DNS - The Phonebook of the Internet

You type google.com into your browser. Your computer doesn't know where google.com is. It has to ask someone. That's DNS. It's the system that translates the names humans remember into the numbers computers use.

DNS is fundamentally broken. It's slow, it's insecure, and it's mostly unencrypted. But it's what we have, so you need to understand it.

How DNS Works

When you type a domain name, your computer asks a series of questions:

Local cache - Do I already know this?
Recursive resolver - Ask the ISP's DNS server
Root server - Who knows about .com?
TLD server - Who knows about google.com?
Authoritative server - Here's the IP address

Record Types

DNS is full of different record types. Here are the ones you need to know:

A           # IPv4 address
AAAA        # IPv6 address
CNAME       # Canonical name (alias)
MX          # Mail exchange
TXT         # Text record ( SPF, DKIM )
NS          # Name server
SOA         # Start of authority
PTR         # Reverse DNS (IP to name)

Query Commands

Talk to DNS servers directly:

# Basic query
dig google.com
nslookup google.com
host google.com

# Specific record type
dig google.com A
dig google.com MX

# Reverse DNS
dig -x 8.8.8.8
nslookup 8.8.8.8

# Trace the full path
dig +trace google.com

Your Own DNS Server

Run your own DNS for privacy:

# Install bind9
apt install bind9

# Configure in /etc/bind/
# Forward queries to upstream (like 1.1.1.1 or 8.8.8.8)
# Or run a caching resolver

DNS over HTTPS

Traditional DNS is plaintext. Everyone can see what you're looking up. DoH encrypts it:

# Firefox DNS-over-HTTPS
# Go to: about:preferences#privacy
# Enable "Enable DNS over HTTPS"

# Or use a CLI tool
curl https://cloudflare-dns.com/dns-query \
  -H 'accept: application/dns-json' \
  -A 'curl' \
  '?name=example.com&type=A'

Common Problems

When DNS breaks, nothing works:

NXDOMAIN - Domain doesn't exist
Slow resolution - Bad upstream DNS servers
Caching issues - Old records cached somewhere
DNSSEC - Validation failures

The Point

DNS is one of those things you don't think about until it breaks. When your site goes down and people can't reach it, DNS is often the culprit. Learn to query it, troubleshoot it, and when possible, secure it.