How to Update DNS Records in DNS.com

DNS.com is a professional DNS hosting provider that offers managed DNS services with a focus on reliability and performance. Unlike registrars that include DNS as a secondary feature, DNS.com is purpose-built for DNS management, which means its interface provides direct access to all standard record types. This guide walks you through adding and editing SPF, DMARC, MTA-STS, and DKIM DNS records for your domain in DNS.com. Each section includes the exact steps, correct field values, and provider-specific details to get your email authentication records configured correctly.

If you host your DNS with DNS.com, your domain's nameservers point to DNS.com's infrastructure, and all record management happens through the DNS.com interface. If your domain is registered with a separate registrar, you manage the nameserver configuration there and the records here.

Accessing Your DNS Zone

1. Sign in to your DNS.com account at dns.com.
2. Navigate to the Zones or Managed Zones section from the main dashboard.
3. Select the zone (domain) you want to manage from the zone list.
4. You are now in the zone management interface, where you can view, add, edit, and delete DNS records for your domain.

DNS.com displays records in a table format organized by record type and hostname. To add a new record, click Add Record or the equivalent action button. To edit an existing record, click on the record row or the edit icon.

Note: If your domain's nameservers do not point to DNS.com, records created here will not resolve publicly. Verify your nameserver configuration at your domain registrar before making changes.

TXT Records

SPF Record

SPF (Sender Policy Framework) tells receiving mail servers which IP addresses and services are authorized to send email for your domain. Your SPF record is published as a TXT record at the root of your domain.

1. In the zone management interface, click Add Record.
2. Select TXT from the record type options.
3. In the Name or Host field, enter @ or leave it blank to represent the root of your domain, depending on how DNS.com handles root records.
4. In the Value or Data field, enter your SPF record: v=spf1 include:_spf.mxio.io ~all
5. Set the TTL to 3600 (1 hour).
6. Click Save or Add.

If you already have an SPF record, do not create a second one. Multiple SPF records cause a PermError and break email authentication entirely. Edit the existing TXT record that begins with v=spf1 and add include:_spf.mxio.io before the ~all or -all mechanism.

DMARC Record

DMARC (Domain-based Message Authentication, Reporting, and Conformance) tells receiving servers how to handle email that fails SPF and DKIM checks. It also enables aggregate reporting so you can see who is sending email as your domain.

1. Click Add Record.
2. Select TXT from the record type options.
3. In the Name field, enter _dmarc. DNS.com will append your domain, resulting in _dmarc.yourdomain.com.
4. In the Value field, enter your DMARC policy: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
5. Set the TTL to 3600.
6. Click Save.

Replace dmarc@yourdomain.com with the address where you want to receive DMARC aggregate reports. Start with p=none to collect data before enforcing. See the DMARC Deployment Guide for the full progression from none to quarantine to reject.

Note: mxio will support DMARC policy management in a future release.

CNAME Records

MTA-STS

MTA-STS (Mail Transfer Agent Strict Transport Security) tells sending servers that your domain supports TLS encryption for inbound email and that they should refuse to deliver over an unencrypted connection. The MTA-STS policy is published via HTTPS, and a CNAME record points to the policy host.

1. Click Add Record.
2. Select CNAME from the record type options.
3. In the Name field, enter _mta-sts. DNS.com will append your domain automatically.
4. In the Value field, enter the CNAME target provided by your MTA-STS hosting service.
5. Set the TTL to 3600.
6. Click Save.

You also need a TXT record at _smtp._tls to publish the MTA-STS policy version identifier. Follow the same TXT record process described above, using _smtp._tls as the Name and the policy string as the Value.

Note: mxio will support MTA-STS hosting in a future release.

NS Delegation

DKIM Key Hosting

DKIM (DomainKeys Identified Mail) uses cryptographic signatures to verify that an email was sent by an authorized server and that the message body was not altered in transit. DKIM keys are published as DNS records under the _domainkey subdomain.

For centralized DKIM key management, you can delegate the _domainkey subdomain to a dedicated DNS host via NS records.

1. Click Add Record.
2. Select NS from the record type options.
3. In the Name field, enter _domainkey. DNS.com will append your domain, resulting in _domainkey.yourdomain.com.
4. In the Value field, enter the first nameserver provided by your DKIM hosting service.
5. Set the TTL to 3600.
6. Click Save.
7. Repeat for each additional nameserver (typically 2-4 NS records are required for redundancy).

As a dedicated DNS hosting provider, DNS.com supports all standard record types including NS delegation for subdomains.

Note: mxio will support DKIM key hosting via NS delegation in a future release.

Verifying Your Changes

After adding or editing DNS records in DNS.com, verify that your changes are live and correct.

1. Use the mxio SPF Checker to validate your SPF record. Enter your domain and confirm that the record resolves correctly, the lookup count is within the 10-lookup limit, and all your sending services are included.
2. Use the mxio DMARC Checker to verify your DMARC record is published and syntactically correct.
3. Use the mxio Domain Health tool for a full overview of your domain's email authentication status, including SPF, DKIM, DMARC, and MX configuration.
4. If you created NS delegation records for DKIM, use the Delegation Health tool to verify that the NS records are resolving correctly and the delegated zone is responding.

DNS.com uses a professional DNS infrastructure designed for fast propagation. Most changes are visible within 5 minutes. If your changes are not appearing, verify that your domain's nameservers are correctly pointing to DNS.com's nameservers at your registrar.

Troubleshooting

Records not resolving

If records created in DNS.com are not resolving, the most likely cause is that your domain's nameservers at your registrar do not point to DNS.com. Check your registrar's nameserver configuration and ensure it matches the nameservers assigned to your DNS.com zone.

Duplicate SPF records

Your domain must have exactly one SPF TXT record at the root. If you see two TXT records starting with v=spf1, delete one and merge the include mechanisms into a single record. Use the SPF Checker to confirm you have only one record after merging.

Name field format

DNS.com may use @ for the root domain or require a blank field — check the interface help text when creating records. For subdomains, enter only the subdomain portion. DNS.com appends the domain automatically. For example, to create a record at _dmarc.yourdomain.com, enter _dmarc in the Name field.

Zone transfer delays

If you recently migrated your DNS to DNS.com, it can take up to 48 hours for the nameserver change to propagate globally. Records in DNS.com will not resolve until the nameserver delegation is complete. You can verify nameserver propagation using the NS Lookup tool.

API-managed zones

If your DNS.com zone is managed via API or automation, changes made in the web interface may be overwritten on the next sync. Coordinate with your team to ensure manual DNS changes are reflected in your automation configuration.