← Back to glossary

DNS Resolution

Networking Intermediate

debt(d7/e5/b5/t5)

d7 Detectability Operational debt — how invisible misuse is to your safety net

Closest to 'only careful code review or runtime testing' (d7). DNS resolution issues are invisible at compile time. The listed tools (curl, strace, blackfire) are runtime diagnostic tools that require manual investigation. Slow DNS or misconfigured records typically surface only when users experience latency or outages in production. There's no static analysis that catches high TTLs before migration or missing CNAME cleanup.

e5 Effort Remediation debt — work required to fix once spotted

Closest to 'touches multiple files / significant refactor in one component' (e5). The quick_fix mentions caching DNS with local resolver (infrastructure change) and reusing connections with CURLOPT_TCP_KEEPALIVE (code changes across HTTP clients). Fixing DNS issues often requires coordinating infrastructure changes (DNS records, TTLs, resolvers) with application code changes (connection reuse patterns). Not a one-line fix, but not architectural rework either.

b5 Burden Structural debt — long-term weight of choosing wrong

Closest to 'persistent productivity tax' (b5). DNS affects every external request in web and CLI contexts (per applies_to). The misconception notes DNS is 'the first step in every request' — it's a constant concern whenever dealing with external services, migrations, or failovers. It's not architecture-defining, but every team must repeatedly revisit DNS configuration for migrations, provider changes, and incident response.

t5 Trap Cognitive debt — how counter-intuitive correct behaviour is

Closest to 'notable trap' (t5). The misconception explicitly states developers believe 'DNS changes propagate instantly' when propagation is bounded by TTL which can be hours or days. This is a documented gotcha that most experienced developers eventually learn, often the hard way during a migration. It contradicts the intuition that changes take effect immediately like other configuration updates.

About DEBT scoring → scored by claude-opus-4-5-20251101 · 2026-05-07 · reviewed by human

Also Known As

DNS lookup name resolution

TL;DR

The process of translating a human-readable domain name into an IP address via a hierarchy of DNS servers.

Explanation

DNS resolution begins at a recursive resolver (usually provided by the ISP or a public resolver like 8.8.8.8). If not cached, the resolver queries root nameservers, then TLD nameservers, then the authoritative nameserver for the domain. Results are cached for the duration specified by the TTL. High TTLs reduce DNS latency but slow propagation of changes; low TTLs enable fast failover but increase resolver load.

Diagram

sequenceDiagram
    participant C as Client
    participant R as Recursive Resolver
    participant ROOT as Root NS
    participant TLD as .com NS
    participant AUTH as example.com NS
    C->>R: Where is example.com?
    R->>ROOT: Where is .com?
    ROOT-->>R: Ask TLD NS
    R->>TLD: Where is example.com?
    TLD-->>R: Ask AUTH NS
    R->>AUTH: What is example.com?
    AUTH-->>R: 93.184.216.34 (TTL 3600)
    R-->>C: 93.184.216.34 (cached)

Common Misconception

✗ DNS changes propagate instantly — propagation is bounded by the TTL of the old record, which can be hours or days.

Why It Matters

DNS misconfiguration causes outages, slow failovers, and enables subdomain takeover attacks — understanding TTLs and record types is essential for reliable deployments.

Common Mistakes

High TTLs before a planned migration — reduce TTL days before to enable fast propagation.
Not removing CNAME records when deprovisioning cloud resources — enables subdomain takeover.
Using A records instead of CNAME for load balancers that change IP — the IP becomes stale.
Forgetting that DNS is the first step in every request — slow DNS adds latency to every connection.

Code Examples

✗ Vulnerable

# DNS record not removed after deprovisioning:
; staging.example.com CNAME myapp.herokuapp.com
; Heroku app deleted — CNAME still exists
; Attacker registers same Heroku hostname → subdomain takeover

✓ Fixed

# DNS best practices:
; Lower TTL before planned changes:
example.com. 300 IN A 203.0.113.1   ; 5min TTL for pre-migration

; Remove records when deprovisioning:
; Run: dig staging.example.com — verify no dangling CNAMEs

; Use ALIAS/CNAME for load balancers that change IP:
www IN CNAME myapp.us-east-1.elb.amazonaws.com.

Tags

dns networking infrastructure

Added 15 Mar 2026

Edited 22 Mar 2026

Curated in Warsaw under one editorial standard. 1,506 terms, single voice. About this reference →

Rate this term

No ratings yet

🤖 AI Guestbook educational data only

| |

Last 30 days

Agents 0

No pings yet today

No pings yesterday

Scrapy 11 Amazonbot 7 Google 5 SEMrush 5 Perplexity 4 Unknown AI 4 Ahrefs 4 ChatGPT 3 Claude 2 Bing 2 Majestic 1 Qwen 1 Meta AI 1 PetalBot 1

Also referenced

CDN (Content Delivery Network) 48 DNS Rebinding Attack 39 Subdomain Takeover 34

How they use it

crawler 44 crawler_json 6 pre-tracking 1

Related categories

security 7.9k performance 3.3k networking 999

⚡ DEV INTEL Tools & Severity

🟡 Medium ⚙ Fix effort: Low

⚡ Quick Fix

Cache DNS lookups with a local resolver (nscd or systemd-resolved); for PHP code making HTTP calls, reuse connections with CURLOPT_TCP_KEEPALIVE to avoid repeated DNS lookups

📦 Applies To

any web cli

🔗 Prerequisites

DNS Record Types HTTP Request-Response Cycle NAT & Port Forwarding

🔍 Detection Hints

New cURL handle per request losing DNS cache; no connection reuse between PHP requests to same host; slow external API calls with DNS resolution overhead

Auto-detectable: ✗ No curl strace blackfire

⚠ Related Problems

HTTP Request-Response Cycle NAT & Port Forwarding

🤖 AI Agent

Confidence: Low False Positives: High ✗ Manual fix Fix: Medium Context: File

References

https://www.cloudflare.com/learning/dns/what-is-dns/