SDI.
All Concepts
Networkingname-resolutionA-recordCNAMETTLrecursive-resolverauthoritativeanycastlatency

Domain Name System (DNS)

The Domain Name System (DNS) translates human-readable domain names (example.com) into IP addresses (93.184.216.34) that computers use to route network traffic.

DNS is the internet's phone book. When you type example.com in a browser, your device asks a recursive resolver (usually your ISP's or a public one like 8.8.8.8) to find the IP address. The resolver walks the DNS hierarchy: root servers (.) → TLD servers (.com) → authoritative nameservers (example.com's NS) → returns the IP. Responses are cached at every level based on TTL (Time-To-Live). Key record types: A (domain → IPv4), AAAA (→ IPv6), CNAME (alias), MX (mail), NS (nameserver), TXT (metadata).

Tradeoffs

Strengths

  • Universal: Every internet-connected device uses DNS — it's the most fundamental naming system.
  • Hierarchical and distributed: No single point of failure (root servers are massively redundant).
  • Caching efficiency: TTL-based caching reduces query volume dramatically.
  • Global load balancing: Geo-DNS and latency-based routing enable traffic distribution without client changes.
  • Simple interface: Clients just resolve a name — no awareness of backend complexity needed.

Weaknesses

  • Propagation delay: DNS changes are limited by TTL — can't switch traffic instantly.
  • No real-time health awareness: DNS caches don't know when a backend goes down; stale records cause failures.
  • Security weaknesses: DNS was designed without encryption or authentication; DNSSEC adoption is low.
  • Limited load balancing: DNS round-robin doesn't account for server load, connection count, or health.
  • Client-side caching unpredictability: Browsers, OSes, and ISP resolvers cache differently, making TTL behavior inconsistent.
  • Single point of failure risk: If your authoritative DNS provider goes down, your entire domain is unreachable.

Likely Follow-Up Questions

  • How would you design a DNS failover strategy for a multi-region application?
  • What is the impact of DNS TTL on failover time?
  • How does DNS-based load balancing compare to application-level load balancing?
  • What is DNSSEC and why isn't it universally adopted?
  • How does DNS work in a Kubernetes cluster?
  • What happens when a DNS provider goes down (like the Dyn attack in 2016)?

Related Concepts

Load BalancingContent Delivery NetworksReverse ProxyTCP vs UDPMicroservices Architecture

Source: editorial — Synthesized from RFC 1035, Cloudflare/Route 53 documentation, ICANN root server publications, and DNS security research.

Command Palette

Search for a command to run...