LLM Best Practices

Namecheap DNS

3 min read

View markdown source

Overview

Namecheap is a registrar with a usable built-in DNS host. For small sites and email pointers, the included BasicDNS is fine. For sites that want CDN, proxying, or Workers, delegate the nameservers to cloudflare and use Namecheap only as the registrar. Either path works; the choice is about what features you want.

Use five record types and ignore the rest

The records that show up in practice:

  • A: hostname to IPv4. Apex domain (example.com) and any subdomain pointing at a fixed IP.
  • AAAA: hostname to IPv6. Pair with A whenever the host has a v6 address.
  • CNAME: hostname to hostname. Subdomains pointing at a host the provider controls (cname.vercel-dns.com, user.github.io). Not valid at the apex on most hosts.
  • MX: mail exchange. One or more, with priority.
  • TXT: arbitrary string. Domain verification, SPF, DKIM, DMARC.
  • NS: nameserver delegation. Edited only when handing DNS off to another provider.

URL Redirect records in Namecheap are HTTP-level redirects; they break TLS for the redirected host. Avoid them; use a real redirect at the application or CDN layer instead.

Verify domains with TXT records

Every provider that asks you to “verify the domain” wants a TXT record. The value is opaque; do not edit it.

Host:  @                                # apex, or a specific subdomain they specify
Type:  TXT
Value: google-site-verification=AbCdEf...
TTL:   Automatic

Vercel, Google Search Console, Cloudflare, GitHub, and Atlassian all use this pattern. Leave the records in place after verification; some providers re-check periodically.

For email, the same record type carries SPF (v=spf1 ...), DKIM (provider-specific selector), and DMARC (_dmarc subdomain). Wrong SPF is the most common reason a domain’s mail lands in spam.

Set MX priority low to high

Lower priority is preferred. The mail server tries the lowest number first and falls back to higher numbers.

Host:  @
Type:  MX
Value: aspmx.l.google.com.
Pri:   1

Host:  @
Type:  MX
Value: alt1.aspmx.l.google.com.
Pri:   5

Most managed inboxes (Google Workspace, Fastmail, Migadu) ship a list of five MX records with explicit priorities. Copy them exactly; do not collapse them to one.

Plan for the TTL, not for “DNS magic”

TTL is measured in seconds and is the only knob that controls propagation. Default is usually 1800 (30 minutes). Cached resolvers respect the TTL of the record they fetched.

  • Before a migration, lower TTL to 300 (5 minutes) at least 24 hours ahead. Old resolvers will then drop the old record within five minutes of the cutover.
  • After the migration settles, raise TTL back to 1800 or 3600. Long TTL reduces lookup load and improves cache hit rate.
  • “Propagation” is just resolver cache expiry. There is no global DNS clock.

Check propagation with dig @1.1.1.1 example.com and dig @8.8.8.8 example.com against the new value before flipping anything else.

Delegate to Cloudflare for proxied sites

Use Cloudflare nameservers when the site wants any of the Cloudflare features (proxying, Rules, Workers, Pages). Keep Namecheap nameservers when the site only needs DNS records and email pointers.

To delegate without downtime:

  1. Add the zone in Cloudflare. Let it import existing records.
  2. Verify every record on the Cloudflare side. Fix any that did not import (rare but happens for unusual record types).
  3. In Namecheap, set nameservers to the two Cloudflare nameservers Cloudflare assigned (e.g. art.ns.cloudflare.com, lia.ns.cloudflare.com).
  4. Wait for Cloudflare to confirm activation. Until then, Namecheap still answers; after activation, Cloudflare answers.

For the proxied side of the setup, see cloudflare.

Graph View

Backlinks