: Using multiple A-records for my domain - do web browsers ever try more than one? If I add multiple A-records for my domain, they are returned in a round robin order by DNS servers. Example:

@Welton855

Be warned that Windows Vista implements the stupid parts of RFC3484 (i.e. the backporting from IPV6 to IPV4) and will prefer the IP address that shares most prefix bits with the user's IP address rather than picking one at random. Since most users have IP addresses that start with 192.168, that means whichever of your IP addresses happens to share most prefix bits with that will get most of the Vista traffic. Microsoft fixed this particular bit of idiocy in Windows 7 and later, so it's not as much of an issue as it used to be.

Vote Up Vote Down

@Shanna517

Yes, most browsers from the last 5-10 years will try the other A records if one fails to respond. This is sometimes called "browser retry" or "client retry" apparently. You'll pretty much only find stuff about it in the context of the various browser exploits which this feature enables against sites not using it (see DNS rebinding and DNS pinning, anti-dns pinning, anti-anti-dns pinning, anti-anti-anti-dns pinning, and so on). Kind of a bad reputation, but it does prove it exists.

Pretty much every browser does indeed receive the full list of A records, and does indeed check others if the one it is using fails. You can expect each client to have a 30 second wait when they first try to access a site when a server is down, until it connects to a working address. The browser will then cache which address is working and continue using that one for future requests unless it also fails, then it will have to search through the list again. So 30 second wait on first request, fine thereafter.

But it isn't something you necessarily want to use, it's going to have lots of caveats about browser compatibility, os compatibility, proxy compatibility, cache-control headers are going to have weird effects on whether it remembers which IPs are down or starts having that 30 second wait on every request, people writing custom clients for your site are going to end up using gethostbyname instead of getaddrinfo and not be able to handle the failover, all sorts of potential problems.

You also can't rely on multiple A records to allow for "master" and "slave" servers, because you'll never know which address a browser is going to pick out of the list. They all need to be just as capable of handling visitors if running, because any one might get traffic if it's up. A browser might think your third server out of the list is the most appealing, maybe it looks the closest, and it will choose that one even though all three are still up.

But if you can live with the limitations and have a reasonably simple HTTP system that you can predict the browser interaction with, it will work.

Oh, you'll also have to deal with a lot of people telling you this doesn't exist (since that was true 15 years ago). But you can try telnet-ing to a domain name with several A records, some with dead IPs and some good ones, if you need to prove it (yes, even good old telnet now uses getaddrinfo and handles multiple A records gracefully these days) -- it will print out a nice list of the IPs it's trying until it finally succeeds.

Vote Up Vote Down

@BetL925

The OS determines what IP to use, not the browser. Windows will round robin the returned list (in the list passed back from DNS), though will continue to use the same address until DNS is flushed or times out. *ix implementations depend partially on the bundled tcp stack implementation but typically follow a round robin method as well.

Vote Up Vote Down

@Goswami781

This is basic DNS load balancing distribution technique: DNS Round Robin.
This has nothing to do with browser, it depends on the implementation of the resolver , and the local/remote cache of the DNS address. Changes are that if a server fail, due to caching in the DNS layer your website may be inaccessible.

See here for a basic explanation about Round Robin DNS on WikiPedia.

Vote Up Vote Down