What Are AAAA Records?

Introduction

DNS AAAA records (pronounced "quad-A records") are a fundamental component of IPv6 infrastructure, serving as the IPv6 equivalent of traditional A records. As the internet continues its transition from IPv4 to IPv6, understanding AAAA records has become essential for network administrators, developers, and anyone involved in web infrastructure management.

AAAA Record Definition and Purpose

A DNS AAAA record maps a domain name to an IPv6 address. Defined in RFC 3596 (which obsoleted the original RFC 1886 from 1995), the AAAA record type stores a single 128-bit IPv6 address in the DNS system. The record type has an IANA-assigned value of 28 (decimal).

The primary purpose of AAAA records is to enable DNS resolution for IPv6-enabled hosts. When a client queries a domain name, the DNS resolver can request AAAA records to obtain the IPv6 address associated with that hostname, allowing the client to establish connections over IPv6 networks.

AAAA Records vs. A Records

The fundamental difference between A and AAAA records lies in the address family they represent:

[A Records (IPv4)](what-is-ipv4-vs-ipv6)

Map domain names to 32-bit IPv4 addresses
Example: example.com → 192.0.2.1
Address format: Four decimal octets separated by periods
Address space: Approximately 4.3 billion unique addresses

AAAA Records (IPv6)

Map domain names to 128-bit IPv6 addresses
Example: example.com → 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Address format: Eight groups of four hexadecimal digits separated by colons
Address space: 340 undecillion unique addresses (3.4 × 10³⁸)

Both record types can coexist for the same domain name in what's known as a "dual-stack" configuration, allowing services to be accessible via both IPv4 and IPv6 simultaneously.

DNS Record Format and Syntax

BIND Zone File Format

In standard BIND zone file format, AAAA records follow this structure:

$ORIGIN example.com.
@       3600    IN      AAAA    2001:0db8:85a3:0000:0000:8a2e:0370:7334
www     3600    IN      AAAA    2607:f8b0:400a:800b::200e
ftp     86400   IN      AAAA    2001:470:1f18:2bf::201
*       3600    IN      AAAA    2602:ff13:0:8888::224

Record Anatomy

Each AAAA record consists of several components:

Host Label: The hostname or subdomain (e.g., www, ftp, @ for root domain)
TTL (Time To Live): Duration in seconds that the record should be cached (e.g., 3600 = 1 hour)
Record Class: Almost always IN (Internet)
Record Type: AAAA
Record Data: The IPv6 address in standard notation

Example Syntax Variations

# Full format
www.example.org.    600     IN      AAAA    2001:0dc8:86a4:0000:0000:7a2f:2360:2341

# Compressed IPv6 notation (leading zeros omitted, consecutive zero groups collapsed)
www.example.org.    600     IN      AAAA    2001:dc8:86a4::7a2f:2360:2341

# Wildcard subdomain
*.example.org.      1800    IN      AAAA    2600:1800:0::1

IPv6 Address Compression

IPv6 addresses in AAAA records can be written in compressed form:

Leading zeros in each group can be omitted: 0db8 → db8
One sequence of consecutive all-zero groups can be replaced with ::: 2001:0db8:0000:0000:0000:8a2e:0370:7334 → 2001:db8::8a2e:370:7334

How Browsers Use AAAA Records

Modern browsers and operating systems implement sophisticated algorithms for resolving and connecting to dual-stack hosts. The primary mechanism is defined in RFC 8305, known as "Happy Eyeballs Version 2."

DNS Query Process

When a browser attempts to connect to a domain:

Parallel DNS Queries: The client sends both AAAA and A queries nearly simultaneously, with the AAAA query issued first, immediately followed by the A query.
Asynchronous Resolution: The client doesn't wait for both query types to complete before attempting connections. DNS resolution is treated as an asynchronous process to minimize delay.
Resolution Delay: If a positive AAAA response arrives first, the browser immediately attempts an IPv6 connection. If the A response arrives first due to network conditions, the client waits approximately 50 milliseconds for the AAAA response to ensure IPv6 preference.

Connection Establishment

Once DNS records are resolved:

IPv6 Preference: Modern operating systems prefer IPv6 when both A and AAAA records are returned, typically attempting the IPv6 connection first.
Concurrent Connection Attempts: Rather than waiting for timeouts, browsers attempt connections to both IPv4 and IPv6 addresses in parallel, using whichever succeeds first (Happy Eyeballs).
Fallback Behavior: If IPv6 connection attempts fail or timeout, the browser quickly falls back to IPv4, ensuring connectivity even when IPv6 infrastructure is broken or misconfigured.

Handling Broken AAAA Records

A critical challenge in dual-stack deployments is "broken AAAA records"—DNS records containing seemingly valid IPv6 addresses that never respond to connection attempts. This can occur due to:

Firewall misconfigurations blocking IPv6 traffic
Incomplete IPv6 routing infrastructure
Server configuration issues

Happy Eyeballs mitigates this by racing connection attempts and falling back to working protocols quickly, minimizing user-visible delays.

