Interview questions on DNS

DNS is internet directory. It translates humable readable domain names such as google.com to machine readable ip address. There are different types of DNS servers in DNS hierarchy, each serving a different purpose. When a browser makes a DNS query it's asking a DNS resolver, This DNS resolver could be from ISP or from popular DNS providers like cloudflare 1.1.1.1 and google 8.8.8.8.

If the DNS resolver doesn not have answer in its cache, it finds the right authoritative nameserver and asks it. The authoritative nameserver is the one that holds the answer. When we are update DNS domain records, we are updating its authoritative nameserver.

There are 3 main levels of authoritative DNS servers. They are the root name servers, TLD top level domain name servers, and the authoritative name servers for the domains. The root name server store the IP addresses of the TLD name servers. There are 13 logical root name servers. Each root name server has single ip address assigned to it. Actually there are many physical servers behind each IP address. Through the magic of anycast, we get routed to the one closest to us. The TLD name server store the ip addresses of the authoritative nameservers for all the domains under them. There are many types of TLD names. We are all familiar with .edu, .com , .org. There are also country code TLDs like .in , .uk.  The authoritative nameserver for domain provide well authoritative answers to the DNS queries. When we register a domain, the registrar runs the authoritative nameservers by default, but we can change them to others. Cloud providers like AWS and Cloudflare runs robust authoritative nameservers.

This heirarchical design makes DNS highly decentralized and robust.

Life of DNS query

user types google.com in browser

The browser first check its cache. if it has no answer, it tries to make Operating system call to get the answer

The OS call would most likely would have its own cache. if the answer isn't there it reaches out ot DNS resolver

The DNS resolver first check its cache, If it's not there or if answer has expired, it asks the root name server.

The root name server responds with the .com TLD name servers. Since .com is such a common TLD, the resolver most likely already caches the ip address for those .com TLD nameservers.

The DNS resolver then reaches out to the .com TLD nameserver and the TLD nameserver returns the authoritative nameservers to google.com 

And finally, the DnS resolver reaches out the google.com authoritative names server and it returns the ip address of google.com

The DNS resolver then returns the ip address to the Operating system and OS in turns returns it to the browser.

DNS propagation is slow as there is TTL on each dns record. And some of the DNS TTL are pretty long. Also not every DNS resolver is a good citizen. There are some out there that don't honor the TTL. To mitigate a risk, there are 2 practical steps to take.

First reduce the TTL for the record that we want to change to something very short. say 60 sec well in advance before the update actually happens. This gives ample time for all DNS servers to receive the shortened TTL which would allow the actual record update to take effect based on the new shortened TTL

Second leave the server running on OLD ip address for while. Ony decommision the server when traffic dies down to an acceptable level. Because some DNS resolver don't honor the TTL, this could take a bit of time and patience.

Is the DNS protocol involved when a users pings a website name?

Yes it is involved. When the user pings the website name, a DNS request packet is sent to the DNS server which would then respond with the IP address of the web server on which the website is hosted.

On a network, should the DNS server IP address be configured on the computer or the internet router for users to browse the internet?

The DNS server IP address should be configured on the computer for the users to browse the internet.

In a LAN network should the DNS server be inside the network or can it reside on the internet?

The DNS server can reside anywhere as long as the computers and devices requiring DNS service have network access to it.

How does a computer know to which DNS server it has to sent the request?

The DNS server IP address is configured on the TCP/IP adapter setting of the computer. With this information, the computer knows the DNS server to which the request has to be sent.

How many root DNS servers are available in the world

13

Which port does a DNS Server Use?

UDP port 53

A user opens the browser and types the IP address of the webserver on which a website is hosted. Is DNS protocol involved during the scenario?

The DNS protocol is used to resolve the website name into the corresponding IP address. In this case, since the IP address is already known, DNS protocol is not required and is not involved in the scenario.

Name two methods by which DNS can be configured on a computer?

It can be manually configured on the TCP/IP adapter or by a DHCP server.

If a computer is configured with a default gateway address, should the same address be used as the DNS server IP address?

It is not mandatory. The DNS server IP address can be any value provided the computer has access to it.

What happens when you ping a DNS server IP address?

A response to the ping is sent by the DNS server IP address.

