DNS (Domain Name System)
DNS (Domain Name System)
1. The Core Problem DNS Solves
Humans use:
google.com
Networks use:
142.250.74.14
DNS exists to bridge that gap:
Translate human-readable names into IP addresses (and more).
But that’s only the surface.
DNS is actually:
- A distributed database
- A hierarchical naming system
- A critical control plane of the internet
2. DNS Architecture — Hierarchical Design
DNS is not centralized. It is hierarchical and distributed.
Structure:
. (root)
├── com
│ ├── google.com
│ └── example.com
├── org
└── net
Visual Hierarchy
Levels Explained
- Root servers
- TLD servers (.com, .org, .net)
- Authoritative servers (domain owners)
Example organizations involved:
- ICANN
- Verisign
3. DNS Resolution — How a Query Actually Works
This is the most important part.
Two types of queries:
- Recursive
- Iterative
Step-by-step resolution
Client asks: example.com
- Client → Resolver (recursive)
- Resolver → Root server
- Root → TLD server (.com)
- TLD → Authoritative server
- Authoritative → returns IP
- Resolver → client
Visual Flow
4. DNS Components
1. Stub Resolver
- On your device
- Sends queries
2. Recursive Resolver
- Usually ISP or public service
- Does full lookup
Examples:
- Google Public DNS
- Cloudflare DNS
3. Authoritative Name Server
- Holds actual domain records
5. DNS Records (Core Knowledge)
DNS is not just A records.
Most important types:
| Record | Purpose |
|---|---|
| A | IPv4 address |
| AAAA | IPv6 address |
| CNAME | Alias |
| MX | Mail server |
| NS | Name server |
| TXT | Arbitrary data (SPF, verification) |
| PTR | Reverse lookup |
Example
example.com → A → 93.184.216.34
6. Forward vs Reverse DNS
Forward DNS
domain → IP
Reverse DNS
IP → domain
Uses special domain:
in-addr.arpa(IPv4)ip6.arpa(IPv6)
7. DNS Transport Protocol
DNS uses:
- UDP port 53 (default, fast)
- TCP port 53 (fallback, large responses)
8. Caching — Performance Backbone
DNS relies heavily on caching.
TTL (Time To Live)
Example:
TTL = 3600 seconds
Benefits:
- Reduces latency
- Reduces load
9. DNS Zones and Delegation
A zone is a portion of the DNS namespace.
Zone file contains:
- Records
- SOA (Start of Authority)
Delegation Example
.comdelegatesexample.com- Authoritative server manages it
10. DNS Load Balancing
DNS can distribute traffic:
example.com → multiple IPs
Used for:
- Load balancing
- Geo-routing
11. DNS Security
DNS was originally not secure.
Problems:
- Cache poisoning
- Spoofing
Solution: DNSSEC
Adds:
- Authentication
- Integrity
But:
- Not encryption
12. Modern DNS Enhancements
DNS over HTTPS (DoH)
- Encrypts DNS queries over HTTPS
DNS over TLS (DoT)
- Secure DNS channel
13. Real-World DNS Infrastructure
Large-scale systems use:
- Anycast routing
- Distributed global servers
- Redundant authoritative clusters
Example providers:
- Amazon Route 53
- Cloudflare
14. DNS and CDN (Critical Insight)
DNS is used for:
- Traffic steering
- Performance optimization
Example:
- User in Europe → European server
- User in Asia → Asian server
15. Common DNS Failures
You need to recognize these:
- Misconfigured NS records
- Wrong TTL values
- Cache inconsistency
- Propagation delays
16. DNS Propagation (Reality vs Myth)
DNS doesn’t “propagate” — caches expire.
Delay depends on:
- TTL
- Resolver behavior
17. Key Engineering Insights
If you want to operate at a high level:
- DNS is a distributed database, not just a lookup tool
- Caching strategy is critical
- DNS is part of your security surface
- Many outages are actually DNS failures
18. Final Summary
DNS is:
- A hierarchical, distributed naming system
- Responsible for translating names into IPs
- Built on recursive resolution and caching
- Essential to every internet service
Without DNS:
The internet is unusable for humans.