Skip to content
My Docs

Dns Domain Name System

Category: Network Fundamentals
Type: Network Concepts
Generated on: 2025-07-10 08:54:01
For: Network Engineering, Administration & Technical Interviews

DNS (Domain Name System) Cheatsheet

Section titled “DNS (Domain Name System) Cheatsheet”

  • What is DNS? A hierarchical and decentralized naming system for computers, services, or any resource connected to the Internet or a private network. It translates human-readable domain names (e.g., google.com) into IP addresses (e.g., 142.250.180.142) that computers use to communicate.

  • Why is it important? DNS is fundamental to the Internet’s usability. Without it, we’d have to remember IP addresses for every website and service we want to use. It provides a user-friendly and scalable way to manage network resources. It also supports features like load balancing, failover, and security.

  • Domain Name: A human-readable name used to identify a resource on the Internet (e.g., example.com).

  • IP Address: A numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. (e.g., 192.168.1.1, 2001:db8::1).

  • DNS Server: A server that stores DNS records and responds to DNS queries.

  • Authoritative DNS Server: A server that has the final authority for a specific domain and holds the actual DNS records.

  • Recursive DNS Server (Resolver): A server that performs recursive queries on behalf of a client to resolve a domain name. Often provided by ISPs or public DNS services (e.g., Google DNS, Cloudflare DNS).

  • DNS Record: A database record used to map a domain name to an IP address or other information. Common types include:

    • A (Address): Maps a hostname to an IPv4 address.
    • AAAA (Quad-A): Maps a hostname to an IPv6 address.
    • CNAME (Canonical Name): Creates an alias for another domain name.
    • MX (Mail Exchange): Specifies the mail server responsible for accepting email messages for a domain.
    • NS (Name Server): Delegates a domain or subdomain to a specific authoritative name server.
    • TXT (Text): Holds arbitrary text data, often used for SPF, DKIM, and DMARC records for email authentication.
    • SOA (Start of Authority): Specifies authoritative information about a DNS zone.
    • SRV (Service): Specifies the location (hostname and port) of servers for specific services.
    • PTR (Pointer): Maps an IP address to a hostname (reverse DNS lookup).

  • DNS Zone: A portion of the DNS namespace that is managed by a specific administrative entity.

  • Root Servers: 13 root servers (identified by letters A through M) that are the top of the DNS hierarchy. They know the addresses of the authoritative servers for top-level domains (TLDs) like .com, .org, .net.

  • TLD (Top-Level Domain): The highest level domains in the DNS hierarchy (e.g., .com, .org, .net, .edu, .gov, .uk, .ca).

  • FQDN (Fully Qualified Domain Name): The complete domain name, including the hostname and all parent domains, ending with a root domain (e.g., www.example.com.). The trailing dot is often omitted in practice.

  • DNS Cache: Temporary storage of DNS records by DNS servers and clients to speed up future lookups.

  • TTL (Time To Live): A value in seconds that specifies how long a DNS record can be cached.

  1. Client Request: A user types a domain name (e.g., www.example.com) into their web browser.
  2. Local DNS Resolver Query: The user’s computer sends a DNS query to its configured DNS resolver (usually provided by the ISP).
  3. Recursive Query: The DNS resolver starts a recursive query to resolve the domain name:
    • Root Server Query: The resolver first queries a root server.
    • TLD Server Query: The root server responds with the address of the authoritative name server for the TLD (e.g., .com).
    • Authoritative Server Query: The resolver queries the .com name server, which responds with the address of the authoritative name server for example.com.
    • Final Query: The resolver queries the example.com authoritative name server, which responds with the IP address for www.example.com.
  4. Response to Client: The DNS resolver sends the IP address back to the user’s computer.
  5. Connection Established: The user’s computer uses the IP address to connect to the web server.
+-------+      +---------------+      +----------------+      +-------------------+
| Client|----->| Local DNS      |----->| Root Server      |----->| .com TLD Server      |
|       |      | Resolver       |      |                |      |                   |
+-------+      +---------------+      +----------------+      +-------------------+
     |              ^                  |                       |
     |              |                  v                       v
     |              |      +----------------+      +-----------------------+
     |              |      | .com NS Record |<-----| Authoritative DNS      |
     |              |      +----------------+      | Server (example.com)  |
     |              |                            +-----------------------+
     |              |                                       ^
     |              |                                       |
     |       IP Address (www.example.com)                 A Record
     v
+-------+
| Server|
+-------+

  • Protocol: DNS uses UDP (User Datagram Protocol) on port 53 for most queries. TCP (Transmission Control Protocol) is used for zone transfers and when the response size exceeds UDP’s limit (typically 512 bytes).

