G
GuideDevOps
Lesson 13 of 28

DNS (Domain Name System)

Part of the Networking Basics tutorial series.

DNS translates human-readable domain names into IP addresses. It's the "phone book" of the internet—without it, you'd have to remember 192.0.2.1 instead of google.com.

What is DNS?

DNS (Domain Name System) maps domain names to IP addresses:

User enters:     google.com
                    ↓
             DNS resolver
                    ↓
Returns:      142.251.32.14 (IP address)
                    ↓
        Browser connects to that IP

Why DNS matters:

  • Humans remember names, not IP addresses
  • IP addresses change, names don't
  • Enables load balancing (same name, multiple IPs)
  • Critical for infrastructure as code

DNS Hierarchy

DNS uses a hierarchical structure:

.                          (root)
├─ .com                    (top-level domain - TLD)
│  ├─ google.com          (domain)
│  └─ example.com
├─ .org
├─ .net
└─ Internal domains
   └─ office.local
      ├─ api.office.local
      └─ db.office.local

DNS Query Types

Record TypePurposeExample
AIPv4 addressexample.com → 192.0.2.1
AAAAIPv6 addressexample.com → 2001:db8::1
CNAMEAlias (points to another domain)www.example.com → example.com
MXMail servermail.example.com (priority 10)
NSNameserverAuthoritative server for domain
SOAStart of AuthoritySerial, refresh, retry info
TXTText recordDKIM, SPF, verification
SRVService record_http._tcp.example.com (port/priority)
PTRReverse lookup192.0.2.1 → example.com

DNS Resolution Process

Scenario: You visit google.com

1. Your computer (client)
   "What's the IP for google.com?"
   → Queries configured DNS server

2. DNS Resolver (usually ISP or 8.8.8.8)
   "I don't know, let me ask the root nameserver"
   → Queries root nameserver (.)

3. Root Nameserver
   "Try asking .com nameserver"
   → Responds with .com NS address

4. .com Nameserver
   "Try asking google.com's nameserver"
   → Responds with google.com NS address

5. google.com Nameserver
   "google.com is 142.251.32.14"
   → Responds with A record

6. DNS Resolver
   "Got it! Client, google.com is 142.251.32.14"
   → Returns to your computer

7. Your Computer
   "Perfect! Connecting to 142.251.32.14"
   → Browser establishes connection

DNS Caching

DNS responses are cached at multiple levels:

Your browser cache (1 hour)
     ↓
OS resolver cache (varies by OS)
     ↓
ISP resolver cache (24 hours typical)
     ↓
Authoritative nameserver (TTL determines)

TTL (Time To Live): How long can resolver cache this answer?

example.com A record:
IP: 192.0.2.1
TTL: 3600 seconds (1 hour)

↓ Resolver caches for 1 hour
↓ After 1 hour, must query again

TTL Strategy:

✓ Long TTL (24 hours) = Stable infrastructure
✓ Short TTL (300s) = Frequent changes/blue-green deployment
✗ Never TTL=0 (forces query every time, slow)

Public DNS Servers

Common public DNS providers:

ProviderIP AddressUse
Google8.8.8.8, 8.8.4.4Free, reliable
Cloudflare1.1.1.1, 1.0.0.1Privacy-focused
Quad99.9.9.9, 149.112.112.112Security-focused
OpenDNS208.67.222.222, 208.67.220.220Parental controls
Your ISPUsually 192.168.1.1Local resolver

Configuring DNS

Set DNS on Client (Ubuntu/Debian):

# /etc/netplan/01-netcfg.yaml
network:
  version: 2
  ethernets:
    eth0:
      dhcp4: true
      dhcp4-overrides:
        use-dns: false  # Don't use DHCP DNS
      nameservers:
        addresses: [8.8.8.8, 8.8.4.4]  # Google DNS
        search: [office.local]            # Default domain

Apply:

sudo netplan apply

Check Current DNS:

# View configured DNS servers
cat /etc/resolv.conf
 
# Red Hat/CentOS
cat /etc/sysconfig/network-scripts/ifcfg-eth0

DNS Queries

Query a specific DNS server:

