Key Concepts & Terminology

Understanding the internal components of the DNS system is essential for both operational and architectural decision-making. Below are the primary entities and how they interact within a DNS workflow.

Domain

A domain represents a named node in the hierarchical namespace of the DNS system. It is the core abstraction that allows users to reference services without needing to know their physical or network location.

Domains are structured from right to left:

• .com → Top-Level Domain (TLD)

• example → Second-Level Domain (SLD)

• www → Subdomain (or host label)

Each level is separated by a dot, and the full domain, when appended with a trailing dot (.), forms a Fully Qualified Domain Name (FQDN).

Fully Qualified Domain Name (FQDN)

An FQDN is an absolute, unambiguous name that fully specifies a location in the DNS hierarchy. It includes:

• Subdomain or host (e.g., www)

• Second-level domain (e.g., example)

• TLD (e.g., com)

• Implicit root (.)

Example: www.example.com. is an FQDN, while example.com is a relative name without context.

Zone

A zone defines a set of DNS records under a single administrative boundary. While a domain is a naming concept, a zone is a configuration unit that contains:

• An SOA (Start of Authority) record

• NS (Nameserver) records

• Resource records (A, CNAME, TXT, etc.)

A zone can span an entire domain (e.g., example.com) or a delegated subdomain (e.g., internal.example.com).

Zones are hosted on authoritative nameservers and define how DNS queries should be answered for the records they contain.

Record

A record is a single entry within a DNS zone. Each record maps a domain name to a specific piece of information—most commonly an IP address, but also mail servers, service metadata, or cryptographic keys.

Every DNS record includes:

• Name: The label or subdomain it applies to

• Type: The kind of record (e.g., A, MX, TXT)

• TTL: How long the record can be cached

• Value: The actual data (e.g., IP address, hostname)

Example:

www.example.com. 3600 IN A 203.0.113.10

Nameserver

A nameserver is a server that stores and serves DNS zone data. There are two main types:

• Authoritative nameserver: Responds with the actual DNS records for a domain or zone.

• Recursive resolver: Acts on behalf of clients to resolve queries, starting from the root if necessary.

Authoritative nameservers are the source of truth for a zone, while recursive resolvers are intermediaries that cache and accelerate lookups.

Delegation

Delegation occurs when a zone administrator assigns authority over a subdomain to a different set of nameservers. This is implemented by placing NS records in the parent zone pointing to the nameservers of the child zone.

For example:

• example.com may delegate shop.example.com to another DNS provider or system.

• The parent zone retains the NS record, but the child zone becomes independently administrable.

TTL (Time To Live)

TTL is a numeric value (in seconds) that defines how long a DNS record may be cached by resolvers and clients.

• Short TTLs allow rapid changes but increase query traffic.

• Long TTLs reduce load but may delay propagation of updates.

TTL strategy is a critical component of DNS performance and reliability tuning.

Recursive Resolver vs Authoritative Nameserver