Why does a domain have two A-type records?

3

I see that a domain has two type A records when I queried its DNS. Both records have the same name but respond with a different IP address. Why are there two records with the same name/type combination, and what does this mean?

user30535

Posted 2016-12-06T08:06:48.040

Reputation: 31

Answers

3

DNS allows for multiple entries of the same type. A possible use for this is to be able to host a site on multiple servers, so there's a smaller chance of everything going down.

For example, you can request the A records for superuser.com. which results in the following:

cas@PC0075:/home/cas$ dig superuser.com A

; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> superuser.com A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26473
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;superuser.com.                 IN      A

;; ANSWER SECTION:
superuser.com.          299     IN      A       151.101.193.69
superuser.com.          299     IN      A       151.101.129.69
superuser.com.          299     IN      A       151.101.1.69
superuser.com.          299     IN      A       151.101.65.69

;; Query time: 69 msec
;; SERVER: 172.17.1.1#53(172.17.1.1)
;; WHEN: Tue Dec 06 10:01:18 STD 2016
;; MSG SIZE  rcvd: 106

In this case, when I try to browse to superuser.com, my computer will actually connect to 151.101.193.69, 151.101.129.69, 151.101.1.69 OR 151.101.65.69. I'm not sure how it determines which one to pick, but I guess it's random.

Another case where having multiple records using the same type might be useful is for MX records. These records define where email should be sent, and having multiple records allows for alternative servers if the first try fails. 

cas@PC0075:/home/cas$ dig cloudflare.com MX

; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> cloudflare.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35678
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 11

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;cloudflare.com.                        IN      MX

;; ANSWER SECTION:
cloudflare.com.         85863   IN      MX      20 alt1.aspmx.l.google.com.
cloudflare.com.         85863   IN      MX      30 alt2.aspmx.l.google.com.
cloudflare.com.         85863   IN      MX      40 aspmx2.googlemail.com.
cloudflare.com.         85863   IN      MX      50 aspmx3.googlemail.com.
cloudflare.com.         85863   IN      MX      10 aspmx.l.google.com.

;; ADDITIONAL SECTION:
alt1.aspmx.l.google.com. 292    IN      A       74.125.68.27
alt1.aspmx.l.google.com. 292    IN      AAAA    2404:6800:4003:c02::1a
alt2.aspmx.l.google.com. 292    IN      A       108.177.97.27
alt2.aspmx.l.google.com. 292    IN      AAAA    2404:6800:4008:c00::1b
aspmx2.googlemail.com.  292     IN      A       74.125.68.27
aspmx2.googlemail.com.  292     IN      AAAA    2404:6800:4003:c02::1a
aspmx3.googlemail.com.  292     IN      A       108.177.97.27
aspmx3.googlemail.com.  292     IN      AAAA    2404:6800:4008:c00::1b
aspmx.l.google.com.     292     IN      A       173.194.79.27
aspmx.l.google.com.     292     IN      AAAA    2a00:1450:4013:c02::1b

;; Query time: 174 msec
;; SERVER: 172.17.1.1#53(172.17.1.1)
;; WHEN: Tue Dec 06 10:03:31 STD 2016
;; MSG SIZE  rcvd: 393

As you can see, Cloudflare uses G suite for email, and has defined 5 different MX records. My mail client will go through these records in ascending priority, starting at aspmx.l.google.com. with priority 10, and ending at aspmx3.googlemail.com.. Since these MX records point to another domain, my dig command also looked those up. You can see that some of these mailservers actually share the same IP address, this still leaves you with 3 different IP addresses you can connect to to attempt and deliver mail. I assume Google does some routing magic and that these are actually different servers, but I honestly don't know.

If you want to force your computer to always connect to a specific IP address without modifying the DNS records for a domain, you can always modify your hosts file.

TL;DR: Having two DNS records of the same type is usually a good thing, since it means there are additional resources available should any of them fail. It might make debugging harder if you're not sure which machine you're connecting to.

cascer1

Posted 2016-12-06T08:06:48.040

Reputation: 1 762

1

That just means there's two servers (or at least two end points with those IP's) for that address.

If you do a lookup for google as an example, you'll see it has many many addresses (and servers)

djsmiley2k TMW

Posted 2016-12-06T08:06:48.040

Reputation: 5 937

1dig google.com A only responds with one IP for me. It does respond with different IPs depending on which resolver I ask though. I guess they do some routing magic behind the external gateway. – cascer1 – 2016-12-07T07:38:45.460

1@cascer1 fair enough, google do lots of routing magic :) – djsmiley2k TMW – 2016-12-07T07:49:01.427

Asked: 2016-12-06T08:06:48.040

Viewed: 151 times

Active: 2016-12-06T11:08:01.607