#DNS (Domain Name System)
Master DNS concepts and troubleshooting - essential for every DevOps engineer.
#π― Learning Objectives
- Understand how DNS resolution works
- Configure and troubleshoot DNS records
- Use DNS tools for diagnostics
- Implement DNS in cloud environments
#How DNS Works
DNS translates human-readable domain names (like google.com) into IP addresses (like 142.250.80.46).
#DNS Resolution Flow
diagram
βββββββββββ ββββββββββββββββ βββββββββββββββ
β Browser ββββββΊβ Recursive ββββββΊβ Root DNS β
β β β Resolver β β (.) β
βββββββββββ ββββββββββββββββ βββββββββββββββ
β β
β ββββββββ΄βββββββ
β βΌ β
β βββββββββββββββ β
β β TLD DNS ββββββ
β β (.com) β
β βββββββββββββββ
β β
β ββββββββ΄βββββββ
β βΌ β
β βββββββββββββββ β
βββΊβAuthoritativeββββββ
β DNS β
β(google.com) β
βββββββββββββββ#Resolution Steps
- Browser Cache - Check local browser DNS cache
- OS Cache - Check operating system DNS cache
- Recursive Resolver - Query ISP or configured DNS server (8.8.8.8)
- Root Server - Returns TLD server address (.com, .org, etc.)
- TLD Server - Returns authoritative nameserver address
- Authoritative Server - Returns the actual IP address
#DNS Record Types
| Record | Purpose | Example | Use Case |
|---|---|---|---|
| A | IPv4 address | example.com β 93.184.216.34 | Point domain to server |
| AAAA | IPv6 address | example.com β 2606:2800:220:1:: | IPv6 support |
| CNAME | Canonical name (alias) | www.example.com β example.com | Subdomain aliases |
| MX | Mail exchange | example.com β mail.example.com (priority 10) | Email routing |
| TXT | Text data | example.com β "v=spf1 include:_spf.google.com" | SPF, DKIM, verification |
| NS | Nameserver | example.com β ns1.example.com | Delegate DNS authority |
| SOA | Start of Authority | Zone metadata | Zone configuration |
| SRV | Service location | _sip._tcp.example.com | Service discovery |
| PTR | Reverse DNS | 34.216.184.93 β example.com | Reverse lookups |
| CAA | Certificate Authority | example.com CAA 0 issue "letsencrypt.org" | SSL certificate control |
#Record Examples in Detail
#A Record
# Points domain to IPv4 address
example.com. IN A 93.184.216.34
api.example.com. IN A 93.184.216.35#CNAME Record
1# Alias - www points to root domain
2www.example.com. IN CNAME example.com.
3blog.example.com. IN CNAME example.com.
4
5# CDN alias
6static.example.com. IN CNAME d1234.cloudfront.net.#MX Record (Mail)
# Email routing with priority (lower = higher priority)
example.com. IN MX 10 mail1.example.com.
example.com. IN MX 20 mail2.example.com.#TXT Record (Verification & Security)
1# SPF record - email authentication
2example.com. IN TXT "v=spf1 include:_spf.google.com ~all"
3
4# DKIM record
5selector._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; p=MIGfMA0..."
6
7# Domain verification
8example.com. IN TXT "google-site-verification=abc123..."#DNS Tools & Commands
#dig (DNS lookup utility)
bash
1# Basic lookup
2dig example.com
3
4# Specific record type
5dig example.com A
6dig example.com MX
7dig example.com TXT
8dig example.com NS
9
10# Short answer only
11dig +short example.com
12
13# Query specific DNS server
14dig @8.8.8.8 example.com
15
16# Trace full resolution path
17dig +trace example.com
18
19# Reverse DNS lookup
20dig -x 93.184.216.34
21
22# Check all record types
23dig example.com ANY#nslookup
bash
1# Basic lookup
2nslookup example.com
3
4# Query specific DNS server
5nslookup example.com 8.8.8.8
6
7# Interactive mode
8nslookup
9> set type=MX
10> example.com
11> exit
12
13# Reverse lookup
14nslookup 93.184.216.34#host
bash
1# Simple lookup
2host example.com
3
4# Specific record type
5host -t MX example.com
6host -t TXT example.com
7
8# Verbose output
9host -v example.com#Windows PowerShell
powershell
1# Resolve DNS
2Resolve-DnsName example.com
3
4# Specific record type
5Resolve-DnsName -Name example.com -Type MX
6Resolve-DnsName -Name example.com -Type TXT
7
8# Query specific server
