Round-Robin DNS Explained

Round-robin DNS is the simplest way to put more than one endpoint behind one DNS name.

Instead of publishing one A record:

www 300 IN A 203.0.113.10

you publish several:

www 300 IN A 203.0.113.10
www 300 IN A 203.0.113.11
www 300 IN A 203.0.113.12

When a resolver asks for www.example.com, the authoritative server returns the set of addresses. Different resolvers and clients may use different orders or cache different answers, so traffic spreads out roughly.

What Round-Robin DNS Does Well

Round-robin is useful when all endpoints are equivalent:

• same application version
• same region or acceptable latency from all users
• same capacity
• same health status
• same TLS and HTTP behavior

Good example:

three web nodes behind the same deployment, all healthy, all interchangeable

In that case, round-robin can reduce reliance on one IP address.

What It Does Not Do

Round-robin DNS does not perform active load balancing.

It does not know:

• which server is overloaded
• which server is down
• which server is closest to a user
• whether a deploy broke one endpoint
• whether a firewall blocks one region

If this record set is published:

www 300 IN A 203.0.113.10
www 300 IN A 203.0.113.11
www 300 IN A 203.0.113.12

and 203.0.113.11 fails, DNS will still hand it out until the record is removed or a health-check system withdraws it.

That is the main trap.

Why Traffic Is Not Even

People often expect three A records to mean exactly one third of traffic per IP.

That is not how DNS works.

Unevenness comes from several places:

• Recursive resolvers cache answers for many users.
• Some resolvers preserve order; some rotate it.
• Some clients try the first address only.
• Some clients retry another address on failure.
• Large public resolvers can represent many users behind one cache.
• Low TTLs help but do not remove resolver behavior.

Round-robin is approximate distribution, not a traffic contract.

Round-Robin with A and AAAA Records

IPv4:

api 300 IN A 203.0.113.10
api 300 IN A 203.0.113.11

IPv6:

api 300 IN AAAA 2001:db8::10
api 300 IN AAAA 2001:db8::11

Dual-stack:

api 300 IN A    203.0.113.10
api 300 IN A    203.0.113.11
api 300 IN AAAA 2001:db8::10
api 300 IN AAAA 2001:db8::11

Dual-stack clients decide between IPv4 and IPv6 using their own address-selection logic. Round-robin does not control that choice.

Round-Robin vs Failover

If you need failover, read DNS failover design patterns.

Round-Robin vs Anycast

Round-robin publishes several destination addresses.

Anycast publishes one address from many physical locations:

round-robin: one name -> many IPs
anycast:     one IP -> many network locations

For authoritative DNS itself, anycast is the normal modern answer. For your application endpoints, round-robin may still be useful, but it is usually less precise than a load balancer or traffic-steering system.

See What is Anycast DNS? for the routing side.

When Round-Robin Is Enough

Use it when:

• all targets are healthy and equivalent
• downtime on one target is tolerable
• the app retries cleanly
• you want simple distribution, not precise steering
• you can remove bad records quickly

Avoid it as the only resilience mechanism when:

• one bad endpoint creates user-visible errors
• endpoints live in different regions with very different latency
• health state changes often
• you need compliance-grade disaster recovery
• traffic weights matter

Safer Operating Pattern

If you use round-robin:

1. Keep TTL moderate, often 60-300 seconds for active endpoints.
2. Monitor every target independently.
3. Automate record removal for hard failures if possible.
4. Keep capacity headroom so remaining endpoints survive one failure.
5. Test client retry behavior, not just DNS answers.

DNS can point traffic at endpoints. It cannot make unhealthy endpoints healthy.

Related Reading

• DNS failover design patterns
• Latency-based DNS routing
• GeoDNS and traffic steering
• What is TTL?