DNS (Domain Name System) is the address book of the internet. It translates the human-friendly domain you type — like framerwebsites.com — into the numerical IP address that computers use to find the right server. For web designers, DNS is the invisible layer that decides whether your custom domain points to the right site, whether email delivers, and how quickly visitors reach your work.
What DNS Actually Does
When a visitor types your domain into a browser, their device asks a chain of DNS servers, “What is the IP address for this name?” The first stop is the local resolver (usually your internet provider or a public resolver like Google or Cloudflare). If that resolver does not have the answer cached, it climbs the hierarchy: root servers, then the top-level domain (.com, .io, .design), then the authoritative nameservers for your specific domain. The authoritative nameservers hold the records you set in your DNS dashboard.
Why Designers Should Care
You do not need to be a network engineer, but you will eventually be asked to connect a custom domain to a Framer, Webflow, Squarespace, or WordPress site. You will be asked to set up email through Google Workspace. You will be asked to verify ownership for analytics or search consoles. Every one of those tasks lives in DNS. A single typo in a record costs hours of downtime, so understanding the basics is the difference between a 10-minute job and a panicked Friday afternoon.
The Core Record Types
DNS is built from records. Each record has a type, a host, a value, and a TTL (time to live). Here are the ones that come up daily.
A Record
An A record maps a hostname to an IPv4 address. If your hosting provider gives you an IP like 76.76.21.21, you point an A record at it. The host field is usually @ (representing the root domain) or a subdomain like blog.
AAAA Record
An AAAA record (read as “quad A”) does the same job for IPv6 addresses. IPv6 is the longer-format addressing scheme that replaces IPv4. Many hosts now require both for full reachability.
CNAME Record
A CNAME (canonical name) maps one hostname to another hostname, not to an IP. This is the standard way to point a subdomain at a platform like Framer, Webflow, Vercel, or Netlify, because those platforms can change their underlying IPs at any time without breaking your site. The classic pattern: point www.yoursite.com via CNAME to your-project.framer.app.
MX Record
MX (mail exchange) records direct email for your domain to a mail server. If you use Google Workspace, you will publish a set of MX records pointing to Google’s mail servers. Each record has a priority number — lower numbers are tried first.
TXT Record
TXT records hold arbitrary text. They are used for domain verification (Google, LinkedIn, search consoles), SPF email authentication, DKIM signatures, DMARC policy, and a growing list of platform-specific proofs of ownership.
NS Record
NS (nameserver) records say which servers are authoritative for your domain. These are usually set at your registrar (the company you bought the domain from) and delegate control to your DNS provider (Cloudflare, Route 53, your registrar itself).
SRV, CAA, and Friends
Less common but worth knowing: SRV records publish service locations (used by Microsoft Teams and similar), CAA records say which certificate authorities are allowed to issue SSL certificates for your domain, and PTR records do reverse lookups (IP to name).
Nameservers and Registrars
People often confuse the registrar (where you bought the domain) with the DNS host (where the records live). They can be the same company or different. If you buy a domain at Namecheap but manage DNS at Cloudflare, you set the NS records at Namecheap to point to Cloudflare’s nameservers, and from then on you edit records at Cloudflare. Most large sites use a dedicated DNS provider like Cloudflare or AWS Route 53 because they are faster and more reliable than the registrar’s default DNS.
How DNS Propagation Actually Works
You have probably heard the phrase “wait for DNS to propagate.” What is really happening is cache expiration. When you change a record, your authoritative nameserver updates instantly. But every resolver in the chain has cached the old answer for whatever TTL it was given. Until that TTL expires, those resolvers serve the stale value.
The TTL Lever
TTL is measured in seconds. A typical default is 3600 (one hour). Before a planned change, lower the TTL to 300 (five minutes) a day in advance. After the change is confirmed working, raise it back to the original value for performance. Lower TTL means faster cutover, higher TTL means lower DNS query load.
Verifying a Change
Use a tool like dig or the online “DNS Checker” services that query resolvers around the world. Do not rely on your own browser — your local cache, your operating system cache, and your router cache can all lie to you. From the command line, dig +short yoursite.com is the cleanest test.
Connecting a Custom Domain to Your Site
The exact steps vary by platform, but the pattern is always the same.
