DNS (Domain Name System) is the backbone of the internet -- it translates human-readable domain names like yourdomain.com into IP addresses that servers understand. If you're hosting a website, sending email, or connecting any service to your domain, you're relying on DNS records to make it all work.
cPanel's Zone Editor gives you full control over your domain's DNS records without needing to log into a separate DNS management service. In this guide, we'll explain what each DNS record type does and walk you through the most common DNS configurations you'll need as a website owner.
What Is the DNS Zone Editor?
The Zone Editor is a cPanel tool that lets you view, create, edit, and delete DNS records for your domains. A "zone" is essentially a collection of DNS records that define how your domain behaves -- where your website is hosted, where your email is delivered, how services verify your domain ownership, and more.
To access the Zone Editor:
- Log into cPanel
- Navigate to the Domains section
- Click Zone Editor
- Find your domain and click Manage
You'll see a list of all existing DNS records for your domain, organized by type.
Understanding DNS Record Types
DNS records come in several types, each serving a different purpose. Here are the ones you'll encounter most frequently:
| Record Type | Purpose | Example Use Case |
|---|---|---|
| A | Maps a domain/subdomain to an IPv4 address | Point yourdomain.com to your server's IP |
| AAAA | Maps a domain/subdomain to an IPv6 address | Point yourdomain.com to your server's IPv6 |
| CNAME | Creates an alias that points to another domain name | Point www.yourdomain.com to yourdomain.com |
| MX | Directs email to the correct mail server | Tell email to go to mail.yourdomain.com |
| TXT | Holds text data for various purposes | SPF records, domain verification, DMARC |
| SRV | Defines the location of specific services | Microsoft 365 autodiscover, SIP, XMPP |
| CAA | Specifies which certificate authorities can issue SSL for your domain | Restrict SSL issuance to Let's Encrypt only |
| NS | Defines the authoritative name servers for your domain | Usually managed by your registrar |
A Records: Pointing Your Domain to a Server
A records are the most fundamental DNS record type. They map a domain name to an IPv4 address.
Viewing and Editing A Records
When you open the Zone Editor, you'll see existing A records for your domain. Typically, cPanel automatically creates:
yourdomain.compointing to your server's IP addresswww.yourdomain.compointing to the same IP (or as a CNAME)mail.yourdomain.compointing to your server's IP
Creating a New A Record
- In Zone Editor, click Add Record (or + A Record)
- Name: Enter the subdomain (e.g., "shop" for shop.yourdomain.com) or leave blank for the root domain
- Address: Enter the IPv4 address (e.g., 192.168.1.100)
- TTL: Leave at default (14400 seconds / 4 hours) unless you have a reason to change it
- Click Add Record
Common A Record Scenarios
- Pointing a subdomain to a different server: Create an A record for the subdomain with the other server's IP address
- Setting up a staging site: Create staging.yourdomain.com as an A record pointing to your server's IP
- Using Cloudflare or a CDN: Update your A record to point to the CDN's IP address instead of your server's direct IP
CNAME Records: Creating Domain Aliases
CNAME (Canonical Name) records create an alias that points one domain name to another. They're commonly used for:
- Pointing
www.yourdomain.comtoyourdomain.com - Connecting subdomains to external services (e.g.,
blog.yourdomain.comto a WordPress.com site) - Setting up CDN endpoints
- Domain verification for third-party services
Creating a CNAME Record
- Click Add Record and select CNAME
- Name: Enter the subdomain (e.g., "blog")
- Record: Enter the target domain (e.g., "your-site.wordpress.com")
- Click Add Record
Important: You cannot create a CNAME record for the root domain (yourdomain.com without a subdomain prefix). CNAME records only work for subdomains. This is a DNS specification limitation, not a cPanel restriction.
MX Records: Email Routing
MX (Mail Exchange) records tell the world where to deliver email for your domain. When someone sends an email to anything@yourdomain.com, their mail server checks your MX records to determine which server should receive the message.
Default cPanel MX Configuration
cPanel automatically creates an MX record pointing to your hosting server. This allows email sent to your domain to be delivered to email accounts you create in cPanel.
Changing MX Records for External Email
If you want to use an external email service (Google Workspace, Microsoft 365, Zoho Mail, etc.), you'll need to update your MX records:
- Delete the existing MX record(s) in Zone Editor
- Add the MX records provided by your email service
- Each MX record needs a Priority value (lower number = higher priority)
For example, Google Workspace MX records:
| Priority | Server |
|---|---|
| 1 | aspmx.l.google.com |
| 5 | alt1.aspmx.l.google.com |
| 5 | alt2.aspmx.l.google.com |
| 10 | alt3.aspmx.l.google.com |
| 10 | alt4.aspmx.l.google.com |
After changing MX records, also update the Email Routing setting in cPanel (Email > Email Routing) to "Remote Mail Exchanger" so cPanel doesn't try to deliver email locally.
TXT Records: Verification and Email Authentication
TXT records store text strings in your DNS zone. They're used for several critical purposes:
SPF Records (Email Authentication)
SPF records define which servers are authorized to send email for your domain. A typical SPF record looks like:
v=spf1 +a +mx +ip4:YOUR.SERVER.IP ~all
cPanel's Email Deliverability tool can generate and install the correct SPF record automatically.
