How To

Add DNS A and PTR Records in Windows Server 2025

Kibet John Updated Mar 22, 2026 · 7 min read

DNS A records map hostnames to IPv4 addresses, and PTR records handle the reverse – mapping IPs back to hostnames. Both are essential for name resolution in any Windows Server environment. Without proper A and PTR records, services like Active Directory, email, and network authentication will fail.

Original content from computingforgeeks.com - post 38941

This guide covers how to add DNS A, PTR, CNAME, MX, and TXT/SPF records on Windows Server 2025 using both DNS Manager (GUI) and PowerShell. You need the DNS Server role already installed and at least one forward and one reverse lookup zone configured before proceeding.

Prerequisites

  • Windows Server 2025 with the DNS Server role installed and running
  • At least one forward lookup zone configured (e.g., computingforgeeks.com)
  • At least one reverse lookup zone configured (e.g., 10.0.1.x subnet)
  • Administrator access to the DNS server
  • IP addresses and hostnames planned for your environment

Step 1: Add a DNS A Record via DNS Manager

An A record (Address record) maps a hostname to an IPv4 address. This is the most common DNS record type – every server, workstation, and service endpoint needs one.

Open Server Manager, click Tools and select DNS. In the DNS Manager console, expand your server name, then expand Forward Lookup Zones.

Right-click the zone where you want to add the record (e.g., computingforgeeks.com) and select New Host (A or AAAA).

DNS Manager forward lookup zone expanded in Windows Server

In the New Host dialog, fill in the following fields:

  • Name – the hostname portion (e.g., webserver01 for webserver01.computingforgeeks.com)
  • IP address – the IPv4 address this hostname should resolve to (e.g., 10.0.1.50)
  • Create associated pointer (PTR) record – check this box to automatically create the reverse DNS record at the same time
Creating a new host A record with PTR option in DNS Manager

Click Add Host. A confirmation dialog appears – click OK to confirm. The A record now appears in the forward lookup zone, and if you checked the PTR option, the corresponding PTR record is in the reverse lookup zone.

A record successfully added in forward lookup zone

Step 2: Add a DNS A Record via PowerShell

PowerShell gives you a faster way to add A records, especially when managing multiple servers or automating deployments. The Add-DnsServerResourceRecordA cmdlet handles this.

Open PowerShell as Administrator and run the following command to add an A record for dbserver01.computingforgeeks.com pointing to 10.0.1.60:

Add-DnsServerResourceRecordA -Name "dbserver01" -ZoneName "computingforgeeks.com" -IPv4Address "10.0.1.60" -CreatePtr

The -CreatePtr flag automatically creates the matching PTR record in the reverse lookup zone, just like the checkbox in the GUI. Without this flag, only the A record is created.

Verify the record was created by querying the zone:

Get-DnsServerResourceRecord -ZoneName "computingforgeeks.com" -Name "dbserver01"

The output confirms the A record with the correct hostname and IP address:

HostName   RecordType Type  Timestamp            TimeToLive  RecordData
--------   ---------- ----  ---------            ----------  ----------
dbserver01 A          1     0                    01:00:00    10.0.1.60

To add an A record with a specific TTL value (in seconds), use the -TimeToLive parameter:

Add-DnsServerResourceRecordA -Name "appserver01" -ZoneName "computingforgeeks.com" -IPv4Address "10.0.1.70" -CreatePtr -TimeToLive 00:30:00

This sets the TTL to 30 minutes instead of the zone default (typically 1 hour).

Step 3: Add a PTR Record via DNS Manager

If you did not check the “Create associated pointer (PTR) record” option when adding the A record, or if you need to add a PTR record independently, do it through the reverse lookup zone.

In DNS Manager, expand Reverse Lookup Zones and right-click the appropriate subnet zone (e.g., 10.0.1.x Subnet). Select New Pointer (PTR).

Fill in these fields:

  • Host IP Number – the last octet of the IP address (e.g., 50 for 10.0.1.50)
  • Host name – the fully qualified domain name this IP should resolve to (e.g., webserver01.computingforgeeks.com)

Click OK to save. The PTR record now appears in the reverse lookup zone.

PTR record in reverse lookup zone

Step 4: Add a PTR Record via PowerShell

The Add-DnsServerResourceRecordPtr cmdlet creates PTR records from the command line. You need to specify the reverse lookup zone name, the host IP portion, and the target FQDN.

