New Domain Setup Checklist: DNS & Email Configuration Guide

Setting up a new domain correctly from day one prevents deliverability issues, security vulnerabilities, and costly misconfigurations. Follow this 9-step guide to configure DNS, email authentication, and SSL with free verification tools.

Setup Checklist

1
Configure NS Records
Point your domain to the correct nameservers at your DNS provider. NS records are the foundation — all other DNS records depend on nameservers resolving correctly.
Check NS Records
2
Add A/AAAA Records
Create A records pointing to your web server's IPv4 address, and AAAA records for IPv6 if supported. These records make your domain resolve to your actual server.
Run DNS Lookup
3
Set Up MX Records
Add MX records pointing to your email provider's mail servers. Set priorities correctly — lower numbers get higher priority. Always configure at least two MX records for redundancy.
Check MX Records
4
Create SPF Record
Generate and publish an SPF TXT record that lists all servers authorized to send email for your domain. This prevents spammers from spoofing your domain.
Generate SPF Record
5
Configure DKIM
Generate DKIM keys and publish the public key as a DNS TXT record. DKIM cryptographically signs outgoing emails so recipients can verify they were not altered in transit.
Generate DKIM Record
6
Publish DMARC Record
Create a DMARC policy that tells inbox providers how to handle emails failing SPF or DKIM. Start with p=none for monitoring, then move to p=quarantine or p=reject.
Generate DMARC Record
7
Add CAA Records
Specify which Certificate Authorities are allowed to issue SSL certificates for your domain. CAA records prevent unauthorized CAs from issuing rogue certificates.
Check CAA Records
8
Install SSL Certificate
Obtain and install an SSL/TLS certificate from your authorized CA. Verify it covers your root domain and www subdomain, and configure automatic renewal.
Check SSL Certificate
9
Verify Everything
Run a comprehensive domain health check to confirm all DNS records, email authentication, and security configurations are correctly set up and working together.
Run Health Check

Quick Reference

Step 1: Configure NS Records
Step 2: Add A/AAAA Records
Step 3: Set Up MX Records
Step 4: Create SPF Record
Step 5: Configure DKIM
Step 6: Publish DMARC Record
Step 7: Add CAA Records
Step 8: Install SSL Certificate
Step 9: Verify Everything

Frequently Asked Questions

What DNS records do I need for a new domain?: At minimum you need: NS records (nameservers), A records (web server IP), MX records (email), SPF (email auth), and an SSL certificate. For full security, add DKIM, DMARC, CAA, and AAAA records as well.
How long do DNS records take to propagate?: New DNS records typically propagate within 1-4 hours, but can take up to 48 hours depending on TTL settings and resolver caches. Set low TTLs (300-600 seconds) initially, then increase once everything is confirmed working.
Can I set up email before my website is live?: Yes. Email requires MX records, SPF, DKIM, and DMARC — none of which depend on your web server. You can have fully functional email with proper authentication before building your website.

Launch Your Domain Right

Complete all 9 steps to ensure your domain is properly configured. All tools are free with no signup.

Browse All Tools

Setup Checklist

Configure NS Records

Point your domain to the correct nameservers at your DNS provider. NS records are the foundation — all other DNS records depend on nameservers resolving correctly.

Check NS Records

Add A/AAAA Records

Create A records pointing to your web server's IPv4 address, and AAAA records for IPv6 if supported. These records make your domain resolve to your actual server.

Run DNS Lookup

Set Up MX Records

Add MX records pointing to your email provider's mail servers. Set priorities correctly — lower numbers get higher priority. Always configure at least two MX records for redundancy.

Check MX Records

Create SPF Record

Generate and publish an SPF TXT record that lists all servers authorized to send email for your domain. This prevents spammers from spoofing your domain.

Generate SPF Record

Configure DKIM

Generate DKIM keys and publish the public key as a DNS TXT record. DKIM cryptographically signs outgoing emails so recipients can verify they were not altered in transit.

Generate DKIM Record

Publish DMARC Record

Create a DMARC policy that tells inbox providers how to handle emails failing SPF or DKIM. Start with p=none for monitoring, then move to p=quarantine or p=reject.

Generate DMARC Record

Add CAA Records

Specify which Certificate Authorities are allowed to issue SSL certificates for your domain. CAA records prevent unauthorized CAs from issuing rogue certificates.

Check CAA Records

Install SSL Certificate

Obtain and install an SSL/TLS certificate from your authorized CA. Verify it covers your root domain and www subdomain, and configure automatic renewal.

Check SSL Certificate

Verify Everything

Run a comprehensive domain health check to confirm all DNS records, email authentication, and security configurations are correctly set up and working together.

Run Health Check

Frequently Asked Questions

What DNS records do I need for a new domain?

At minimum you need: NS records (nameservers), A records (web server IP), MX records (email), SPF (email auth), and an SSL certificate. For full security, add DKIM, DMARC, CAA, and AAAA records as well.

How long do DNS records take to propagate?

New DNS records typically propagate within 1-4 hours, but can take up to 48 hours depending on TTL settings and resolver caches. Set low TTLs (300-600 seconds) initially, then increase once everything is confirmed working.

Can I set up email before my website is live?

Yes. Email requires MX records, SPF, DKIM, and DMARC — none of which depend on your web server. You can have fully functional email with proper authentication before building your website.