Fundamentals 4-minute read

What Is DNS, and Why Does It Matter?

The internet's phone book, explained in plain terms. What the common record types mean, what SPF and DMARC do for email, and why a quick DNS check helps you tell a real company from a fake one.

In short

DNS turns a name people can read (like example.com) into the address a computer needs to actually connect. A domain's DNS records also reveal where its email goes, who hosts it, and whether it has set up the modern anti-spoofing protections that legitimate organizations almost always use. For a recruiter or analyst, looking up a domain's DNS is a fast, free way to sanity-check whether an email address or a company is what it claims to be.

DNS is the internet's phone book

Every website and server lives at a numeric address called an IP address (something like 93.184.216.34). Those numbers are hard for people to remember, so we use names instead. DNS, the Domain Name System, is the directory that translates a name like cleanosint.com into the right IP address so your browser knows where to go.

When you type a domain or click a link, your device quietly asks DNS "what's the address for this name?" and gets an answer back in milliseconds. The same domain can hold several different kinds of records, each answering a different question. Those records are what make DNS useful for verification, not just navigation.

The common record types, in plain terms

A and AAAA: the address records. A points the name to an IPv4 address; AAAA points it to the newer IPv6 format. This is the core "where does this name live" answer.
MX: mail exchange. This says which servers handle email for the domain. If MX records point to Google or Microsoft, the domain runs email through those providers.
TXT: free-form text records. They hold a mix of things, most importantly the email-security policies (SPF and DMARC) described below, plus ownership-verification strings.
NS: name servers. These name the authoritative servers responsible for the domain's records, which usually tells you who the DNS provider or registrar is.
CNAME: an alias that points one name at another name (for example, www pointing at the main domain).
CAA: certificate authority authorization. It lists which providers are allowed to issue HTTPS certificates for the domain, a small but telling sign of a maintained setup.

SPF and DMARC: email trust signals

Two of those TXT records deal specifically with stopping people from forging a domain's email. They are worth understanding because their absence is a yellow flag.

SPF (Sender Policy Framework) lists which servers are allowed to send email on behalf of the domain. It helps receiving mail systems reject messages sent from servers that aren't on the list. The official description lives in RFC 7208.
DMARC (Domain-based Message Authentication, Reporting and Conformance) builds on SPF and tells receivers what to do with mail that fails the checks: allow it, quarantine it to spam, or reject it outright. It is defined in RFC 7489.

Established companies almost always publish both, often with DMARC set to a strict policy. A domain with no SPF and no DMARC is easier to impersonate, which is one reason scammers favor freshly registered or neglected domains. That said, configuration alone is not proof of intent. A real small business can be slow to set these up, and a careful scammer can copy them. Treat it as one signal among several.

Why a DNS check helps you vet a company

Say you get an email from a recruiter at careers-bigco-hiring.com, or a candidate lists a company you don't recognize. A few seconds of DNS lookup can add useful context:

Does the domain even resolve? No A record and no working website is unusual for a real operating business.
Where does its mail go? MX records pointing at a mainstream provider are routine. No mail setup at all on a domain that's emailing you is worth noticing.
Has it published email-security records? A complete SPF and DMARC posture suggests an organization that maintains its domain. A total absence is a mild flag.
How fresh is it? Brand-new domains paired with urgent requests are a classic pattern. Registration age comes from registration data rather than DNS itself, but the two are commonly checked together.

None of this is a verdict on its own. The value is that DNS is public, free, and instant, so it costs you almost nothing to gather a few facts before you trust an unfamiliar sender or employer.

The same plumbing developers care about

If you build or run websites, these records are the levers you actually pull: A and CNAME route traffic, MX wires up email, TXT proves ownership and configures SPF/DMARC, and CAA guards certificate issuance. Reading another domain's records is also one of the quickest ways to see how a service is hosted. The lookup is the same whether your goal is debugging or due diligence.

Look up a domain

Enter any domain and see its A, MX, TXT, NS, CNAME, CAA records plus its SPF and DMARC posture. No login, nothing stored.

Run a DNS Lookup →

This guide is educational and reflects publicly available information about the Domain Name System and published email-authentication standards. It is not legal advice or a recommendation about any specific domain, email, person, or decision. Verification and hiring decisions should follow your organization's policies and applicable law.