๐๐ก๐ฆ ๐๐ฒ๐ฒ๐ฝ ๐๐ถ๐๐ฒ ๐ณ๐ผ๐ฟ ๐๐ฒ๐๐ฒ๐น๐ผ๐ฝ๐ฒ๐ฟ๐
DNS failures are hard to debug. Your app looks down. Users in one city see your site while others do not. Email bounces. A deployment changes your IP but users still hit the old one.
Understanding DNS turns a 3-hour incident into a 10-minute fix.
How resolution works:
- Recursive resolver: Your device asks a resolver like Google (8.8.8.8) or Cloudflare (1.1.1.1) for an answer. It searches on your behalf and caches results.
- Root nameservers: These servers point the resolver to the right TLD server.
- TLD nameserver: These servers point the resolver to your authoritative nameserver.
- Authoritative nameserver: This server holds your actual records. It gives the final answer.
Key record types you must know:
- A records: Maps a hostname to an IPv4 address.
- AAAA records: Maps a hostname to an IPv6 address.
- CNAME: An alias that points one hostname to another. You cannot use a CNAME at the zone apex.
- MX records: Directs email to mail servers. Lower numbers have higher priority.
- TXT records: Used for domain verification and email security like SPF and DKIM.
- NS records: Identifies which servers are authoritative for your domain.
- CAA: Tells certificate authorities which ones can issue SSL certificates for you.
The importance of TTL (Time to Live):
TTL tells caches how long to keep a record. It is your main tool for managing propagation.
- Low TTL (60-300 seconds): Use this for records that change often, like load balancer IPs.
- High TTL (3600+ seconds): Use this for stable records like mail servers.
Migration tip: Always lower your TTL before a planned change. If you change a record with a 24-hour TTL, users will see the old value for up to 24 hours. You cannot force them to update.
How to debug:
- Check the authoritative nameserver first. Use: dig @ns1.your-provider.com api.example.com. If this is wrong, your settings are wrong.
- Check major resolvers. Use: dig @8.8.8.8 api.example.com. If the authoritative server is correct but this is old, wait for the TTL to expire.
- Check your app server. Use: nslookup api.example.com.
Common issues:
- NXDOMAIN: The hostname does not exist. Check your spelling and NS records.
- Intermittent issues: One IP in your A records might be dead.
- Email issues: Check your MX and SPF TXT records.
- SSL failures: The domain may not resolve correctly during certificate requests.