Skip to content

Quiz: DNS

← Back to quiz index

5 questions

L1 (3 questions)

1. dig shows the correct IP but the app can't connect. What do you check?

Show answer 1. /etc/hosts overrides.
2. /etc/nsswitch.conf order.
3. App-level DNS cache.
4. IPv6 AAAA vs A records.
5. In K8s: ndots setting causing search domain issues.

2. What is the difference between an A record and a CNAME?

Show answer A record maps a name to an IP address. CNAME maps a name to another name (alias). CNAME cannot coexist with other record types at the zone apex.

3. Walk through the DNS resolution flow when a browser requests example.com.

Show answer 1. Browser/OS cache check.
2. Stub resolver queries configured DNS server (from /etc/resolv.conf or DHCP).
3. Recursive resolver checks its cache, else queries root -> TLD (.com) -> authoritative NS for example.com.
4. Answer is cached at each layer with TTL.

L2 (2 questions)

1. How does DNS resolution work inside Kubernetes?

Show answer Pod resolves via CoreDNS (kube-dns service at 10.96.0.10). ndots:5 default means short names get search domains appended first. svc.cluster.local resolves to ClusterIP. Headless services return pod IPs.

2. DNS resolves correctly from the server but the application gets NXDOMAIN. What do you check?

Show answer 1. App may use a different resolver (e.g., container DNS vs host DNS).
2. /etc/nsswitch.conf order (files before dns?).
3. In K8s: ndots setting and search domains cause partial names to be tried with cluster.local suffix first.
4. DNS caching layer (systemd-resolved, dnsmasq) may be stale.