Advanced DNS & Technical
Deep dives into DNSSEC, DNS failover, RDAP, EPP, and other advanced domain technologies.
For: Engineers and DevOps professionals
DNSSEC Deep Dive: Signing, Validation, and Troubleshooting
A complete technical walkthrough of DNSSEC: how zone signing works, the chain of trust, DS record delegation, and real-world troubleshooting with dig.
6 min readDNS over HTTPS (DoH): How It Works
Understand DNS over HTTPS: how DoH wraps DNS queries in HTTPS, which resolvers support it, browser vs. OS implementation, and privacy trade-offs.
4 min readDNS over TLS (DoT): Privacy-First Resolution
DNS over TLS explained: port 853, how DoT differs from DoH, Android Private DNS setup, server configuration with Unbound, and performance considerations.
3 min readEPP Protocol: How Registrars Communicate
Inside the Extensible Provisioning Protocol: how registrars talk to registries, the EPP command lifecycle, XML sessions, and what the EPP auth code really is.
4 min readRDAP: The Modern WHOIS Replacement
RDAP explained: how the Registration Data Access Protocol replaces WHOIS with structured JSON responses, authentication, and privacy-aware data access.
3 min readZone Files: Structure and Management
Master DNS zone file syntax: SOA, NS, A, MX, TXT, CNAME records, TTL directives, $ORIGIN, $INCLUDE, and best practices for zone file version control.
4 min readAnycast DNS: How Global DNS Networks Work
Anycast DNS explained: BGP-based IP routing, how Cloudflare and root servers use anycast for resilience, latency benefits, and trade-offs for DNS operators.
4 min readDNS Failover and Load Balancing
How DNS-based failover and load balancing work: health checks, round-robin, weighted routing, active-passive failover, and latency-based routing in Route 53.
4 min readGeoDNS: Location-Based DNS Routing
GeoDNS explained: how DNS servers route traffic based on client IP geolocation, EDNS Client Subnet, GeoIP databases, and multi-CDN traffic management.
4 min readGlue Records: When Your NS Lives in Your Zone
Glue records demystified: what they are, why circular DNS delegation requires them, how to check glue at registries, and troubleshooting missing glue.
4 min readRunning Your Own DNS Server: BIND vs PowerDNS
How to run your own authoritative DNS server: BIND 9 vs PowerDNS compared, installation, zone configuration, DNSSEC signing, and hardening for production.
4 min readDNS Security Extensions: Chain of Trust
How DNSSEC builds a cryptographic chain of trust from the root zone to your domain: trust anchors, DS records, KSK and ZSK hierarchy, and what breaks the chain.
5 min readWildcard DNS Records: Use Cases and Risks
Wildcard DNS records: how *.example.com works, SaaS tenant subdomains, catch-all email, DNSSEC interaction, and security risks including subdomain takeover.
4 min readSOA Records: Zone Authority Configuration
SOA records deep dive: all seven fields, serial number strategies, optimal refresh/retry/expire values, negative cache TTL tuning, and common misconfigurations.
5 min readDNS Performance Optimization at Scale
DNS performance at scale: TTL strategy, resolver caching, anycast PoP selection, EDNS0, DoH connection reuse, Prometheus monitoring, and dnsperf benchmarking.
6 min read