What is DNS?
DNS (Domain Name System) is the Internet’s phonebook. It maps human-readable domain names (nemodzilla.xyz) to machine IP addresses (185.199.108.153). Without DNS, you’d need to memorize IPs for every website.
Basic records
A β IPv4
Points a domain to an IPv4 address (4 octets).
| |
Most common record type. You have several for your site (GitHub Pages redundancy).
AAAA β IPv6
Same but for an IPv6 address (128-bit, format 2001:db8::1).
| |
IPv6 is IPv4’s successor, needed because IPv4 addresses are exhausted.
CNAME β Alias
Points a domain to another domain name (not an IP directly).
| |
β οΈ A CNAME cannot coexist with other records on the same name. That’s why the root (
@) uses A records andwwwuses a CNAME.
MX β Mail Exchange
Tells which server handles emails for your domain.
| |
Priority (number) determines attempt order β lower number = higher priority.
TXT β Free text
Free text record, used for domain verification and email policies (SPF, DMARC).
| |
Email security
SPF β Sender Policy Framework
A TXT record listing servers authorized to send emails on your behalf.
| |
include:β authorized servers~allβ others are suspicious (soft fail)-allβ others are rejected (hard fail)
Without SPF, anyone can send an email pretending to be @nemodzilla.xyz.
DMARC β Domain-based Message Authentication
Policy telling receiving servers what to do if SPF/DKIM fail.
| |
p=noneβ monitor onlyp=quarantineβ send to spamp=rejectβ reject the email
DKIM β DomainKeys Identified Mail
Cryptographic signature added to emails to prove they came from you. Configured server-side, published as TXT in DNS.
DNS Security
DNSSEC
Adds cryptographic signatures to DNS records to prevent cache poisoning (an attacker redirecting your domain to a fake IP).
Cloudflare can enable it in one click: DNS β DNSSEC β Enable.
CAA β Certification Authority Authorization
Defines which certificate authorities are allowed to issue SSL certificates for your domain.
| |
Prevents a rogue CA from issuing a certificate for your domain without your knowledge.
Google Analytics & Tag Manager
Google Analytics (GA4)
Audience measurement tool β tells you how many visitors you have, where they come from, which pages they visit, how long they stay.
ID looks like: G-XXXXXXXXXX
To enable on Hugo Theme Stack, add to params.toml:
| |
Google Tag Manager (GTM)
A script container that lets you add/modify tracking scripts (Analytics, ad pixels, etc.) without touching the site’s code.
ID looks like: GTM-XXXXXXX
Difference from Analytics:
- Analytics β collects and analyzes data
- Tag Manager β manages how scripts are injected into the page
For a personal site, Google Analytics alone is more than enough. Tag Manager is useful when multiple tracking tools coexist and you want to manage them without redeploying.
Summary
| Record | Role |
|---|---|
| A | Domain β IPv4 |
| AAAA | Domain β IPv6 |
| CNAME | Domain β another domain |
| MX | Domain β mail server |
| TXT | Free text (SPF, DMARC, verification) |
| CAA | Authorized SSL authorities |
| DNSSEC | DNS cryptographic signatures |
| SPF | Authorized mail servers |
| DMARC | Email spoofing policy |