1. What is DNS?

DNS is the Domain Name System, which translates human-friendly domain names (e.g., google.com) into IP addresses (e.g., 142.250.190.14) so computers can communicate.

---

2. Why is DNS important?

Without DNS, users would need to remember IP addresses instead of names. It’s like a phonebook of the Internet.

---

3. Which port does DNS use?

• UDP port 53 for most queries (faster).

• TCP port 53 for zone transfers and when responses are too large.

---

4. What are the types of DNS servers?

• Root Servers → Top of DNS hierarchy.

• TLD Servers → Handle domains like .com, .org, .net.

• Authoritative DNS Servers → Store actual domain records.

• Recursive DNS Resolvers → Query other DNS servers on behalf of client.

---

5. What are common DNS record types?

• A → Maps domain to IPv4 address.

• AAAA → Maps domain to IPv6 address.

• CNAME → Alias to another domain name.

• MX → Mail exchange server.

• NS → Name servers for a domain.

• PTR → Reverse lookup (IP → Domain).

• TXT → Stores arbitrary text (SPF, DKIM).

---

6. What is the difference between Recursive and Iterative DNS queries?

• Recursive → Resolver does all the work, contacting other servers until it finds the answer.

• Iterative → Resolver asks each server, and the server responds with a referral to the next server.

---

7. What is DNS caching?

• To reduce load, resolvers and clients store responses temporarily.

• Controlled by TTL (Time to Live) value in DNS records.

---

8. What is a DNS zone and zone transfer?

• Zone → A portion of the DNS namespace managed by an organization.

• Zone Transfer → Copying zone file data from primary DNS server to secondary server (uses TCP 53).

---

9. What is Split-Horizon DNS?

Different DNS answers depending on where the query comes from (internal vs external clients).

---

10. What is DNSSEC?

DNS Security Extensions — adds authentication and integrity using digital signatures to prevent attacks like spoofing.

---

11. What is a DNS forwarder?

A DNS server configured to forward queries it can’t resolve locally to another DNS server (often ISP’s DNS).

---

12. What are common DNS attacks?

• DNS Spoofing / Cache Poisoning → Inserting fake records into cache.

• DNS Amplification → DDoS using open resolvers.

• Domain Hijacking → Unauthorized changes to domain registration.

---

Quick Recap:

• DNS = Phonebook of Internet.

• Uses Port 53 (UDP for queries, TCP for transfers).

• Records: A, AAAA, CNAME, MX, NS, PTR, TXT.

• Recursive vs Iterative.

• Vulnerable to spoofing → mitigated by DNSSEC.

The Full DNS Resolution Process

The Domain Name System (DNS) resolution process is how your computer translates a human-readable domain name (like www.google.com) into a machine-readable IP address (like 142.250.191.132). The process involves a chain of different servers working together to find the correct information.

Here is a step-by-step diagram and explanation of the full DNS lookup process:

The Resolution Chain

1. Client (Your Device) Query: When you type a domain name into your browser, your computer first checks its own local cache and the host file. If the IP address is not found, the query is sent to a Recursive DNS Server (also known as a DNS Resolver). This is typically a server provided by your Internet Service Provider (ISP).

2. Resolver Queries the Root Server: The Recursive Server does not know the answer, so it queries a Root DNS Server. There are 13 logical Root servers globally, and they are responsible for the entire DNS hierarchy.

3. Root Server Directs to TLD Server: The Root server doesn't know the IP address for www.example.com, but it knows which server handles the .com Top-Level Domain (TLD). It responds with a referral to the .com TLD server.

4. Resolver Queries the TLD Server: The Recursive Server now queries the .com TLD DNS Server.

5. TLD Server Directs to Authoritative Server: The TLD server knows which server is responsible for the example.com domain. It responds with a referral to that specific Authoritative DNS Server.

6. Resolver Queries the Authoritative Server: The Recursive Server queries the example.com Authoritative DNS Server. This server is the final authority for the domain and holds the specific DNS records (e.g., A, CNAME, MX records).

7. Authoritative Server Provides IP Address: The Authoritative server finds the A record for www.example.com and responds to the Recursive Server with the corresponding IP address.

8. Resolver Returns IP to Client: The Recursive Server receives the IP address, caches it for future use, and sends the IP address back to your computer.

9. Client Connects to Server: Your computer now has the IP address and can establish a direct connection with the web server to load the website.