Maximum IPs in a DNS A Record: Technical Limits for Distributed Hosting Scenarios


2 views

DNS A records technically have no hardcoded limit to the number of IP addresses they can contain according to RFC standards. However, practical implementation constraints create de facto limits:

  • UDP packet size limitation (512 bytes historically, 4096 with EDNS)
  • DNS server software configurations (BIND defaults to 30 RRs per response)
  • Client resolver implementations (many cap at ~30 addresses)

Let's examine how different DNS servers handle large A record sets:


# Query with EDNS for larger responses
dig +bufsize=4096 example.com A

# Sample truncated response (512 byte limit)
;; Truncated, retrying in TCP mode.

For your social network use case, consider these architectural approaches:


// Pseudocode for client-side selection
const resolveWithFallback = async (domain) => {
  try {
    const { addresses } = await dns.resolve(domain);
    return addresses[Math.floor(Math.random() * addresses.length)];
  } catch {
    return backupIP;
  }
}

When exceeding practical A record limits:

  • DNS-based load balancing with geographic distribution
  • Anycast routing (requires BGP infrastructure)
  • Decentralized alternatives like ENS or IPNS

Major CDNs typically use:

  • 10-30 IPs per A record in rotation
  • Different IP sets per DNS resolver location
  • Short TTLs (30-300 seconds) for rapid updates

The DNS protocol itself doesn't impose a hard limit on the number of IP addresses in an A record. However, practical constraints emerge from multiple layers:

; Example DNS zone file with multiple A records
example.com. IN A 192.0.2.1
example.com. IN A 192.0.2.2
...
example.com. IN A 192.0.2.254
  • DNS Servers: BIND defaults to 30 RRsets in responses (can be increased via max-records)
  • Resolvers: glibc's resolver truncates at 32 addresses
  • Applications: Many HTTP clients only use first few resolved IPs

When implementing a distributed social network architecture:

// Python example checking DNS resolution
import socket
ips = socket.getaddrinfo('yourdomain.com', 443, proto=socket.IPPROTO_TCP)
print(f"Resolved {len(ips)} IP addresses")

For systems requiring >50 endpoints:

  1. DNS-based sharding (geo-distributed subdomains)
  2. Anycast routing (same IP, multiple locations)
  3. Client-side load balancing with health checks

Diagnostic commands:

dig +short example.com A | wc -l
nslookup -q=A example.com | grep "Address:" | wc -l