  • Message Format:

    • Header (12 bytes):
      • ID (16 bits): A unique identifier for the query.
      • Flags (16 bits): Control flags indicating the query type, recursion desired/available, response code, etc.
      • Questions (16 bits): Number of questions in the query.
      • Answer RRs (16 bits): Number of resource records in the answer section.
      • Authority RRs (16 bits): Number of resource records in the authority section.
      • Additional RRs (16 bits): Number of resource records in the additional section.
    • Question Section: Contains the domain name, query type (e.g., A, AAAA), and query class (usually IN for Internet).
    • Answer Section: Contains resource records that answer the question.
    • Authority Section: Contains resource records that identify authoritative name servers.
    • Additional Section: Contains additional information, such as IP addresses of name servers.

  • DNS Query Flags (Simplified):

    • QR (Query/Response): 0 for query, 1 for response.
    • Opcode: Type of query (e.g., standard query, inverse query, server status request).
    • AA (Authoritative Answer): Indicates that the name server is authoritative for the domain.
    • TC (Truncated): Indicates that the message was truncated due to size limits.
    • RD (Recursion Desired): Set by the client to request recursive resolution.
    • RA (Recursion Available): Set by the server to indicate that it supports recursive queries.
    • Rcode (Return Code): Indicates the status of the query (e.g., no error, format error, server failure, name error).

  • Web Browsing: Resolving www.google.com to an IP address to access Google’s website.

  • Email Delivery: Using MX records to determine the mail server responsible for example.com when sending an email to user@example.com.

  • Content Delivery Networks (CDNs): Using DNS to direct users to the closest CDN server based on their geographic location.

  • Load Balancing: Configuring multiple A records for a domain name to distribute traffic across multiple servers.

  • Failover: Switching to a backup server by updating the DNS records if the primary server fails.

  • Service Discovery: Using SRV records to find the location of specific services (e.g., LDAP, SIP).

  • Reverse DNS Lookup: Resolving an IP address to a domain name to verify the authenticity of a connection.

  • DNS Resolution Failure: Unable to resolve a domain name.

    • Troubleshooting:
      • Check network connectivity.
      • Verify DNS server configuration.
      • Use nslookup, dig, or ping to test DNS resolution.
      • Flush the DNS cache.
      • Try a different DNS server (e.g., Google DNS 8.8.8.8, Cloudflare DNS 1.1.1.1).

  • Incorrect DNS Records: Domain name resolves to the wrong IP address.

    • Troubleshooting:
      • Verify DNS records using nslookup or dig.
      • Check TTL values and wait for changes to propagate.
      • Contact the domain registrar or DNS provider to correct the records.

  • Slow DNS Resolution: DNS lookups take a long time.

    • Troubleshooting:
      • Use a faster DNS resolver.
      • Check network latency to the DNS server.
      • Optimize DNS server performance.
      • Enable DNS caching.

  • DNS Spoofing: An attacker intercepts DNS queries and provides a false IP address.

    • Mitigation:
      • Use DNSSEC (Domain Name System Security Extensions) to digitally sign DNS records.
      • Implement DNS cache poisoning protection.
      • Use secure DNS protocols like DNS over TLS (DoT) or DNS over HTTPS (DoH).

  • DNS Amplification Attack: An attacker sends small DNS queries with a spoofed source address to a large number of DNS servers, which then send large responses to the victim’s address.

    • Mitigation:
      • Rate-limit DNS queries.
      • Disable recursion on public-facing DNS servers.
      • Use response rate limiting (RRL).

  • Domain Hijacking: An attacker gains control of a domain name by compromising the domain registrar account.

    • Mitigation:
      • Use strong passwords and multi-factor authentication for domain registrar accounts.
      • Enable domain locking to prevent unauthorized transfers.
      • Regularly monitor domain registration information.

  • Linux (using resolvectl or /etc/resolv.conf):

    Terminal window
    # Using resolvectl (systemd-resolved)
    resolvectl status # Show current DNS settings
    resolvectl query google.com # Resolve google.com
    

    # Using /etc/resolv.conf (older systems)
    cat /etc/resolv.conf
    # Sample /etc/resolv.conf:
    # nameserver 8.8.8.8
    # nameserver 8.8.4.4

  • Windows (using ipconfig and GUI):

    Terminal window
    ipconfig /all # Display all network configuration information, including DNS servers
    • GUI: Control Panel -> Network and Internet -> Network and Sharing Center -> Change adapter settings -> Right-click on the network adapter -> Properties -> Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6) -> Properties -> Specify DNS server addresses.