9Resolve-DnsName -Name example.com -Server 8.8.8.8#DNS Caching
#Check Local DNS Cache
bash
1# Linux (systemd-resolved)
2resolvectl statistics
3resolvectl query example.com
4
5# macOS
6sudo dscacheutil -statistics
7
8# Windows
9ipconfig /displaydns#Clear DNS Cache
bash
1# Linux (systemd-resolved)
2sudo resolvectl flush-caches
3# or
4sudo systemd-resolve --flush-caches
5
6# macOS
7sudo dscacheutil -flushcache
8sudo killall -HUP mDNSResponder
9
10# Windows
11ipconfig /flushdns#TTL (Time To Live)
TTL determines how long DNS records are cached:
bash
1# Check TTL in dig output
2dig example.com
3
4# Output shows TTL in seconds:
5# example.com. 300 IN A 93.184.216.34
6# ^^^^ TTL = 300 seconds (5 minutes)Common TTL values:
- 300 (5 min): Dynamic content, frequent changes
- 3600 (1 hour): Normal websites
- 86400 (24 hours): Stable infrastructure
- 604800 (1 week): Rarely changing records
#DNS Configuration Files
#Linux: /etc/resolv.conf
bash
1# View current DNS configuration
2cat /etc/resolv.conf
3
4# Example configuration
5nameserver 8.8.8.8 # Primary DNS (Google)
6nameserver 8.8.4.4 # Secondary DNS (Google)
7nameserver 1.1.1.1 # Tertiary DNS (Cloudflare)
8search example.com # Default search domain
9options timeout:2 attempts:3#Linux: /etc/hosts
bash
1# Local hostname resolution (highest priority)
2cat /etc/hosts
3
4# Example entries
5127.0.0.1 localhost
6127.0.1.1 myhostname
7192.168.1.100 myserver.local myserver
810.0.0.50 database.internal db#DNS in Cloud Environments
#AWS Route 53
bash
1# Common record types in Route 53
2# - Simple routing: Single resource
3# - Weighted: A/B testing, gradual migration
4# - Latency-based: Route to lowest latency region
5# - Failover: Active-passive setup
6# - Geolocation: Route by user location#Kubernetes DNS (CoreDNS)
bash
1# Service discovery format
2<service-name>.<namespace>.svc.cluster.local
3
4# Examples
5mysql.default.svc.cluster.local
6api.production.svc.cluster.local
7
8# Pod DNS
9<pod-ip-dashed>.<namespace>.pod.cluster.local
1010-244-1-5.default.pod.cluster.local#Troubleshooting DNS Issues
#Common Problems & Solutions
| Problem | Symptoms | Solution |
|---|---|---|
| DNS not resolving | "Name or service not known" | Check /etc/resolv.conf, try different DNS server |
| Slow resolution | Delayed page loads | Lower TTL, use faster DNS (1.1.1.1) |
| Wrong IP returned | Site shows wrong content | Check for cached records, flush cache |
| Propagation delay | Old IP still resolving | Wait for TTL expiry (up to 48 hours) |
| NXDOMAIN error | Domain not found | Verify domain exists and is registered |
#Diagnostic Steps
bash
1# 1. Check if DNS resolution works at all
2dig google.com +short
3
4# 2. Try different DNS servers
5dig @8.8.8.8 example.com
6dig @1.1.1.1 example.com
7
8# 3. Check for propagation
9dig @ns1.example.com example.com # Authoritative
10dig @8.8.8.8 example.com # Public resolver
11
12# 4. Verify local configuration
13cat /etc/resolv.conf
14cat /etc/hosts
15
16# 5. Check for DNS response time
17dig example.com | grep "Query time"#Popular Public DNS Servers
| Provider | Primary | Secondary | Features |
|---|---|---|---|
| 8.8.8.8 | 8.8.4.4 | Fast, reliable | |
| Cloudflare | 1.1.1.1 | 1.0.0.1 | Privacy-focused, fastest |
| Quad9 | 9.9.9.9 | 149.112.112.112 | Security/malware blocking |
| OpenDNS | 208.67.222.222 | 208.67.220.220 | Parental controls |
#Key Takeaways
- A records map domains to IPs; CNAME creates aliases
- MX records route email; TXT records store metadata (SPF, DKIM)
- Master
digcommand for DNS troubleshooting - Always check TTL when making DNS changes
- DNS propagation can take up to 48 hours globally
[!TIP] Pro Tip: Use
dig +trace example.comto see the complete DNS resolution path from root servers to authoritative nameservers.
[!IMPORTANT] Before DNS changes: Lower TTL 24-48 hours in advance, make the change, then restore TTL. This minimizes downtime during migrations.