What You'll Learn
A complete DNS deep dive — how name resolution works step by step, record types, TTL, caching, DNS debugging with dig and nslookup, and common DNS issues in cloud/K8s environments.
How DNS Resolution Works (Step by Step)
When you type google.com in your browser, a lot happens before you see any content. Here's the complete journey:
1
Browser Cache
Browser checks its own DNS cache. If cached and TTL not expired → done!
2
OS Cache
OS checks /etc/hosts file, then its local DNS cache (nscd/systemd-resolved).
3
Recursive Resolver (ISP/8.8.8.8)
Your configured DNS server (e.g., Google 8.8.8.8) receives the query and checks its cache.
4
Root Nameserver
Resolver queries one of 13 root nameservers (a.root-servers.net..m.root-servers.net). Responds with TLD nameserver address.
5
TLD Nameserver (.com)
The .com nameserver responds with the authoritative nameserver for google.com.
6
Authoritative Nameserver
Google's nameserver (ns1.google.com) returns the actual IP address for google.com.
7
Response Cached & Returned
IP is returned to browser and cached at each level. Browser connects to the IP.
DNS Record Types You Must Know
| Record | Purpose | Example |
|---|---|---|
| A | Maps domain → IPv4 address | app.example.com → 93.184.216.34 |
| AAAA | Maps domain → IPv6 address | app.example.com → 2600:1f18::1 |
| CNAME | Alias — maps domain → domain | www → app.example.com |
| MX | Mail server for the domain | example.com → mail.google.com (priority 10) |
| TXT | Text data (SPF, DKIM, verification) | "v=spf1 include:_spf.google.com ~all" |
| NS | Nameserver for the domain | example.com → ns1.cloudflare.com |
| SOA | Start of Authority — zone info | Primary NS, admin email, serial, TTL |
| PTR | Reverse DNS — IP → domain | 93.184.216.34 → example.com |
| SRV | Service location (Kubernetes uses this!) | _http._tcp.example.com → host port weight |
DNS Debugging Tools
bash — DNS debugging commands
# dig — The most powerful DNS tool
dig google.com # Query A records
dig google.com A # Explicit record type
dig google.com MX # Mail server records
dig google.com NS # Nameservers
dig google.com ANY # All records
dig @8.8.8.8 google.com # Query specific DNS server
dig google.com +short # Short output (just IPs)
dig google.com +trace # Trace full resolution path (⭐ very useful!)
dig -x 8.8.8.8 # Reverse DNS lookup (PTR)
dig google.com +nocmd +noall +answer # Clean answer-only output
# nslookup — Interactive or one-shot
nslookup google.com # Basic lookup
nslookup -type=MX google.com # MX records
nslookup google.com 8.8.8.8 # Use specific server
nslookup # Interactive mode (type: set type=MX)
# host — Simple lookup
host google.com
host -t MX google.com
host 8.8.8.8 # Reverse lookup
# Check system DNS config
cat /etc/resolv.conf # Configured DNS servers
cat /etc/hosts # Local hostname overrides
systemd-resolve --status # systemd-resolved status
resolvectl query google.com # Query via systemd-resolvedDNS in Kubernetes
Kubernetes DNS patterns
# Kubernetes DNS naming patterns:
# ..svc.cluster.local
# Within the same namespace:
curl http://my-service
# Cross-namespace:
curl http://my-service.production.svc.cluster.local
# Debug DNS inside a pod
kubectl run debug-dns --rm -it --image=busybox -- nslookup kubernetes
kubectl exec -it my-pod -- nslookup my-service.default.svc.cluster.local
# Check CoreDNS (the K8s DNS server)
kubectl get pods -n kube-system -l k8s-app=kube-dns
kubectl logs -n kube-system -l k8s-app=kube-dns
# Debug DNS resolution from a pod
kubectl run netshoot --rm -it --image=nicolaka/netshoot -- bash
# Inside pod:
dig my-service.production.svc.cluster.local
nslookup my-service Common DNS Issues & Fixes
❌ NXDOMAIN — Domain does not exist
The domain doesn't exist in DNS. Check typos, ensure the record was created, propagation can take up to 48h.
⏱ Slow DNS resolution
Try dig +time=2 +tries=1 google.com. If slow, check /etc/resolv.conf, try a different DNS server (8.8.8.8), or check network routing to DNS server.
🔄 Old IP cached after DNS change
Wait for TTL to expire. Check TTL with dig google.com | grep -i ttl. Flush local cache: systemd-resolve --flush-caches