Quick answer
An A record maps a hostname to a single 32-bit IPv4 address (RFC 1035 §3.4.1). It is the record a resolver returns when something asks "what IPv4 address does this name point to?" A published A record looks like this:
example.com. 3600 IN A 203.0.113.10
That line says the name example.com resolves to 203.0.113.10, and resolvers may cache the answer for 3600 seconds. The IPv6 equivalent is the AAAA record; the alias equivalent is the CNAME record. A is one of the core DNS record types.
How to read an A record
Every field in that line has a fixed meaning:
example.com.— the owner name the record answers for. The trailing dot marks it as fully qualified.3600— the TTL in seconds. It controls how long a resolver may cache this answer before it has to query again.IN— the class.IN(Internet) is the only class you will use in practice.A— the record type.Ais type number1, "a host address" (RFC 1035 §3.2.2).203.0.113.10— the RDATA: the 32-bit IPv4 address itself, written in dotted-quad form.
An A record holds exactly one address. To publish more than one address for a name, you publish more than one A record at that name.
Multiple A records and DNS round-robin
You can publish several A records at the same name:
example.com. 300 IN A 203.0.113.10
example.com. 300 IN A 203.0.113.11
example.com. 300 IN A 203.0.113.12
A resolver querying that name receives all three addresses. Most authoritative servers rotate the order of the addresses between responses, so different clients tend to connect to different hosts. This is DNS round-robin, a crude way to spread load across several machines.
Round-robin is not health-aware. DNS has no idea whether 203.0.113.11 is up; it hands the address out on its turn regardless. If one host fails, a share of clients still receive its address and their connections break until you remove the record and the old answer ages out of caches. For real failover you need health-checking at a load balancer, or a DNS provider that withdraws dead targets, rather than plain round-robin.
A record vs CNAME
An A record and a CNAME record answer different questions, and confusing the two is a frequent DNS mistake.
- An A record holds an IP address. The name is the final answer, so the resolver stops there.
- A CNAME record holds another name. It says "this name is an alias, go look up that other name instead," and the resolver restarts the query at the canonical name (RFC 1034 §3.6.2).
Use an A record when you have an IP address to point at, such as a server you run or a static address your host assigned you. Use a CNAME when you want one hostname to track another hostname, such as pointing www.example.com at a platform's myapp.hosting.example.net so you never have to touch an IP when the platform moves it.
One hard rule follows from the specification. A CNAME cannot coexist with any other record at the same name: RFC 1034 §3.6.2 states that "if a CNAME RR is present at a node, no other data should be present." A name is therefore either a CNAME or a set of ordinary records, never both.
Why the apex of a zone cannot be a CNAME
The apex (or root) of a zone is the bare domain, example.com with nothing in front of it. The apex always carries an SOA record and NS records, because those are what define the zone and delegate it to its nameservers. Since a CNAME forbids any other data at the same name, and the apex must keep its SOA and NS records, the apex cannot be a CNAME.
That is why you point a bare domain at a host with an A record (and an AAAA record for IPv6), not a CNAME. If your host only gives you a hostname instead of a stable IP, many DNS providers offer a flattening record (often called ALIAS or ANAME) that behaves like a CNAME at the apex but is resolved to A and AAAA records by the provider before the answer is served. What the rest of the internet sees is a normal A record, so the specification is not violated.
How TTL controls caching
The TTL on an A record is a promise about caching, not about the address. A resolver that fetches example.com. 3600 IN A 203.0.113.10 may reuse that answer for up to an hour before it asks again. A short TTL such as 300 means changes propagate within minutes but resolvers query you more often. A long TTL such as 86400 means fewer queries but slower propagation. Before you change an address, lower the TTL ahead of time and wait for the old, longer value to expire from caches, so the cutover is quick when you finally swap the address in.