domain-name-system interview questions

Top 15 domain-name-system interview questions

37 Jobs openings for domain-name-system

Why is DNS failover not recommended?

From reading, it seems like DNS failover is not recommended just because DNS wasn't designed for it. But if you have two webservers on different subnets hosting redundant content, what other methods are there to ensure that all traffic gets routed to the live server if one server goes down?

To me it seems like DNS failover is the only failover option here, but the consensus is it's not a good option. Yet services like DNSmadeeasy.com provide it, so there must be merit to it. Any comments?

Source: (StackOverflow)

List all DNS records in a domain using dig?

My company runs an internal DNS for mycompany.com

There is a machine on the network that I need to find, but I’ve forgotten its name. If I could see a list, it would probably jog my memory.

How can I list all of the domain records for mycompany.com?

Source: (StackOverflow)

Setting the hostname: FQDN or short name?

I've noticed that the "preferred" method of setting the system hostname is fundamentally different between Red Hat/CentOS and Debian/Ubuntu systems.

CentOS documentation and the RHEL deployment guide say the hostname should be the FQDN:

HOSTNAME=<value>, where <value> should be the Fully Qualified Domain Name (FQDN), such as hostname.example.com, but can be whatever hostname is necessary.

The RHEL install guide is slightly more ambiguous:

Setup prompts you to supply a host name for this computer, either as a fully-qualified domain name (FQDN) in the format hostname.domainname or as a short host name in the format hostname.

The Debian reference says the hostname should not use the FQDN:

3.5.5. The hostname

The kernel maintains the system hostname. The init script in runlevel S which is symlinked to "/etc/init.d/hostname.sh" sets the system hostname at boot time (using the hostname command) to the name stored in "/etc/hostname". This file should contain only the system hostname, not a fully qualified domain name.

I haven't seen any specific recommendations from IBM about which to use, but some software seems to have a preference.

My questions:

  • In a heterogeneous environment, is it better to use the vendor recommendation, or choose one and be consistent across all hosts?
  • What software have you encountered which is sensitive to whether the hostname is set to the FQDN or short name?

Source: (StackOverflow)

Linux command to inspect TXT records of a domain

Is there a linux shell command that I can use to inspect the TXT records of a domain?

Source: (StackOverflow)

What's the command-line utility in Windows to do a reverse DNS look-up?

Is there a built-in command line tool that will do reverse DNS look-ups in Windows? I.e., something like <toolname> w.x.y.z => mycomputername

I've tried:

  • nslookup: seems to be forward look-up only.
  • host: doesn't exist
  • dig: also doesn't exist.

I found "What's the reverse DNS command line utility?" via a search, but this is specifically looking for a *nix utility, not a Windows one.

Source: (StackOverflow)

Is a wildcard CNAME DNS record valid?

I know it's valid to have a DNS A record that's a wildcard (e.g. *.mysite.com). Is it possible/valid/advised to have a wildcard CNAME record?

Source: (StackOverflow)

How the heck is http://to./ a valid domain name?

Apparently it's a URL shortener. It resolves just fine in Chrome and Firefox. How is this a valid top-level domain?

Update: for the people saying it's browser shenanigans, why is it that: http://com./ does not take me to: http://www.com/?

And, do browsers ever send you a response from some place other than what's actually up in the address bar? Aside from framesets and things like that, I thought browsers tried really hard to send you content only from the site in the address bar, to help guard against phishing.

Source: (StackOverflow)

What is a glue record?

This is a Canonical Question about DNS glue records.

What exactly (but briefly) is a DNS glue record? Why are they needed and how do they work?

Source: (StackOverflow)

is a CNAME to CNAME chain allowed

Is it allowed in DNS to have a CNAME record that points to another CNAME record?

The reason we need this is that we have a hostname that we want to be looked up to the IP address of our web server computer. We also have another web server computer stand by that could be activated in case the first one would die. In such a case we would quickly need to point the hostname to the IP address of the stand by web server computer.

Unfortunately the hostname resides in a DNS domain where any change would take long time due to manual operation dependent on other sysadmins. But we have another DNS domain where we can perform the changes ourselves quickly. Having CNAME to CNAME chain seems like a possible solution. But is it allowed? Will web browsers understand it?

Source: (StackOverflow)

Windows 7: "localhost name resolution is handled within DNS itself". Why?

After 18 years of hosts files on Windows, I was surprised to see this in Windows 7 build 7100:

# localhost name resolution is handled within DNS itself.
# localhost
#   ::1 localhost

Does anyone know why this change was introduced? I'm sure there has to be some kind reasoning.

And, perhaps more relevantly, are there any other important DNS-related changes in Windows 7? It scares me a little bit to think that something as fundamental as localhost name resolution has changed... makes me think there are other subtle but important changes to the DNS stack in Win7.