Priority and Fallback Behavior

DNS Query Priority

In dual-stack environments, the query priority is:

AAAA query initiated first
A query initiated immediately after (typically within milliseconds)
Both queries processed in parallel

Connection Priority

Once addresses are resolved:

IPv6 addresses (from AAAA records) are typically preferred
Connection attempts to IPv6 and IPv4 addresses may race
The first successful connection is used
Failed protocols are avoided for subsequent requests (connection caching)

Fallback Scenarios

Scenario	Behavior
AAAA exists, IPv6 works	Use IPv6 exclusively (preferred path)
AAAA exists, IPv6 broken	Fall back to IPv4 after timeout/failure
No AAAA record	Use IPv4 only
No A record	Use IPv6 only
Neither record exists	Connection fails

Common DNS Providers and AAAA Support

All major DNS providers fully support AAAA records as of 2025:

Cloudflare DNS

Full AAAA record support with proxy capabilities
IPv6-enabled authoritative nameservers
Automatic dual-stack configuration options
Real-time DNSSEC for AAAA records

Example configuration via dashboard or API:

{
  "type": "AAAA",
  "name": "www",
  "content": "2001:db8::1",
  "ttl": 3600,
  "proxied": true
}

AWS Route 53

Native AAAA and PTR (reverse) IPv6 record support
Alias records support AAAA type
Route 53 service itself accessible via IPv6
Health checks for AAAA-resolved endpoints

Example AWS CLI command:

aws route53 change-resource-record-sets --hosted-zone-id Z123456 \
  --change-batch '{
    "Changes": [{
      "Action": "CREATE",
      "ResourceRecordSet": {
        "Name": "www.example.com",
        "Type": "AAAA",
        "TTL": 300,
        "ResourceRecords": [{"Value": "2001:db8::1"}]
      }
    }]
  }'

Google Cloud DNS

Comprehensive AAAA record support
Managed zone migration tools support AAAA records
DNSSEC-enabled zones support AAAA signatures
Integration with Google Cloud Load Balancers (dual-stack)

Other Providers

Virtually all modern DNS hosting providers support AAAA records, including:

Namecheap, GoDaddy, Name.com (domain registrars)
DNSimple, NS1, Dyn (managed DNS services)
Self-hosted solutions (BIND, PowerDNS, Unbound)

Best Practices for Dual-Stack DNS

1. Service Parity

Ensure functional parity between IPv4 and IPv6:

Don't publish AAAA records unless the IPv6 path is fully functional
Test end-to-end connectivity before deploying AAAA records
Verify that all services listening on IPv4 are also available on IPv6
Monitor both protocols for performance and availability

2. Dual-Stack Nameservers

Configure authoritative nameservers for dual-stack:

# Nameserver glue records must include both A and AAAA
ns1.example.com.    IN      A       192.0.2.1
ns1.example.com.    IN      AAAA    2001:db8:1::1
ns2.example.com.    IN      A       192.0.2.2
ns2.example.com.    IN      AAAA    2001:db8:2::1

Authoritative DNS servers must:

Listen on both IPv4 and IPv6 transport
Respond to queries over both protocols
Include both A and AAAA records for nameserver hostnames

3. Glue Records

When delegating subdomains, ensure parent zones contain both A and AAAA glue records:

Missing AAAA glue breaks resolution for IPv6-only clients
Missing A glue breaks resolution for IPv4-only clients
Verify parent zone configuration includes both record types

4. Network Path Validation

Before deploying AAAA records, validate:

IPv6 routing is configured end-to-end
Firewalls permit IPv6 traffic on required ports
Load balancers support IPv6 if in use
CDN configurations include IPv6 endpoints
Monitoring systems can reach hosts via IPv6

5. Consistent Record Management

# Good: Both protocols configured
example.com.        IN      A       192.0.2.1
example.com.        IN      AAAA    2001:db8::1
www.example.com.    IN      A       192.0.2.1
www.example.com.    IN      AAAA    2001:db8::1

# Bad: Inconsistent dual-stack (www missing AAAA)
example.com.        IN      A       192.0.2.1
example.com.        IN      AAAA    2001:db8::1
www.example.com.    IN      A       192.0.2.1
# Missing: www.example.com AAAA record

6. TTL Considerations

Use conservative TTLs when initially deploying AAAA records (e.g., 300-600 seconds)
Allows quick rollback if IPv6 connectivity issues are discovered
Increase TTL once IPv6 stability is confirmed
Match TTLs between A and AAAA records for consistency

7. Testing and Monitoring

Validate AAAA record deployment using standard tools:

# Query AAAA records specifically
dig AAAA example.com

# Query all records
dig ANY example.com

# Test from specific nameserver
dig @8.8.8.8 AAAA example.com

# Trace delegation path
dig +trace AAAA example.com

# Verify IPv6 connectivity
ping6 example.com
traceroute6 example.com

8. Comprehensive Testing Tools

Use online testing services to validate dual-stack configuration:

test-ipv6.run - Comprehensive IPv6 connectivity and dual-stack testing
ipv6-test.com - Quick IPv6 capability assessment
test-ipv6.com - Detailed protocol preference detection

Configuration Examples

Example 1: Simple Dual-Stack Website

; Zone file for example.com
$ORIGIN example.com.
$TTL 3600

; Root domain
@       IN      A       192.0.2.1
@       IN      AAAA    2001:db8::1

; www subdomain
www     IN      A       192.0.2.1
www     IN      AAAA    2001:db8::1

; Mail server
mail    IN      A       192.0.2.10
mail    IN      AAAA    2001:db8::10

; MX record points to mail server
@       IN      MX      10 mail.example.com.

