDTNDATAQYW2",
          "DNSName": "d111111abcdef8.cloudfront.net",
          "EvaluateTargetHealth": false
        }
      }
    }]
  }'

Output:

{
    "ChangeInfo": {
        "Id": "/change/C1122334455AABBCCDDEE",
        "Status": "PENDING",
        "SubmittedAt": "2026-06-15T10:31:07.000Z"
    }
}

Cost note: A Route 53 hosted zone costs about $0.50 per month. Standard DNS queries cost roughly $0.40 per million. Alias queries that resolve to AWS targets (CloudFront, ALB, S3, etc.) are not charged at all, which is another good reason to prefer Alias over CNAME for AWS resources.

Best practices

• Use Alias records for any AWS target, and always for the zone apex — never a CNAME at the root.
• Add both A and AAAA Alias records so IPv6-only clients can reach you.
• Keep TTLs around 300-3600s; drop them low before a planned migration, then restore them.
• Use MX + TXT (SPF/DKIM/DMARC) together so your mail is delivered and not spoofed.
• Never hard-code an IP in an A record for a load balancer or CloudFront — those IPs rotate.
• Verify changes reached INSYNC with aws route53 get-change --id <change-id> before assuming a cutover is live.
• Treat your hosted zone records as code (CloudFormation or Terraform) so changes are reviewed and reversible.

Related Topics

• What is Route 53
• Register a domain
• Route 53 routing policies
• Route 53 health checks
• Create a CloudFront distribution