DKIM Records (Email Signing)
DKIM adds a cryptographic signature to your outgoing emails. cPanel generates the DKIM key and creates the necessary TXT record through the Email Deliverability tool.
DMARC Records
DMARC tells receiving servers what to do with emails that fail SPF/DKIM checks. Create a TXT record named _dmarc.yourdomain.com with a value like:
v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com
Domain Verification
Services like Google Search Console, Microsoft 365, Facebook, and many others verify domain ownership by asking you to add a TXT record with a specific value. The process is always the same: copy the verification string they provide, create a TXT record in Zone Editor, and click "Verify" in the external service.
SRV Records: Service Location
SRV records specify the hostname and port number for specific services. They're less common but required for some configurations:
- Microsoft 365 autodiscover
- SIP (Voice over IP) services
- XMPP (chat) services
- Minecraft and game servers on specific ports
Creating an SRV Record
SRV records have more fields than other record types:
- Name: _service._protocol.yourdomain.com (e.g., _sip._tcp)
- Priority: Lower values are preferred
- Weight: For load balancing between servers with the same priority
- Port: The service port number
- Target: The hostname providing the service
CAA Records: SSL Certificate Control
CAA (Certificate Authority Authorization) records specify which certificate authorities (CAs) are allowed to issue SSL certificates for your domain. This is a security measure that prevents unauthorized CAs from issuing certificates.
For example, to only allow Let's Encrypt (used by cPanel's AutoSSL):
0 issue "letsencrypt.org"
If you don't have any CAA records, any CA can issue certificates for your domain. Once you add a CAA record, only the specified CAs are authorized. Make sure to include all CAs you use (including AutoSSL's provider) to avoid SSL certificate issuance failures.
TTL: How Long DNS Records Are Cached
TTL (Time to Live) determines how long DNS resolvers cache your records before checking for updates. It's measured in seconds:
| TTL Value | Duration | Best For |
|---|---|---|
| 300 | 5 minutes | Records you're actively changing (pre-migration) |
| 3600 | 1 hour | Records that change occasionally |
| 14400 | 4 hours | Default cPanel setting, good for most records |
| 86400 | 24 hours | Stable records that rarely change |
Pro tip: If you're planning a server migration or DNS change, lower the TTL to 300 a day or two before the change. This ensures the old cached records expire quickly, so the new records take effect faster. After the change is stable, raise the TTL back to 14400 or higher.
Common DNS Configurations
Setting Up a Website with www and non-www
- Create an A record for
yourdomain.compointing to your server IP - Create a CNAME record for
wwwpointing toyourdomain.com - Set up a redirect in cPanel (or .htaccess) to send all traffic to your preferred version
Pointing a Subdomain to an External Service
- If the service gives you an IP address: Create an A record
- If the service gives you a domain name: Create a CNAME record
Setting Up Email with an External Provider
- Update MX records to the provider's mail servers
- Add SPF TXT record authorizing the provider
- Add DKIM TXT record provided by the email service
- Add DMARC TXT record
- Change Email Routing in cPanel to "Remote"
For more cPanel tools that work hand-in-hand with DNS configuration, explore our 15 essential cPanel features guide. And if you're new to cPanel entirely, start with our beginner's guide to cPanel.
On MassiveGRID's high-availability cPanel hosting, DNS zones are automatically configured with correct A, MX, and CNAME records when you add a domain. The Email Deliverability tool also handles SPF and DKIM setup with one-click repair.
Frequently Asked Questions
How long does it take for DNS changes to propagate?
DNS propagation depends on the TTL of the old record. If the TTL was 14400 seconds (4 hours), it can take up to 4 hours for all DNS resolvers worldwide to pick up the change. In practice, most changes are visible within 1-2 hours. Some DNS resolvers may take up to 48 hours to update, though this is rare. Lowering the TTL before making changes speeds up propagation.
Can I manage DNS in cPanel if my domain registrar handles DNS?
You need to decide where your DNS is managed -- either at your registrar or at your hosting provider (cPanel). If your domain's nameservers point to your hosting provider, then cPanel's Zone Editor manages DNS. If nameservers point to your registrar or a service like Cloudflare, you manage DNS there, and cPanel's Zone Editor changes won't have any effect.
What happens if I make a mistake in my DNS records?
An incorrect DNS record can cause your website or email to stop working. However, DNS changes are reversible -- you can edit or delete the incorrect record and create the correct one. The fix will propagate according to the TTL. For critical changes, always note your existing records before making modifications so you can revert if needed.
Do I need to create DNS records for every subdomain?
Yes, each subdomain needs its own DNS record (either A or CNAME). When you create a subdomain through cPanel's Domains interface, the corresponding DNS record is usually created automatically. If you're pointing a subdomain to an external service, you'll need to manually create the appropriate record in Zone Editor.
Can I use Cloudflare with cPanel?
Yes. You can use Cloudflare in two ways: (1) Change your domain's nameservers to Cloudflare and manage all DNS through Cloudflare's dashboard (cPanel Zone Editor becomes irrelevant), or (2) Some cPanel installations include a Cloudflare plugin that integrates directly into cPanel. Option 1 is more common and gives you full access to Cloudflare's CDN, security, and performance features while still hosting your site on your cPanel server.