DNS — The Internet's Directory Service

When you type github.com, your browser doesn't know where github.com lives. DNS (Domain Name System) is the global distributed database that translates names to IP addresses. Without it, you'd have to memorise 140.82.121.4 instead of github.com.

Why DNS is Distributed

There are over 350 million registered domain names. A single server couldn't handle global query load (trillions per day) or be a single point of failure. DNS is designed as a distributed, hierarchical, cached system.

The DNS Hierarchy

Each level is managed by different nameservers:

Root nameservers: 13 logical servers (A–M), anycast to 1500+ physical servers worldwide. Know where TLD servers are.
TLD nameservers: run by ICANN, registrars (Verisign for .com). Know where each domain's nameservers are.
Authoritative nameservers: run by the domain owner (or their DNS provider). Hold the actual DNS records.

The Full Resolution Process

text

Each step is a UDP query (usually) to port 53.

DNS Record Types

Type	Meaning	Example
A	Hostname → IPv4 address	`github.com → 140.82.121.4`
AAAA	Hostname → IPv6 address	`github.com → 2606:50c0:8003::154`
CNAME	Alias → canonical hostname	`www.github.com → github.com`
MX	Mail exchanger (with priority)	`github.com MX 1 aspmx.l.google.com`
TXT	Arbitrary text	SPF records, DKIM keys, domain verification
NS	Nameserver for a zone	`github.com NS ns1.github.com`
PTR	Reverse DNS: IP → hostname	`140.82.121.4 → github.com`
SOA	Start of Authority: zone metadata	Serial number, refresh interval
SRV	Service location	`_http._tcp.example.com 5 0 80 server.example.com`

TTL — Time to Live

Every DNS record has a TTL (in seconds). After TTL expires, caches discard the record and re-query.

text

TTL trade-offs:

Low TTL: changes propagate quickly; higher load on nameservers
High TTL: less DNS traffic; DNS changes take longer to propagate

Before changing a DNS record: lower the TTL days in advance so the old value expires quickly once you make the change.

Recursive vs Iterative Resolution

Recursive resolver (what you use): you ask it one question, it does all the work and returns the answer.

Iterative resolution (what resolvers do internally): each nameserver returns the next server to ask, not the final answer.

Your DNS resolver (configured in /etc/resolv.conf or DHCP) does recursive resolution on your behalf.

Popular Public Resolvers

Resolver	IP	Provider
8.8.8.8	Google	Speed, reliability
1.1.1.1	Cloudflare	Privacy-focused
9.9.9.9	Quad9	Malware blocking
208.67.222.222	OpenDNS	Content filtering

Python: DNS Lookups

python

DNS Caching Chain

Caching happens at multiple levels — each with its own TTL tracking:

text

/etc/hosts is checked before DNS — you can override any name locally:

text

DNS Security

DNS Spoofing / Cache Poisoning: an attacker injects fake DNS responses into a resolver's cache, redirecting users to malicious IPs.

DNSSEC (DNS Security Extensions): digitally signs DNS records so resolvers can verify authenticity. Widely deployed for TLDs but not yet universal at the domain level.

DoH (DNS over HTTPS) and DoT (DNS over TLS): encrypt DNS queries to prevent eavesdropping and tampering. Used by modern browsers and OS resolvers.

Key Takeaways

DNS translates hostnames to IPs via a distributed, hierarchical, cached system
Root → TLD → authoritative nameservers; each knows who to ask next
TTL controls how long caches hold a record — lower TTL means faster propagation
A, AAAA, CNAME, MX, TXT are the most common record types
DNSSEC signs records; DoH/DoT encrypts queries — together they harden DNS against attack

DNS — The Internet's Directory Service

Why DNS is Distributed

The DNS Hierarchy

Each level is managed by different nameservers:

Root nameservers: 13 logical servers (A–M), anycast to 1500+ physical servers worldwide. Know where TLD servers are.
TLD nameservers: run by ICANN, registrars (Verisign for .com). Know where each domain's nameservers are.
Authoritative nameservers: run by the domain owner (or their DNS provider). Hold the actual DNS records.

The Full Resolution Process

text

Each step is a UDP query (usually) to port 53.

DNS Record Types

Type	Meaning	Example
A	Hostname → IPv4 address	`github.com → 140.82.121.4`
AAAA	Hostname → IPv6 address	`github.com → 2606:50c0:8003::154`
CNAME	Alias → canonical hostname	`www.github.com → github.com`
MX	Mail exchanger (with priority)	`github.com MX 1 aspmx.l.google.com`
TXT	Arbitrary text	SPF records, DKIM keys, domain verification
NS	Nameserver for a zone	`github.com NS ns1.github.com`
PTR	Reverse DNS: IP → hostname	`140.82.121.4 → github.com`
SOA	Start of Authority: zone metadata	Serial number, refresh interval
SRV	Service location	`_http._tcp.example.com 5 0 80 server.example.com`

TTL — Time to Live

Every DNS record has a TTL (in seconds). After TTL expires, caches discard the record and re-query.

text

TTL trade-offs:

Low TTL: changes propagate quickly; higher load on nameservers
High TTL: less DNS traffic; DNS changes take longer to propagate

Before changing a DNS record: lower the TTL days in advance so the old value expires quickly once you make the change.

Recursive vs Iterative Resolution

Recursive resolver (what you use): you ask it one question, it does all the work and returns the answer.

Iterative resolution (what resolvers do internally): each nameserver returns the next server to ask, not the final answer.

Your DNS resolver (configured in /etc/resolv.conf or DHCP) does recursive resolution on your behalf.

Popular Public Resolvers

Resolver	IP	Provider
8.8.8.8	Google	Speed, reliability
1.1.1.1	Cloudflare	Privacy-focused
9.9.9.9	Quad9	Malware blocking
208.67.222.222	OpenDNS	Content filtering

Python: DNS Lookups

python

DNS Caching Chain

Caching happens at multiple levels — each with its own TTL tracking:

text

/etc/hosts is checked before DNS — you can override any name locally:

text

DNS Security

DNS Spoofing / Cache Poisoning: an attacker injects fake DNS responses into a resolver's cache, redirecting users to malicious IPs.

DNSSEC (DNS Security Extensions): digitally signs DNS records so resolvers can verify authenticity. Widely deployed for TLDs but not yet universal at the domain level.

DoH (DNS over HTTPS) and DoT (DNS over TLS): encrypt DNS queries to prevent eavesdropping and tampering. Used by modern browsers and OS resolvers.

Key Takeaways

DNS translates hostnames to IPs via a distributed, hierarchical, cached system
Root → TLD → authoritative nameservers; each knows who to ask next
TTL controls how long caches hold a record — lower TTL means faster propagation
A, AAAA, CNAME, MX, TXT are the most common record types
DNSSEC signs records; DoH/DoT encrypts queries — together they harden DNS against attack