What Happens to a Website When DNS Records Are Set Up the Wrong Way

DNS (Domain Name System) is one of the key infrastructures of the Internet. It is primarily responsible for mapping website domain names to their IP addresses, but it also provides a host of other functions related to authentication, security, and fraud prevention.

It achieves this with the help of DNS records. Website owners and domain managers need to create these records and publish them to the public DNS so that their websites can be accessed by others.

Needless to say, if the records are published incorrectly, it can cause a host of different problems. Given below are some of the most critical DNS records and what happens if they are configured incorrectly.

A and AAAA Records

A and AAAA records have one function, and that is to map the IPv4 and IPv6 addresses (respectively) to a domain. A records handle IPv4 while AAAA handle IPv6. 

When you search for a website using its domain name, your device queries a DNS resolver that returns the A or AAAA record. Your device reads that record and understands which IP address to go to. 

Here are a couple of mistakes that can occur when setting up these records.

Mistake: An A or AAAA record points to the wrong (old) IP address (often after a server migration). This can occur due to a simple typo or due to forgetfulness.

As a result of this mistake, the website fails to load and shows various kinds of server errors. In some cases (i.e, the record still has the older server’s IP address), this mistake sends visitors to the wrong server entirely.

Mistake: Typo in the IP address or use of an unsupported IPv6 address.

This prevents browsers from establishing a connection with the right domain, and that can cause timeouts or unreachable site errors.

Mistake: TTL was set extremely high before making changes.

TTL controls how long old records remain cached in DNS servers before a newer version is obtained. When the TTL is set too high, the records take a longer time to update on the global DNS. This means that some visitors continue seeing the old site or a broken version for hours or days after the issue is fixed.

MX Records

MX (Mail Exchange) records are required for receiving emails. They specify servers that are used to collect emails sent to a domain’s email address.

Here are the common mistakes that can occur when setting them up and how that affects your site.

Mistake: MX record hostname is misspelled or points to a non-existent mail server.

This results in Incoming email being rejected or disappearing without notification. It’s terrible because it means you will miss out on important emails (such as those from customer support), and that can affect your site’s reputation.

Mistake: Incorrect priority values or multiple conflicting MX records.

A single domain can have multiple MX records that point to different mail servers. This is used for load distribution and management. Each server has a “priority” value that dictates how much mail it should receive. Mail delivery becomes unreliable, with some messages delayed or lost entirely. With conflicting records and poor priority balancing, one server can become overwhelmed and start dropping emails, while the others stay idle.

Mistake: Old MX records were left in place after switching email providers.

Typically, MX records point to the servers of your email provider. When you change providers, you need to update the MX records too, otherwise your email will be delivered to the wrong provider or split between systems.

SPF, DKIM, and DMARC Records

TXT records are used for a lot of things. Three of the major TXT records used today are SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance). 

While they all do different things, together, they prevent your site from being used in fraud. They do so by authenticating which mail servers can send emails using your domain name, and provide hash values to ensure that nothing in the email has been changed during transit.

Here’s what can happen if these are misconfigured.

Mistake: SPF record contains syntax errors, extra spaces, or too many lookups. 

This causes email sending servers to fail authentication checks. This, in turn, causes outgoing emails to land in spam or be rejected and reduces your domain’s trust rating.

Mistake: DKIM selector does not match the one configured on the mail server.

Once again, email signatures fail validation and end up reducing trust and deliverability of your emails.

Mistake: DMARC policy is set too aggressively without proper testing.

DMARC’s role is to tell recipient mail servers how to deal with spoofed emails. However, sometimes legitimate emails are rejected or quarantined by receiving servers due to strict DMARC policies. That’s why DMARC policies must be tested and tweaked as necessary.

CNAME Records

CNAME records are used to point subdomains to the main domain (canonical domain). The way they do it is that they map the subdomain to the A/AAAA record of the main domain. 

As you can probably guess, there is plenty of room for error here. Let’s see what common mistakes occur with CNAME records.

Mistake: CNAME target hostname is misspelled or does not resolve.

This error results in subdomains not working and apps, images, or third-party services breaking.

Mistake: CNAME used at the root domain instead of a supported record type.

CNAME records are supposed to point to the A or AAAA record. They are prohibited from being used at the root because the root requires NS and SOA records, which cannot coexist with CNAME records. As such, they get invalidated and just make your main website unresolvable.

NS Records

NS (Name Server) records are the most important DNS records for a domain. They identify which authoritative DNS servers hold the master copies of a domain’s DNS records. Without NS records, a domain’s other records cannot be found, thus making it unresolvable.

Here are some common mistakes that can occur with NS record configuration, as well as their effects on your site.

Mistake: Nameserver hostname is misspelled or unreachable.

The entire domain becomes unreachable. That means no website, email, or subdomains. It is as if the domain doesn’t exist.

Mistake: NS records updated without migrating DNS zone data.

When NS records are updated without migrating DNS zone data, the domain resolves to empty or incomplete DNS settings. This causes various types of widespread outages related to the domain.

Mistake: Very high TTL values on NS records.

When TTLs are too high, any updates are slow to roll out, and DNS propagation becomes extremely long. This means that incorrect and outdated NS records still remain in various DNS server caches and lead to resolution errors.

How to Avoid Wrong Setup of DNS Records

To avoid making such mistakes, it is imperative that you be vigilant when creating the records. Create an SOP (standard operating procedure) and a checklist to ensure that all proper steps for creating or updating DNS records are followed.

Once new records are created, always verify them afterward with a DNS lookup tool. The verification step catches a lot of mistakes early on and lets you fix them in time. Even if some misconfigured records do go live, you can still change them early enough to limit the damage.

Final Thoughts

DNS records are quite simple, yet sensitive as well. A simple mistake, like a typo, can lead to widespread domain misbehavior. In this article, we covered various critical records and what their misconfiguration means for a website. So, now you know the consequences of wrong configurations. Thankfully, with some SOPs in place and hearty use of DNS lookups, you can minimize or outright eliminate such problems and ensure your domain runs smoothly.