What is a DNS A record?

There are several types of records - or Resource Records as they are called - in the Domain Name System (DNS). This page explains what the A record is and how it's used.

The purpose of a DNS A record #

The goal of an A record is to point a domain name to a specific IP address. You could argue the A record is the most important one, since eventually every DNS record has to end up at an IP address - regardless if it's for a website, a mailserver or a third-party service.

The A-record will translate the domain record ohdear.app to the IP address 217.19.225.103, so your computer knows what server it has to make a connection to.

This can be for websites but also for mailservers. An A record would also translate the mailserver defined at aspmx.l.google.com. to IP address 173.194.69.26, so your mailserver knows where to deliver the e-mail to.

What does it mean if an A record changes? #

If you get a notification that an A record has changed, it means that the IP address behind it is now different.

For a website or API, it means that the server the client would connect to, is now different.

This can be intentional for a number of reasons:

  1. You're migrating the site or API to a new system and have changed the IP
  2. You're using a DDoS protection service and they're moving your website across different servers to ensure availability and mitigate an ongoing DDoS attack

If you received a DNS change notification and the above two topics don't apply, it could mean there has either been a mistake in the DNS configuration or someone has changed the DNS on your behalf - without your authorization.

In those cases, it is advised to investigate further by contacting your domain or nameserver provider.

The structure of a DNS A record #

The A record is relatively simple in set-up. Here's an example:

ohdear.app.		3600	IN  A   217.19.225.103

The structure of that record follows a pre-defined format:

<host>          <TTL>   IN  A   <IPv4 address>

You define the host name that this record applies to, the TTL and the IPv4 address the record should point to.

Special use cases of DNS A records #

There's 2 interesting things to know about DNS a records.

The apex domain should be an A record #

The apex - or root - domain should point to a DNS a record.

Our domain for instance, ohdear.app, should point to an A record directly. It should not point to a CNAME record that in turn translates to an A record.

This is a convention that's currently getting some attention to revise, because it also means it's harder for DDoS protection services like Cloudflare to easily provide their clients with a CNAME to use, because CNAME's aren't allowed as the root domain.

This is also one of the reasons the www. subdomain is still so actively used for bigger websites, since a www. subdomain can point to a CNAME.

Alternatives that are being looked at for this are ALIAS records to solve this, but their adoption is still low.

DNS round-robin #

In most circumstances, a domain points to a single IP address. However, there's also a technique called "DNS round robin" that allows you to have multiple IPs behind a domain name.

This could look like this:

microsoft.com.		2378	IN	A	40.76.4.15
microsoft.com.		2378	IN	A	13.77.161.179
microsoft.com.		2378	IN	A	40.112.72.205
microsoft.com.		2378	IN	A	104.215.148.63
microsoft.com.		2378	IN	A	40.113.200.201

The domain microsoft.com does not return a single IP address as its A record, but multiple.

The client, ie the web browser or the mailserver, can pick any one of those IP addresses to connect to. They are all considered equal and will be picked randomly - or, round robin.

This allows a website administrator to provide multiple IPs to reach the site, in case one of them goes down.

Was this page helpful to you? Feel free to reach out via support@ohdear.app or on Twitter via @OhDearApp if you have any other questions. We'd love to help!