Add a PTR record that maps 10.0.1.80 back to mailserver01.computingforgeeks.com:

Add-DnsServerResourceRecordPtr -Name "80" -ZoneName "1.0.10.in-addr.arpa" -PtrDomainName "mailserver01.computingforgeeks.com"

The -Name parameter is the last octet of the IP. The -ZoneName is the reverse lookup zone in the standard in-addr.arpa format. Confirm the record exists:

Get-DnsServerResourceRecord -ZoneName "1.0.10.in-addr.arpa" -Name "80"

The PTR record should show the correct reverse mapping:

HostName  RecordType Type  Timestamp            TimeToLive  RecordData
--------  ---------- ----  ---------            ----------  ----------
80        PTR        12    0                    01:00:00    mailserver01.computingforgeeks.com.

Step 5: Add a CNAME Record

A CNAME (Canonical Name) record creates an alias that points to another hostname. This is useful when you want multiple names to resolve to the same server without duplicating A records.

In DNS Manager, right-click the forward lookup zone and select New Alias (CNAME). Enter the alias name and the FQDN of the target host.

With PowerShell, create a CNAME record that aliases www to webserver01.computingforgeeks.com:

Add-DnsServerResourceRecordCName -Name "www" -ZoneName "computingforgeeks.com" -HostNameAlias "webserver01.computingforgeeks.com"

Verify the CNAME record:

Get-DnsServerResourceRecord -ZoneName "computingforgeeks.com" -Name "www" -RRType CName

The output shows the alias and its target:

HostName  RecordType Type  Timestamp            TimeToLive  RecordData
--------  ---------- ----  ---------            ----------  ----------
www       CNAME      5     0                    01:00:00    webserver01.computingforgeeks.com.

Keep in mind that CNAME records cannot coexist with other record types for the same name. You cannot have both a CNAME and an MX record for the same hostname.

Step 6: Add an MX Record

MX (Mail Exchanger) records tell other mail servers where to deliver email for your domain. Every domain that receives email needs at least one MX record.

In DNS Manager, right-click the forward lookup zone and select New Mail Exchanger (MX). Set the host or child domain (leave blank for the zone root), the FQDN of the mail server, and the priority value.

With PowerShell, add an MX record that points your domain’s email to mailserver01.computingforgeeks.com with priority 10:

Add-DnsServerResourceRecordMX -Name "." -ZoneName "computingforgeeks.com" -MailExchange "mailserver01.computingforgeeks.com" -Preference 10

For a backup mail server with lower priority (higher number = lower priority), add a second MX record:

Add-DnsServerResourceRecordMX -Name "." -ZoneName "computingforgeeks.com" -MailExchange "mailbackup01.computingforgeeks.com" -Preference 20

Verify your MX records:

Get-DnsServerResourceRecord -ZoneName "computingforgeeks.com" -RRType MX

Both MX records should appear with their priority values. The mail server with the lowest preference number receives email first.

Step 7: Add TXT and SPF Records

TXT records store arbitrary text data in DNS. The most common use is SPF (Sender Policy Framework) records that specify which servers are authorized to send email for your domain. SPF helps prevent email spoofing.

In DNS Manager, right-click the forward lookup zone and select Other New Records. Choose Text (TXT) from the list and click Create Record. Leave the record name blank for a zone-level TXT record and enter the SPF string in the Text field.

With PowerShell, add an SPF record that authorizes your mail server and rejects all others:

Add-DnsServerResourceRecord -ZoneName "computingforgeeks.com" -Name "." -Txt -DescriptiveText "v=spf1 mx a ip4:10.0.1.80 -all"

This SPF record says: accept email from servers listed in MX records (mx), the A record IP (a), the IP 10.0.1.80, and reject everything else (-all).

Verify the TXT record:

Get-DnsServerResourceRecord -ZoneName "computingforgeeks.com" -RRType Txt

You can also add DKIM or DMARC TXT records the same way. For a DMARC record:

Add-DnsServerResourceRecord -ZoneName "computingforgeeks.com" -Name "_dmarc" -Txt -DescriptiveText "v=DMARC1; p=quarantine; rua=mailto:[email protected]"

Step 8: Verify DNS Records with nslookup

After adding records, always verify they resolve correctly. The nslookup command is the fastest way to test from any Windows machine on the network.

Test a forward lookup (A record) by querying the hostname:

nslookup webserver01.computingforgeeks.com

The response should return the IP address you configured:

Server:  dns01.computingforgeeks.com
Address:  10.0.1.10

Name:    webserver01.computingforgeeks.com
Address:  10.0.1.50

Test a reverse lookup (PTR record) by querying the IP address:

nslookup 10.0.1.50

The reverse lookup should return the hostname:

Server:  dns01.computingforgeeks.com
Address:  10.0.1.10

Name:    webserver01.computingforgeeks.com
Address:  10.0.1.50

Test a CNAME record:

nslookup www.computingforgeeks.com

The response shows the alias chain – the CNAME pointing to the canonical name and its IP:

Server:  dns01.computingforgeeks.com
Address:  10.0.1.10

Name:    webserver01.computingforgeeks.com
Address:  10.0.1.50
Aliases:  www.computingforgeeks.com

Test an MX record:

nslookup -type=mx computingforgeeks.com

MX records show the mail server and its priority value:

Server:  dns01.computingforgeeks.com
Address:  10.0.1.10

computingforgeeks.com   MX preference = 10, mail exchanger = mailserver01.computingforgeeks.com
computingforgeeks.com   MX preference = 20, mail exchanger = mailbackup01.computingforgeeks.com

You can also use PowerShell’s Resolve-DnsName cmdlet for more detailed output:

Resolve-DnsName -Name "webserver01.computingforgeeks.com" -Type A
Verifying DNS A and PTR records with nslookup

Step 9: Bulk Add DNS Records with PowerShell

When you need to add dozens of records – during a migration, new office setup, or server rollout – doing it one at a time through the GUI is not practical. PowerShell lets you bulk-add records from a CSV file.

First, create a CSV file with your record data. Open Notepad and save this as C:\dns_records.csv:

Name,IPAddress
webserver01,10.0.1.50
webserver02,10.0.1.51
dbserver01,10.0.1.60
dbserver02,10.0.1.61
appserver01,10.0.1.70
appserver02,10.0.1.71
mailserver01,10.0.1.80
fileserver01,10.0.1.90

Then run this PowerShell script to import all records at once with automatic PTR creation:

$records = Import-Csv "C:\dns_records.csv"
foreach ($record in $records) {
    Add-DnsServerResourceRecordA -Name $record.Name -ZoneName "computingforgeeks.com" -IPv4Address $record.IPAddress -CreatePtr
    Write-Host "Added A+PTR: $($record.Name) -> $($record.IPAddress)" -ForegroundColor Green
}

After the bulk import, verify all records were created correctly:

Get-DnsServerResourceRecord -ZoneName "computingforgeeks.com" -RRType A | Format-Table -AutoSize

This lists every A record in the zone. Cross-check against your CSV to confirm all entries are present.

For removing records in bulk (e.g., decommissioning servers), use a similar loop with Remove-DnsServerResourceRecord:

Remove-DnsServerResourceRecord -ZoneName "computingforgeeks.com" -Name "oldserver01" -RRType A -Force

The -Force flag skips the confirmation prompt, which is needed for scripted operations.

DNS Record Types Reference

This table summarizes the common DNS record types you will work with on Windows Server DNS:

Record TypePurposePowerShell Cmdlet
AMaps hostname to IPv4 addressAdd-DnsServerResourceRecordA
AAAAMaps hostname to IPv6 addressAdd-DnsServerResourceRecordAAAA
PTRMaps IP address to hostname (reverse DNS)Add-DnsServerResourceRecordPtr
CNAMECreates an alias for another hostnameAdd-DnsServerResourceRecordCName
MXDirects email to mail serversAdd-DnsServerResourceRecordMX
TXTStores text data (SPF, DKIM, DMARC)Add-DnsServerResourceRecord -Txt
SRVLocates services (Active Directory, SIP)Add-DnsServerResourceRecord -Srv
NSDelegates zone to name serversAdd-DnsServerResourceRecord -NS
SOAZone authority and refresh settingsSet-DnsServerResourceRecordSOA

Conclusion

You now have A, PTR, CNAME, MX, and TXT/SPF records configured on your Windows Server 2025 DNS server using both DNS Manager and PowerShell. For production environments, always create PTR records alongside A records – many services (including Active Directory) depend on reverse DNS for authentication and service discovery.

Consider setting up a secondary DNS server for redundancy, and enable DNS zone transfers between primary and secondary servers so records stay synchronized. Monitor your DNS logs in Event Viewer under Applications and Services Logs for resolution failures or unauthorized zone transfer attempts.

Kibet John

The power of technology can be blatantly perceived by everyone in the world today and its sway did not spare me. Kibet is a tech enthusiast, ComputingforGeeks writer, and an ardent lover of knowledge and new skills that make the world brighter. His interests lie in Storage systems, High Availability, Routing and Switching, Automation, Monitoring, and Arts.

Related Articles

Networking Install Pritunl VPN Server on Ubuntu 24.04 / 22.04 Networking Add DNS Reverse Lookup Zone in Windows Server 2025 Monitoring How To Install Grafana on Amazon Linux 2023 FreeBSD How To Install and Configure OPNSense Firewall

Leave a Comment

Press ESC to close