Example 2: CDN-Backed Configuration

; Primary domain with CDN AAAA
@       IN      A       192.0.2.1
@       IN      AAAA    2606:4700:10::1234

; www as CNAME to CDN (inherits both A and AAAA from CDN)
www     IN      CNAME   cdn.example.com.

; CDN endpoint with dual-stack
cdn     IN      A       192.0.2.100
cdn     IN      AAAA    2606:4700:20::5678

Example 3: Load-Balanced Infrastructure

; Multiple A and AAAA records for round-robin load balancing
@       IN      A       192.0.2.1
@       IN      A       192.0.2.2
@       IN      A       192.0.2.3
@       IN      AAAA    2001:db8::1
@       IN      AAAA    2001:db8::2
@       IN      AAAA    2001:db8::3

Testing Your AAAA Records

Using Command-Line Tools

# Basic AAAA query
$ dig AAAA example.com +short
2001:db8::1

# Detailed query with all information
$ dig AAAA example.com

;; ANSWER SECTION:
example.com.    3600    IN    AAAA    2001:db8::1

# Query specific nameserver
$ dig @ns1.example.com AAAA www.example.com

# Check both A and AAAA
$ dig example.com A example.com AAAA +short
192.0.2.1
2001:db8::1

Using Online Tools

For comprehensive dual-stack testing, visit test-ipv6.run to:

Test your browser's IPv6 connectivity
Verify AAAA record resolution
Check dual-stack preference behavior
Measure IPv4 vs IPv6 latency
Receive an IPv6 readiness score

The test performs:

IPv4-only connectivity test (A records)
IPv6-only connectivity test (AAAA records)
Dual-stack test (both A and AAAA records)
Protocol preference detection
Latency comparisons

Common Issues and Troubleshooting

Issue 1: AAAA Record Exists But Connections Fail

Symptoms: DNS resolves IPv6 address, but connections timeout

Causes:

Firewall blocking IPv6 traffic
Missing IPv6 routing
Server not listening on IPv6

Solution:

# Verify server is listening on IPv6
netstat -an | grep ':80.*LISTEN'
# Should show both [::]:80 (IPv6) and 0.0.0.0:80 (IPv4)

# Test local IPv6 connectivity
ping6 localhost
curl -6 http://[2001:db8::1]/

Issue 2: Inconsistent AAAA Resolution

Symptoms: AAAA records resolve intermittently

Causes:

Missing AAAA glue records
Some nameservers lacking AAAA records
DNS caching issues

Solution:

# Verify all nameservers return AAAA
dig @ns1.example.com AAAA example.com
dig @ns2.example.com AAAA example.com

# Check glue records at parent
dig +trace AAAA example.com

Issue 3: Slow IPv6 Connections

Symptoms: IPv6 connections work but are slower than IPv4

Causes:

Suboptimal IPv6 routing
MTU issues (Path MTU Discovery)
Tunnel overhead (if using 6to4, Teredo, etc.)

Solution:

Use native IPv6 connectivity when possible
Check MTU settings (ping6 -M do -s 1400 example.com)
Verify routing with traceroute6

Conclusion

AAAA records are essential infrastructure for the modern internet's transition to IPv6. Understanding their format, behavior, and best practices ensures robust dual-stack deployments that serve all users regardless of their network configuration.

Key takeaways:

AAAA records map domain names to 128-bit IPv6 addresses
They coexist with A records in dual-stack configurations
Modern browsers use Happy Eyeballs to prefer IPv6 while maintaining IPv4 fallback
All major DNS providers fully support AAAA records
Proper deployment requires service parity, network validation, and comprehensive testing

As IPv6 adoption continues to grow globally, AAAA records will become increasingly important. Organizations should prioritize IPv6 enablement, starting with proper AAAA record configuration and validation.

Test your IPv6 configuration today at test-ipv6.run to ensure your infrastructure is ready for the IPv6 future.

Additional Resources

RFC 3596: DNS Extensions to Support IP Version 6 (https://datatracker.ietf.org/doc/html/rfc3596)
RFC 8305: Happy Eyeballs Version 2 (https://datatracker.ietf.org/doc/html/rfc8305)
IPv6 Address Architecture: RFC 4291 (https://datatracker.ietf.org/doc/html/rfc4291)
DNS Best Practices: RFC 8906 (https://datatracker.ietf.org/doc/html/rfc8906)
test-ipv6.run: Comprehensive IPv6 Testing Tool

Last updated: October 2025