# Ask Google DNS about google.com
dig @8.8.8.8 google.com
 
# Output:
# google.com. 300 IN A 142.251.32.14
#           ↑   ↑  ↑ ↑
#        domain TTL class type

Reverse DNS lookup (IP → domain):

dig -x 142.251.32.14
 
# Result: google.com ← Points back from IP

Get all DNS records:

dig example.com ANY
 
# Shows: A, AAAA, MX, NS, SOA records

Short form queries:

# nslookup (older, simpler)
nslookup google.com
 
# host (very simple)
host google.com

Setting Up Internal DNS

Using Dnsmasq (lightweight DNS/DHCP):

# Install
sudo apt-get install dnsmasq
 
# Configure
sudo vi /etc/dnsmasq.conf
 
# Add:
address=/office.local/192.168.1.10
address=/api.office.local/192.168.1.20
address=/db.office.local/192.168.1.30
 
# Start
sudo systemctl restart dnsmasq

Using BIND (powerful DNS server):

# Install
sudo apt-get install bind9
 
# Configure zone file /etc/bind/zones/db.office.local
zone "office.local" {
    type master;
    file "/etc/bind/zones/db.office.local";
};
 
# Zone file content:
$TTL 3600
@  IN  SOA  ns1.office.local. admin.office.local. (
           2026040901  ; Serial
           3600        ; Refresh
           1800        ; Retry
           604800      ; Expire
           86400 )     ; Negative Cache TTL
 
@     IN  NS   ns1.office.local.
ns1   IN  A    192.168.1.10
api   IN  A    192.168.1.20
db    IN  A    192.168.1.30
www   IN  CNAME api.office.local.

DNS in Kubernetes

Every service gets DNS name automatically:

apiVersion: v1
kind: Service
metadata:
  name: my-api
  namespace: production
spec:
  selector:
    app: api
  ports:
  - port: 80
    targetPort: 8080

Automatic DNS names:

Within same namespace:
my-api:80

Across namespaces:
my-api.production.svc.cluster.local:80

All pods can resolve:
my-api → 10.0.0.50 (service IP)

Health Checks via DNS

Single Endpoint:

api.example.com → 192.0.2.1 (healthy)
              → 192.0.2.2 (backup if fails)

Round-robin DNS:

# Add multiple A records
dig api.example.com
 
# Response: Multiple IPs
apiexample.com. 300 IN A 192.0.2.1
api.example.com. 300 IN A 192.0.2.2
api.example.com. 300 IN A 192.0.2.3
 
# Each query returns in different order

DNS Best Practices

1. Use Appropriate TTLs

✓ 24 hours for stable infrastructure
✓ 5 minutes during deployments

2. Set Up Reverse DNS (PTR records)

# Helps with email deliverability
# Enables reverse lookups (IP → domain)

3. Monitor DNS Resolution

# Check for slow queries
dig example.com +stats
 
# Check query times
time dig example.com

4. Use Health Checks

✓ Remove unhealthy IPs from rotation
✓ Update DNS records automatically

5. Document DNS Records

Create DNS documentation:
- Public records
- Internal DNS entries
- Aliases and CNAMEs
- TTL settings

Common DNS Issues

"DNS resolution is slow"

1. Check current DNS server
   cat /etc/resolv.conf

2. Try faster provider
   nameserver 8.8.8.8

3. Check TTL values
   dig example.com +stats

"Name resolves to wrong IP"

1. Check cached value
   sudo systemctl restart systemd-resolved

2. Verify authoritative nameserver
   dig @ns1.example.com example.com

3. Wait for TTL expiry

"Internal domain not resolving"

1. Verify DNS server is running
   sudo systemctl status bind9

2. Check zone file syntax
   named-checkzone office.local /etc/bind/zones/db.office.local

3. Verify search domain
   cat /etc/resolv.conf

Key Concepts

  • DNS = Maps domain names to IP addresses
  • A Record = IPv4 address mapping
  • CNAME = Alias pointing to another domain
  • TTL = Cache lifetime in seconds
  • Resolver = Recursive DNS server that queries authorities
  • Authoritative = Canonical source for domain records
  • Reverse DNS = IP address to domain mapping
  • Round-robin = Multiple IPs for load balancing
  • Zone = DNS records for a domain
  • Always set appropriate TTLs and monitor DNS performance