  • nslookup (cross-platform):

    Terminal window
    nslookup google.com        # Resolve google.com using the default DNS server
    nslookup google.com 8.8.8.8  # Resolve google.com using Google's DNS server (8.8.8.8)
    nslookup -type=MX example.com # Query for MX records for example.com

  • dig (cross-platform - often requires installation):

    Terminal window
    dig google.com          # Resolve google.com using the default DNS server
    dig @8.8.8.8 google.com   # Resolve google.com using Google's DNS server (8.8.8.8)
    dig MX example.com     # Query for MX records for example.com
    dig -x 8.8.8.8          # Perform a reverse DNS lookup for 8.8.8.8
    dig +trace google.com  # Trace the DNS resolution process

  • Zone File Example (BIND format):

    $TTL    86400  ; Default TTL for all records
    @       IN      SOA     ns1.example.com. admin.example.com. (
                        2023102701 ; Serial number
                        3600       ; Refresh interval
                        1800       ; Retry interval
                        604800     ; Expire time
                        86400 )    ; Minimum TTL
    

    ; Name server records
            IN      NS      ns1.example.com.
            IN      NS      ns2.example.com.
    

    ; A records
    example.com.   IN      A       192.0.2.1
    www             IN      A       192.0.2.2
    

    ; MX records
    example.com.   IN      MX      10 mail.example.com.
    

    ; CNAME record
    mail            IN      A       192.0.2.3
    

    ;AAAA record
    example.com.   IN      AAAA    2001:db8::1

  • What is DNS and why is it important?

    • Answer: DNS is a hierarchical naming system that translates domain names into IP addresses. It’s crucial for making the Internet user-friendly, scalable, and manageable.

  • Explain the difference between an authoritative DNS server and a recursive DNS server.

    • Answer: An authoritative server holds the actual DNS records for a domain and is the final authority. A recursive server performs queries on behalf of clients to resolve domain names.

  • What are common DNS record types and what are they used for?

    • Answer: A, AAAA, CNAME, MX, NS, TXT, SOA, SRV, PTR. (See Key Concepts section for details).

  • Describe the steps involved in a DNS lookup process.

    • Answer: (See How It Works section). Involves client query, resolver query, recursive queries to root, TLD, and authoritative servers, and finally, the resolver returning the IP address to the client.

  • What is a DNS zone?

    • Answer: A portion of the DNS namespace managed by a specific administrative entity.

  • What is DNS caching and why is it used?

    • Answer: Temporary storage of DNS records to speed up future lookups and reduce load on DNS servers.

  • What is TTL in DNS?

    • Answer: Time To Live. Specifies how long a DNS record can be cached.

  • What are some common DNS troubleshooting steps?

    • Answer: Check network connectivity, verify DNS server configuration, use nslookup or dig, flush the DNS cache, try a different DNS server.

  • What is DNSSEC and why is it important?

    • Answer: Domain Name System Security Extensions. A suite of security extensions to the DNS protocol that digitally signs DNS records to prevent DNS spoofing and ensure data integrity.

  • What is DNS amplification and how can it be mitigated?

    • Answer: An attack where small DNS queries with a spoofed source address are sent to many DNS servers, causing them to send large responses to the victim. Mitigation includes rate-limiting, disabling recursion, and using response rate limiting (RRL).

  • Explain the difference between UDP and TCP in the context of DNS.

    • Answer: DNS primarily uses UDP for queries due to its speed and lower overhead. TCP is used for zone transfers and when response sizes exceed UDP’s limit.

  • How can you improve DNS resolution speed?

    • Answer: Using a faster DNS resolver, optimizing DNS server performance, enabling DNS caching, and reducing network latency.

  • DHCP (Dynamic Host Configuration Protocol): Automatically assigns IP addresses and DNS server information to devices on a network.

  • Network Address Translation (NAT): Translates private IP addresses to public IP addresses, often used in conjunction with DNS.

  • Content Delivery Networks (CDNs): Use DNS to direct users to the closest CDN server.

  • Load Balancing: Can be implemented using DNS by configuring multiple A records for a domain.

  • Cloud Computing: Cloud providers offer DNS services and often rely heavily on DNS for service discovery and management.

  • Security: DNSSEC, DNS over TLS (DoT), DNS over HTTPS (DoH), DNS firewall.

  • BIND (Berkeley Internet Name Domain): A widely used DNS server software.

Further Reading: