The Concept

What is DNS?

The Domain Name System (DNS) is essentially the phonebook of the Internet.

Computers communicate using numbers (IP addresses like 192.0.2.1), but humans prefer names (like google.com). DNS bridges this gap by translating human-readable domain names into machine-readable IP addresses.

Analogy: Just like you don't memorize your friend's phone number, you just tap their name in your contacts. Your phone does the lookup for you.

Phonebook Analogy
Phonebook Analogy

Interactive DNS Resolver

Click "Resolve" to watch the packet travel through the internet.

search
laptop_mac You dns Resolver (ISP) Root (.) TLD (.com) Auth NS (google.com)
Click "Resolve" to start...
Step 1

Check Cache

Browser & OS check if they already know the IP.

Step 2

Ask Resolver

ISP's recursive resolver takes over the search.

Step 3

Iterative Query

Resolver asks Root → TLD → Authoritative servers.

Step 4

Response

IP 142.250.x.x found! Saved to cache.

Technical Details

DNS is a distributed database implemented in a hierarchy of many name servers.

Root (.)

The top of the tree. There are 13 logical root server IP addresses (A-M), but hundreds of physical servers via Anycast. They know where TLD servers are.

TLD (.com)

Top Level Domain servers. They manage specific extensions like .com, .org, .edu. They know which Authoritative server handles a specific domain.

Authoritative

The final destination. These servers hold the actual DNS records (A, MX, CNAME) for the specific domain.

Root (.) .com .org google.com amazon.com

manage_search Recursive

"Hey, go find this for me and don't come back until you have the answer."

Typical between: Client Device → ISP Resolver

Analogy: Asking a Librarian to find a book. They go to the shelves, climb the ladder, and bring the book back to your desk.

directions Iterative

"I don't know, but here is the address of someone who might know. Ask them."

Typical between: Resolver → Root/TLD/Auth Servers

Analogy: Asking a Librarian. They say "It's in section B." You go to section B. That librarian says "It's on shelf 3." You go to shelf 3.
A Address

Maps domain to IPv4.

example.com -> 1.2.3.4
AAAA IPv6 Address

Maps domain to IPv6.

example.com -> 2001:db8::1
CNAME Alias

Points one domain to another.

www -> example.com
MX Mail Exchange

Directs email to mail servers.

priority 10 mail.google.com
NS Name Server

Delegates a DNS zone to a server.

example.com -> ns1.aws.com
TXT Text

Arbitrary text. Used for verification (SPF, Google).

v=spf1 include:_spf.google.com ~all
Interview Prep

DNS Interview Questions

Key Points to Hit:

  • Check Browser Cache then OS Cache (hosts file).
  • OS sends query to Resolver (ISP).
  • Explain the Recursive journey (Root → TLD → Auth).
  • Mention A Record is returned.
  • Bonus: Mention TCP handshake happens after DNS.

A Record: Maps a hostname to an IP address (e.g., app.com -> 1.2.3.4).

CNAME (Canonical Name): Maps a hostname to another hostname (e.g., www.app.com -> app.com).

Tip: Mention that looking up a CNAME requires a second lookup (to find the A record of the target), which adds slight latency.

Speed & Efficiency. UDP is connectionless and lightweight. DNS queries are small (historically < 512 bytes) and fit in a single packet. "Fire and forget."

Caveat: DNS does use TCP for Zone Transfers (AXFR) or if the response size exceeds 512 bytes (though EDNS0 extends UDP limits).

How Computers Say "Hello"

Before data is exchanged, a reliable connection must be established. This process is called the TCP Three-Way Handshake.

The Real World Analogy

The "Agreement" Handshake

Imagine two business people, Alice (Client) and Bob (Server), meeting to sign a contract. They can't just start signing; they need to acknowledge each other's presence and readiness first.

  • STEP 1 Alice extends her hand: "I am ready to deal." (SYN)
  • STEP 2 Bob shakes it and holds on: "I see your hand, and I am also ready." (SYN-ACK)
  • STEP 3 Alice acknowledges Bob's grip: "Great, let's begin." (ACK)
Business Handshake Analogy

Reliability starts with agreement.

Technical Visualization

Click "Next Step" to trace the packets.

Status: CLOSED
CLIENT SERVER SYN (x) SYN-ACK (y, x+1) ACK (y+1) CONNECTION ESTABLISHED

Initial State

No connection exists. The Server is in LISTEN mode, waiting for requests. The Client is CLOSED.

psychology

TCP Interview Q&A Cheat Sheet

Q: Why do we need 3 steps? Why not 2?

Two steps are insufficient because the Server needs to know that the Client received its SYN-ACK.

If we only had 2 steps (SYN -> SYN-ACK), the Server would establish a connection immediately after sending SYN-ACK. If that packet gets lost, the Client never knows the connection exists, but the Server wastes resources keeping it open. The 3rd step (ACK) confirms to the Server that the path is clear both ways.

Q: What is a SYN Flood attack?

A malicious client sends tons of SYN packets but never sends the final ACK.

The Server reserves memory (in a "SYN Queue") for each one, waiting for the ACK. Eventually, the server runs out of memory and crashes or blocks legitimate users. Modern servers use SYN Cookies to mitigate this.

Q: What are the initial Sequence Numbers?

They are random (not 0 or 1) for security reasons. Using predictable sequence numbers makes the connection vulnerable to TCP Sequence Prediction Attacks, where a hacker could inject malicious packets into the connection.

Q: What happens if the 3rd ACK is lost?

The Server (still in SYN_RCVD state) will eventually timeout and retransmit the SYN-ACK packet, assuming the Client didn't get it. The Client (already in ESTABLISHED state) will typically just resend the ACK when it receives the duplicate SYN-ACK.