3.3 The Domain Name System (DNS)

The Invisible Phonebook of the Internet

At its core, the internet is just a massive collection of computers. Computers do not understand words or brands; they only understand numbers, specifically IP Addresses (like 142.250.190.46). However, human beings are terrible at remembering random strings of numbers.

If you had to type an IP address every time you wanted to check your email, the internet would be unusable. The Domain Name System (DNS) is the infrastructure that bridges this gap, translating human-readable names (like google.com) into machine-readable IP addresses.

1. The DNS Hierarchy (The Recursive Journey)

When you type www.amazon.com into your browser, your computer does not magically know where that is. It must ask a series of servers in a strict, hierarchical order. This is called a Recursive DNS Query.

1. The Resolving Name Server (The ISP / Google 8.8.8.8): Your computer first asks your local router or ISP's DNS server: "Where is www.amazon.com?" If it doesn't know, it goes out to the internet to find out.

2. The Root Servers (.): The Resolver contacts one of the 13 foundational Root Servers of the internet. The Root Server says: "I don't know where Amazon is, but I see you are looking for a .com address. Here is the IP address for the .com servers."

3. The TLD Servers (Top-Level Domain): The Resolver then asks the .com TLD Server. The TLD server says: "I don't know the exact server for 'www', but I know who owns 'amazon.com'. Here is the IP address of Amazon's personal DNS server."

4. The Authoritative Name Server: Finally, the Resolver asks Amazon's own DNS server. This server has the master record. It replies: "Yes, www is located at 52.119.168.48." 5. The Connection: The Resolver caches (memorizes) this answer to save time later, hands the IP address to your computer, and your browser finally loads the webpage. This entire 4-step journey happens in milliseconds.

2. Core DNS Record Types

When you buy a domain name, you don't just get a website; you get a DNS control panel. A domain can point to many different services simultaneously by using different "Records".

• A Record (Address): The most fundamental record. It points a name (like www) directly to an IPv4 address (e.g., 104.26.10.15).

• AAAA Record (Quad-A): Exactly like an A Record, but it points to a modern IPv6 address (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334).

• CNAME (Canonical Name): An alias. Instead of pointing to an IP address, it points to another domain name. For example, you might set shop.yourdomain.com to CNAME to yourstore.shopify.com.

• MX Record (Mail Exchange): This is critical for business. It tells the internet which servers handle email for your domain. Without an MX record, no one can send you emails.

• TXT Record (Text): Originally meant for human-readable notes, TXT records are now used exclusively for security verifications. You put cryptographic keys in TXT records to prove to Google or Microsoft that you actually own the domain, and to verify that your emails aren't spam (SPF, DKIM, DMARC records).

3. Caching and TTL (Time to Live)

Because querying the Root and TLD servers billions of times a second would crash the internet, DNS relies heavily on Caching (memorization).

Every DNS record has a TTL (Time to Live) value, measured in seconds.

• If you set your A Record's TTL to 3600, you are telling the internet: "Once you find my IP address, remember it for 3,600 seconds (1 hour). Do not ask me again until the hour is up."

• The Enterprise Danger: If an engineer moves a website to a brand-new server with a new IP address, but forgets to lower the TTL beforehand, the world's ISPs will keep sending users to the old, dead server for an hour until their cache expires. This is why DNS changes take time to "propagate" across the globe.

4. (Addition) Split-Brain DNS (Internal vs. External)

Stuff to add: In an enterprise, you don't want the public internet to know the IP addresses of your secret internal servers. To solve this, companies use "Split-Brain DNS."

• External DNS: Hosted by a public company (like Cloudflare or Route 53). It only holds records for public-facing stuff (like your main website and email servers).

• Internal DNS: Hosted on your own private Active Directory server inside the building. It holds records for internal tools (like payroll.corp.local or printer5.corp.local). If an employee inside the building asks for the payroll server, the internal DNS answers. If a hacker on the outside asks for the payroll server, the external DNS says, "That doesn't exist."