Networking Deep Dive
by Sergey Okinchuk
TCP Tuning and Connection LifecycleThe Distributed Namespace

Chapter 6

DNS

The internet's directory — a globally distributed, hierarchical, cached database that turns names into addresses without any central server.

6 topics

Every connection starts with a name and ends at an address, and DNS is the machinery in between. It is not one server but a hierarchy: the root delegates to top-level domains, TLDs delegate to authoritative servers, and a recursive resolver chains those referrals into a single answer that it then caches. That structure is why one namespace can hold billions of names with no central bottleneck and no single point of failure.

This chapter treats DNS as the distributed protocol it is, not as any one operating system's resolver. You will walk the namespace and its delegation, follow a query from root to authoritative server, learn which record type each job needs, and see how TTLs — not "propagation" — govern how fast a change takes effect. The last two topics turn DNS into a security surface and a traffic-management tool: DNSSEC, DoT/DoH, split-horizon views, and GeoDNS steering.

The DNS hierarchy — every name delegated from the root down
Root (.)
the 13 root server sets, delegating each TLD
TLD
.com authoritative servers, run by the registry
Second-level
example.com — your authoritative zone
Host
www.example.com — the A record

Topics in This Chapter

Topic 31
The Distributed Namespace
The name hierarchy from root to TLD to authoritative, how zones are delegated with NS records, and why your laptop never talks to a root server directly.
DNS
Topic 32
The Resolution Path
One recursive query from the client, many iterative referrals behind it — root to TLD to authoritative — plus the caching and negative caching that short-circuit most of the walk.
Resolution
Topic 33
Record Types
What each record does: A/AAAA for addresses, CNAME for aliases, MX and TXT for mail, SRV, NS, and PTR — and the apex-CNAME rule that trips everyone up.
Records
Topic 34
Caching, TTLs, and Propagation
The TTL field is the one knob that trades update speed against load. Why "propagation" is really cache expiry, and how to lower TTL before a cutover to avoid a multi-hour tail.
Caching
Topic 35
DNS Security — DNSSEC, DoT, DoH
Classic DNS is unauthenticated plaintext. DNSSEC signs answers so forgeries are detectable; DoT and DoH encrypt the query. They solve integrity and privacy, and are constantly confused.
Security
Topic 36
Operating DNS
DNS as a traffic tool: primary/secondary replication and the SOA serial, split-horizon views, GeoDNS steering, and why DNS-based failover is coarse, not sub-second.
Operations