NsLookup logo
Learning center

The A record

Copy article link
The A or "address" DNS record type was created to hold IPv4 addresses. Translating names to addresses is one of the most fundamental uses of the DNS!

The A record type was introduced in the original DNS specifications (RFC 1034 and 1035) in 1987. Each type A record holds an IPv4 address. IPv6 did not yet exist in 1987 so all addresses were 32-bit IPv4 addresses. The AAAA DNS record type for IPv6 records would come later.

The DNS was created because the original system for mapping names to address, the "hosts" file, was quickly becoming unsustainable. The DNS would allow applications to map human-readable names into addresses in a massive globally distributed database. The A record type associates IPv4 addresses with DNS names.

Today, the DNS performs many other critical functions. But one of its most important jobs remains the mapping of names to addresses.

Mapping names into addresses
Mapping names into addresses. By NsLookup.io. Licensed under CC By 4.0.

A record format

Each A record in the DNS contains a single IPv4 address. Each A record, like all other DNS records, also has a Time-to-Live (TTL) value in seconds.

When stored in a zone file or displayed as text, use the familar dot-separated notation, e.g. "1.2.3.4". When an A record is transported across the Internet in a DNS message, the address is stored in four bytes of binary data to save space.

Multiple A records

It is common for a name to map to more than one IPv4 address in the DNS for redundancy. This is accomplished by creating multiple A records at the DNS name. Here is an example showing three address records for www.example.org with a TTL value of one hour: 

www.example.org. 3600 A 10.0.0.1
www.example.org. 3600 A 10.0.0.2
www.example.org. 3600 A 10.0.0.3

A records versus AAAA records

The A record type stores IPv4 addresses but it can't hold an IPv6 address. IPv6 wasn't around yet when the DNS specifications were first created. Only a few years after though, IPv6 came along. This required a new DNS record type, and so the AAAA record type was born.

The AAAA record type was first introduced in RFC 1886 in 1995. It was later updated by RFC 3596. A and AAAA records both store IP addresses but they are distinct record types from one another.

These two record types are similar except for the size of the address they each carry. 128 bits for type AAAA versus 32 bits for type A.

It is common to see records of both types at the same name in the DNS. This allows clients to connect using either address type.

What TTL should you use for A records?

You should use a TTL of one hour or more for A records that are relatively static. A records that change frequently can have a TTL as low as a few minutes.

TTL selection in the DNS is often complicated. As we discussed in our article on TTL selection in the DNS, shorter TTLs give agility but longer TTLs increase reliability. Longer TTLs can also decrease latency.

Shorter TTLs come with trade-offs. Use them with caution. TTLs under five minutes should be used sparingly. As a general rule of thumb, use shorter TTLs for DNS records that change frequently and longer TTLs for DNS records that are more static.

Anycast addresses in the DNS

In the past it was common to see quite a few A records at a name in the DNS. Often one for each and every server for services with a global footprint.

Today, the use of Anycast is becoming more and more common. Instead of one address record for each server, a single Anycast address is published.

When a client attempts to connect to an Anycast address, their request is automatically routed to the nearest datacenter. One or two additional Anycast addresses are often published for redundancy.

This is very powerful for service providers. It results in smaller DNS messages, faster DNS latency, and less DNS complexity. It also means that their clients always take the shortest path to the provider's servers.

Anycast addresses are stored in A records the same as Unicast addresses. The DNS does not distinguish between Anycast and Unicast addresses.

Load balancing through round robin

Round robin load balancing in the DNS means responding with different address records each time a name is queried.

Each time the DNS servers for a DNS zone receive a query, they respond with a different set of address records. The idea is that different clients will use different endpoint addresses. Ideally, all possible addresses will be in use by different clients at the same time. This distributes load across all available servers.

This type of load balancing can be relatively effective. However, due to DNS caching the results are generally suboptimal at best.

Load balancing through Anycast in combination with software or hardware load balancer devices gives better results. However, Anycast is more complex to set up and maintain.

Other uses of A records in the DNS

A common theme in Internet operations is to use the DNS in different and sometimes exciting ways! Even the A record serves other purposes. Its uses have included:

  • Domain Name System-based Blocklist (DNSBL)
  • Storing subnets in the DNS

Domain Name System-based Blocklist (DNSBL)

DNSBLs use the DNS as a distributed database to store blocklists used to defeat email spam.

A mail server can perform a DNS query with a specific format against a DNSBL to check if a sending host's IP address has been flagged as a source of spam. In this case the mail server might reject or throttle requests from that sender's IP address.

A mail server would follow these steps to use a DNSBL:

  1. Construct a DNSBL lookup name by reversing the octets in the sender's IP address and appending the DNSBL's domain name. For example if the sender's IP address is 1.2.3.4 the lookup name for the example.org DNSBL would be 4.3.2.1.dnsbl.example.org.
  2. Perform a standard DNS lookup with query type A for the lookup name.
  3. If the result is NXDOMAIN there is no entry for the sender's IP in the blocklist. This means that the sender's IP is not flagged as a source of spam. Mail should be sent normally.
  4. A positive result indicates that the sender's IP exists in the blocklist. This means the IP is considered a source of spam. Optionally, a TXT lookup for the same name can be performed to retrieve the reason for blocklisting.

The address returned for a blocked IP address may be the fixed value 127.0.0.2. This indicates that the sender's IP address has been flagged as a source of spam. Other values are also possible. See RFC 5782 section 2.3 for more details.

Storing subnets in the DNS

RFC 1101 section 4 proposes a method to store the subnet mask for a network in the DNS. A DNS type A record is created at the network's reverse lookup name in the in-addr.arpa zone.

This is not used today as there is little need to publish subnet masks in the DNS. But it is interesting to see how the use of the DNS has evolved over the years.

Looking up A records for a name

The IPv4 address records for a DNS name can be queried with the dig or nslookup command line tools. To find the address records for wikipedia.org, use this command: 

dig A wikipedia.org

On operating systems that support nslookup, you can use the following:

nslookup -type=a wikipedia.org

You can also check the A records for any domain name in our A lookup tool, or by entering it here: