DNS unraveled, todays talk at FOSDEM

DNS unraveled - Infos / Links from todays DNS subject…

Get the info from the source - or in this case, the “root”:


A good explanation how and why “DNS ROOT” Servers work and exist.

The generic Wikipedia:

A small but important bit of info on the IANA site:

This is valid for BIND, the “Reference Software” for DNS, also for PowerDNS. Both are still among the most used DNS servers nowadays, actually powering the Internet!

DNS Operation

Take a typical DNS operation, which almost always happens in the background (Unless using nslookup or dig on the CLI!):

A user opens a Browser to www.google.com

In the Background, the queried DNS Server will first check:

Do I have the list of ROOT Servers? YES
Do I have a list of the Servers responsible for .com? YES
Do I have a list of the Servers responsible for google.com YES

And will finally return the IP or IPs (Round Robin distribution mostly) of the server or cluster answering that name (…

The answers are here mostly yes, as google.com is one of the most queried domains on the planet!
And - almost all DNS Servers will already have these info in the cache, along with the associated TTL records for that specific entry.

DNS records are generally long lived, servers have static IPs and names, so they don’t change very often. The TTL (Time To Live) specifies how long this can be in cache, before this information can be refreshes. Common values for TTL are a month, a week or a day.

Servers with dynamic DNS / non static IPs need a much lower TTL, as their IP can change daily or even more often!

My Home DNS Setup

My two internal DNS Servers are my Firewall, an OPNsense box, and my NethServer, a VM on Proxmox. For Workstations, i do have a PI-Hole. How it all hangs together…




This will go into the Wiki, I’m preparing a few Screenshots, then the Wiki Article!

Greetings to Italy from Svizzera!