DNS Fundamentals Cheat Sheet

DNS resolution lifecycle, record types (A/AAAA/CNAME/MX/TXT), TTL behavior, and essential dig/nslookup diagnostic commands.

Last Updated: May 1, 2025

DNS Resolution Process

1. Browser cache

Check local DNS cache (chrome://net-internals/#dns)

2. OS cache

Check operating system resolver cache (systemd-resolved, nscd)

3. Recursive resolver

Query configured DNS server (ISP, 8.8.8.8, 1.1.1.1)

4. Root nameservers

Resolver asks root for .com/.org/.net TLD server

5. TLD nameserver

TLD server returns authoritative nameserver for domain

6. Authoritative NS

Returns actual record (A, CNAME, etc.) with TTL

7. Cached result

Resolver caches answer for TTL duration and returns to client

Item	Description
`A`	Maps domain to IPv4 address (example.com → 93.184.216.34)
`AAAA`	Maps domain to IPv6 address (Quad-A record)
`CNAME`	Alias — maps name to another domain name (canonical name)
`MX`	Mail exchanger — specifies mail server + priority for domain
`TXT`	Arbitrary text — used for SPF, DKIM, DMARC, domain verification
`NS`	Authoritative nameserver for the domain
`SOA`	Start of Authority — admin email, serial, refresh/retry timers
`PTR`	Reverse DNS — maps IP to domain name (in-addr.arpa)
`SRV`	Service record — defines host/port for specific services
`CAA`	Certification Authority Authorization — restricts TLS issuers

dig example.com

Basic A record lookup

dig example.com AAAA

Query IPv6 address

dig example.com MX

Query mail servers with priority

dig example.com ANY

Query all record types (often blocked)

dig +short example.com

Compact output — just the answer

dig +trace example.com

Trace full delegation path from root

dig -x 8.8.8.8

Reverse DNS lookup (PTR record)

dig @1.1.1.1 example.com

Query a specific DNS resolver

dig example.com +noall +answer

Show only answer section

Item	Description
`TTL (Time To Live)`	How long a resolver can cache a record (seconds)
`Low TTL (60-300s)`	Use for records that change often (failover, DNS migration)
`High TTL (3600-86400s)`	Use for stable records — reduces DNS query load
`Negative caching`	Caching the 'no such record' response (NXDOMAIN, SOA MINIMUM)
`Propagation delay`	Time for DNS changes to reach all resolvers = old TTL value
`Flush DNS cache`	macOS: dscacheutil -flushcache; Linux: resolvectl flush-caches

Pro Tip: Use `dig +short` for script-friendly output. Always check propagation with `dig @8.8.8.8` (Google DNS) vs `dig @1.1.1.1` (Cloudflare).