Source: (StackOverflow)

Phishing site uses subdomain that I never registered

I recently received the following message from Google Webmaster Tools:

Dear site owner or webmaster of http://gotgenes.com/,


Below are one or more example URLs on your site which may be part of a phishing attack:



What I don't understand is that I never had a subdomain repair.gotgenes.com, but visiting it in the web browser gives an actual My DNS is FreeDNS, which does not list a repair subdomain. My domain name is registered with GoDaddy, and the nameservers are correctly set to NS1.AFRAID.ORG, NS2.AFRAID.ORG, NS3.AFRAID.ORG, and NS4.AFRAID.ORG.

I have the following questions:

  1. Where is repair.gotgenes.com actually registered?
  2. How was it registered?
  3. What action can I take to have it removed from DNSs?
  4. How can I prevent this from happening in the future?

This is pretty disconcerting; I feel like my domain has been hijacked. Any help would be much appreciated.

Source: (StackOverflow)

Why can't a CNAME record be used at the apex (aka root) of a domain?

This is a Canonical Question about CNAMEs at the apices (or roots) of zones

It's relatively common knowledge that CNAME records at the apex of a domain are a taboo practice.

Example: example.com. IN CNAME ithurts.example.net.

In a best case scenario nameserver software might refuse to load the configuration, and in the worst case it might accept this configuration and invalidate the configuration for example.com.

Recently I had a webhosting company pass instructions to a business unit that we needed to CNAME the apex of our domain to a new record. Knowing that this would be a suicide config when fed to BIND, I advised them that we would not be able to comply and that this was bunk advice in general. The webhosting company took the stance that it is not outright forbidden by standard defining RFCs and that their software supports it. If we could not CNAME the apex, their advice was to have no apex record at all and they would not provide a redirecting webserver. ...What?

Most of us know that RFC1912 insists that A CNAME record is not allowed to coexist with any other data., but let's be honest with ourselves here, that RFC is only Informational. The closest I know to verbiage that forbids the practice is from RFC1034:

If a CNAME RR is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different.

Unfortunately I've been in the industry long enough to know that "should not" is not the same as "must not", and that's enough rope for most software designers to hang themselves with. Knowing that anything short of a concise link to a slam dunk would be a waste of my time, I ended up letting the company get away with a scolding for recommending configurations that could break commonly used software without proper disclosure.

This brings us to the Q&A. For once I'd like us to get really technical about the insanity of apex CNAMEs, and not skirt around the issue like we usually do when someone posts on the subject. RFC1912 is off limits, as are any other Informational RFC applicable here that I didn't think of. Let's shut this baby down.

Source: (StackOverflow)

I changed my TTL from 24 hours to 5 minutes. Do I need to wait 24 hours before changing the records?

I am migrating our app from a cloud server at Rackspace t a dedicated server.

I want to bring the application down for ~5 minutes to copy the data from the cloud server to the dedicated server, so I don't want requests going to the old server after I have copied the data.

I want to point our DNS record at the new server, but the TTL was set to 24 hours. I have changed it to 300 seconds. Do I need to wait the 24 hours before updating the ip that domain points to / copying the data?

Source: (StackOverflow)

Force dig to resolve without using cache

I'm wondering if there is a way to query a DNS server and bypass caching (with dig). Often I change a zone on the DNS server and I want to check if it resolves correctly from my workstation. But since the server caches resolved requests, I often get the old ones. Restarting or -loading the server is not really something nice.

Source: (StackOverflow)

Is Round-Robin DNS "good enough" for load balancing static content?

We have a set of shared, static content that we serve up between our websites at http://sstatic.net. Unfortunately, this content is not currently load balanced at all -- it's served from a single server. If that server has problems, all the sites that rely on it are effectively down because the shared resources are essential shared javascript libraries and images.

We are looking at ways to load balance the static content on this server, to avoid the single server dependency.

I realize that round-robin DNS is, at best, a low end (some might even say ghetto) solution, but I can't help wondering -- is round robin DNS a "good enough" solution for basic load balancing of static content?

There is some discussion of this in the [dns] [load-balancing] tags, and I've read through some great posts on the topic.

I am aware of the common downsides of DNS load balancing through multiple round-robin A records:

  • there's typically no heartbeats or failure detection with DNS records, so if a given server in the rotation goes down, its A record must manually be removed from the DNS entries
  • the time to live (TTL) must necessarily be set quite low for this to work at all, since DNS entries are cached aggressively throughout the internet
  • the client computers are responsible for seeing that there are multiple A records and picking the correct one

But, is round robin DNS good enough as a starter, better than nothing, "while we research and implement better alternatives" form of load balancing for our static content? Or is DNS round robin pretty much worthless under any circumstances?

Source: (StackOverflow)