DNS

What DNS Does

DNS translates domain names into resource records, most often IP addresses, but not only those. Without DNS, a service may be fully healthy while still looking unreachable to the user.

Basic Record Types

A -> IPv4
AAAA -> IPv6
CNAME -> alias to another name
MX -> mail servers
TXT -> arbitrary text, often SPF or ownership verification
NS -> authoritative nameservers for a zone
PTR -> reverse lookup
SRV -> service records

How a Query Flows

The client asks the local resolver.
If there is no cached answer, the resolver walks the DNS hierarchy.
The root points to the TLD server.
The TLD points to the authoritative nameserver for the zone.
The authoritative server returns the record.
The resolver caches the answer according to TTL.

Useful Commands

dig example.com
dig A example.com +short
dig AAAA example.com +short
dig MX example.com +short
dig TXT example.com +short
dig @8.8.8.8 example.com
dig +trace example.com
host example.com
resolvectl query example.com

What to Check During Problems

whether the correct nameserver is being used
whether TTL or cache behavior is part of the problem
whether different resolvers return different answers
whether there is a broken CNAME chain
whether a reverse record exists where one is expected

Example Zone

$TTL 300
@   IN SOA ns1.example.com. admin.example.com. (
        2026040201 ; serial
        3600       ; refresh
        900        ; retry
        1209600    ; expire
        300        ; minimum
)
    IN NS    ns1.example.com.
    IN NS    ns2.example.com.
@   IN A     203.0.113.10
www IN CNAME @
mail IN A    203.0.113.20
@   IN MX 10 mail.example.com.

Practice

Use a reasonable TTL for public services: low enough for migration or failover, but not artificially tiny without a real need.
dig +trace is useful when you need to find where delegation breaks.
DNS does not validate application health; it only returns records.