DNS Basics Articles

A complete guide to DNS root servers — what they are, who operates them, how anycast makes 13 logical servers into 1,700+ physical instances, and why they matter for every DNS query.

A comprehensive guide to DNS attack types including cache poisoning, amplification, tunneling, zone walking, and hijacking. Learn how attackers exploit DNS, how to test your own domains, and how to harden your infrastructure.

DNS cache poisoning injects forged records into a resolver's cache, silently redirecting users to malicious servers. Learn how the Kaminsky attack works, how to test your resolver, and how DNSSEC prevents it.

Everything developers need to know about DNS queries — from recursive resolution to packet anatomy, query flags, and response codes. The foundation for building DNS tools or understanding existing ones.

An open DNS resolver accepts recursive queries from anyone on the internet, making it a weapon for DDoS amplification attacks. Learn how to check if your server is an open resolver and how to lock it down.

SERVFAIL is the DNS response code that means a resolver encountered an error during lookup — the domain might exist, but the server could not determine the answer. Learn what causes SERVFAIL, how to diagnose it, and how to fix it.

NXDOMAIN is the DNS response code that means a domain name does not exist. Learn what triggers it, how to troubleshoot it, the difference between NXDOMAIN and SERVFAIL, and when NXDOMAIN indicates a security issue.

DNS TTL (Time to Live) determines how long resolvers cache a DNS record before re-querying. Learn how TTL affects propagation speed, performance, and security — and how to choose the right values for your domain.

The term 'DNS propagation' is everywhere, but it describes something that doesn't actually happen. I debunk the biggest myths and explain what's really going on: cache freshness.

DNSSEC protects your domain from cache poisoning and DNS spoofing by adding cryptographic verification to DNS responses. Learn how it works, why it matters, and how to enable it.

A collection of 25 DNS jokes born from real-world frustration. If you have ever stared at a terminal waiting for propagation, these will hit close to home.

A comprehensive guide to every major DNS record type. Learn what A, AAAA, CNAME, MX, TXT, NS, SOA, SRV, CAA, and PTR records do, when to use each one, and see practical configuration examples.

DNS propagation is the process of updating DNS records across servers worldwide. Learn how it works, why it takes up to 48 hours, and how to check propagation status in real time.