For Framer
- In Framer, open the site settings and add your custom domain.
- Framer gives you either an A record value or a CNAME target.
- In your DNS dashboard, create the records exactly as shown.
- Wait for Framer to verify and issue an SSL certificate (usually under 10 minutes).
For more detail on the Framer flow, see our Framer custom domain guide.
For Webflow, Squarespace, Wix, and WordPress
The mechanics are nearly identical. Each platform publishes a help page with the exact values. The root domain (yoursite.com) almost always uses an A record. The www subdomain almost always uses a CNAME.
Apex vs Subdomain Trade-offs
The root domain (also called the apex) has historically been restricted to A records — you cannot CNAME a bare domain in standard DNS. Modern providers like Cloudflare offer “CNAME flattening” or “ALIAS” records that simulate a CNAME at the apex. This is why platforms recommend www over the bare domain in older guides. In 2026, most providers handle apex CNAMEs transparently.
DNS and Email Deliverability
If you send any email from your domain — transactional, marketing, or one-to-one — three TXT records control whether it lands in the inbox or the spam folder.
SPF
SPF (Sender Policy Framework) lists which mail servers are allowed to send on your behalf. A misconfigured SPF record means legitimate email gets rejected.
DKIM
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to every outgoing message. The public key lives in a TXT record. Receivers verify the signature against the key.
DMARC
DMARC (Domain-based Message Authentication, Reporting and Conformance) tells receivers what to do when SPF or DKIM fails — accept, quarantine, or reject — and where to send reports. As of 2024, Google and Yahoo require DMARC for any domain sending bulk email.
DNS and Performance
Every DNS lookup adds latency to the first visit. Three techniques reduce that cost.
- Use a fast DNS provider — Cloudflare and Route 53 are measurably faster than most registrar defaults.
- Use a CDN that handles DNS — pairing DNS and CDN at the same provider lets traffic resolve and route in one round trip. See our CDN setup guide for the full picture.
- Tune TTLs — high TTL on stable records keeps lookups cached at the edge.
DNS Security Basics
DNS is a frequent attack target because it is the first hop in every request.
DNSSEC
DNSSEC (DNS Security Extensions) cryptographically signs DNS responses so resolvers can verify they were not tampered with. Most modern providers offer one-click DNSSEC. Turn it on.
CAA Records
Publish a CAA record listing only the certificate authorities you actually use (Let’s Encrypt, Google Trust Services, etc.). This blocks attackers from getting a fraudulent SSL certificate for your domain from a different authority.
Lock the Registrar
Enable two-factor authentication on your registrar account. Turn on registrar lock to prevent unauthorized transfers. Domain hijacking is rare but devastating — recovering a hijacked domain can take weeks.
Common DNS Mistakes
- Editing records at the registrar when nameservers point elsewhere — the change has no effect.
- Forgetting to update both the @ and the www records when migrating.
- Pasting record values with trailing whitespace or quotes.
- Letting an SPF record exceed 10 DNS lookups (causes permanent fail).
- Setting TTLs too high before a migration, then waiting hours for changes to take effect.
Frequently Asked Questions
How long does DNS propagation actually take?
Most resolvers update within minutes if the TTL was low. Some legacy ISPs cache for hours. As a rule of thumb, plan for changes to be fully global within 24 hours, but expect 90% of visitors to see the new value within 30 minutes if you set a low TTL beforehand.
What is the difference between a registrar and a DNS host?
The registrar is the company you bought the domain from — they manage your ownership record. The DNS host is the company whose nameservers answer queries for your domain. They are often the same, but you can split them. Many designers use a registrar like Namecheap or Porkbun and host DNS at Cloudflare for speed.
Should I use my registrar’s DNS or a third party?
For a single small site, the registrar’s DNS is fine. For anything that needs reliability, speed, or advanced features (page rules, security, edge routing), move to a dedicated provider like Cloudflare. The migration is straightforward: copy records, update nameservers at the registrar, wait for propagation.
Can I have a site without DNS?
Technically, yes — you can reach a server directly by IP address. In practice, no site of consequence runs without DNS, because every modern platform (CDN, SSL, email, analytics) assumes you control a domain.
If you want a Framer or WordPress site set up correctly from day one — with DNS, SSL, email auth, and CDN configured properly — see our pricing or get in touch.