DNS - Domain Name System

What is DNS?

DNS stands for Domain Name System. It’s like the phonebook of the internet. When you type a website name like www.example.com into your browser, DNS translates that name into an IP address (like 192.0.2.1) so your computer can find and connect to the correct website.

Why is DNS important?

Computers use IP addresses to identify each other on the internet. Humans prefer easy-to-remember names (like google.com) instead of numbers. DNS makes it possible to use names instead of IP addresses.

How DNS works (in simple steps):

  • You enter a website name in your browser.

  • Your device asks a DNS server to find the matching IP address.

  • The DNS server replies with the IP address.

  • Your browser connects to that IP address and loads the website.

Where is DNS used?

Web Browsing, Email Services, Mobile Apps, Cloud Services, Enterprise Networks, IoT Devices, CDNs (Content Delivery Networks) and everywhere on the internet to translate names into IP addresses, enabling communication between devices and services.

Which OSI layer does this protocol belong to?

DNS is a service that applications (like web browsers or email clients) use to resolve domain names into IP addresses. Since it directly interacts with user-level applications, it belongs to the Application Layer.

Topics in this section,

  • In this section, you are going to learn

  • Terminology

  • Version Info

DNS Version

RFC

Year

Core Idea / Contribution

DNS v1

RFC 882, 883

1983

Initial specification of DNS concepts and implementation.

DNS v2

RFC 1034, 1035

1987

Replaced RFC 882/883; defined DNS concepts, facilities, and implementation.

DNS Enhancements

RFC 1123

1989

Requirements for Internet hosts, including DNS behavior.

RFC 1536

1993

Common DNS implementation errors and fixes.

RFC 1912

1996

Operational/configuration errors and best practices.

RFC 1982

1996

Serial number arithmetic for zone transfers.

RFC 1995

1996

Incremental Zone Transfer (IXFR).

RFC 1996

1996

DNS NOTIFY mechanism for zone change alerts.

Dynamic DNS

RFC 2136

1997

Dynamic updates to DNS records.

Clarifications

RFC 2181

1997

Clarifications to DNS specifications.

Negative Caching

RFC 2308

1998

Negative caching of DNS queries.

DNSSEC

RFC 4033 4035

2005

DNS Security Extensions for data integrity and authentication.

RFC 9364

2023

Consolidated DNSSEC practices and updates.

IPv6 Support

RFC 3596

2003

DNS extensions for IPv6.

RFC 3901

2004

IPv6 transport operational guidelines.

Privacy & TLS

RFC 7858

2016

DNS over TLS (DoT) for encrypted DNS queries.

RFC 8484

2018

DNS over HTTPS (DoH).

RFC 9250

2022

DNS over QUIC (DoQ).

Extensions

RFC 6891

2013

Extension Mechanisms for DNS (EDNS0).

RFC 5001

2007

Name Server Identifier (NSID) option.

RFC 5936

2010

Zone transfer protocol (AXFR).

RFC 5966

2010

DNS over TCP implementation requirements.

Setup

Setup

DNS Query Packet

S.No

Protocol Packets

Description

Size(Bytes)

1

DNS Query Packet
client sends a query to a DNS server requesting the

IP address associated with a domain name.

2850 bytes

Header

Contains essential information about the DNS query or response.

12

ID
copied in the corresponding response to match

queries and responses

2

QR
Indicates whether the message is a query (0)

or a response (1)

2 bits

Opcode
Specifies the kind of query (e.g., standard query,

inverse query, server status request).

2 bits

AA(Authoritative Answer)
Indicates if the responding server is an authority

for the domain name.

2 bits

TC(Truncation)

Indicates if the message was truncated.

2 bits

RD(Recursion Desired)
set by the client to indicate if recursive query

support is desired.

2 bits

RA( Recursion Available)

set by the server to indicate if recursive query support is available.

2 bits

Z

Reserved for future use, must be zero

2 bits

RCODE( Response Code)

indicates the status of the response

2 bits

QDCOUNT

Number of entries in the question section

2

ANCOUNT

Number of resource records in answer section.

2

NSCOUNT
Number of name server resource records in the

authority section

2

ARCOUNT

Number of resource records in the additional records section.

2

Question

Contains the query for the DNS server

QNAME

The domain name being queried.

variable(255)

QTYPE

The type of the query (e.g., A for address record, MX for mail exchange record).

2

QCLASS

The class of the query (e.g., IN for internet)

2

DNS Response Packet

S.No

Protocol Packets

Description

Size(Bytes)

2

DNS Response Packet

sent by a DNS server to reply to a client’s query

45100 bytes

Header

Contains essential information about the DNS query or response.

ID
copied in the corresponding response to match

queries and responses

2

QR
Indicates whether the message is a query (0)

or a response (1)

2 bits

Opcode
Specifies the kind of query (e.g., standard query,

inverse query, server status request).

2 bits

AA(Authoritative Answer)
Indicates if the responding server is an authority

for the domain name.

2 bits

TC(Truncation)

Indicates if the message was truncated.

2 bits

RD(Recursion Desired)
set by the client to indicate if recursive query

support is desired.

2 bits

RA( Recursion Available)

set by the server to indicate if recursive query support is available.

2 bits

Z

Reserved for future use, must be zero

2 bits

RCODE( Response Code)

indicates the status of the response

2 bits

QDCOUNT

Number of entries in the question section

2

ANCOUNT

Number of resource records in answer section.

2

NSCOUNT
Number of name server resource records in the

authority section

2

ARCOUNT

Number of resource records in the additional records section.

2

Question

Contains the query for the DNS server

QNAME

The domain name being queried.

variable(255)

QTYPE

The type of the query (e.g., A for address record, MX for mail exchange record).

2

QCLASS

The class of the query (e.g., IN for internet)

2

Answer

Contains resource records answering the question

NAME

domain name to which this resource record pertains

variable(255)

TYPE

Type of the resource record (e.g., A, MX, CNAME)

2

CLASS

class of the resource record (e.g., IN).

2

TTL(Time to Live)
time interval that the resource record may be cached

before it should be discarded.

4

RDLENGTH

The length of the RDATA field

2

RDATA

data of the resource record

variable(65535)

Authority
Contains resource records pointing toward an

authoritative name server

NAME

domain name to which this resource record pertains

variable(255)

TYPE

Type of the resource record (e.g., A, MX, CNAME)

2

CLASS

class of the resource record (e.g., IN).

2

TTL(Time to Live)
time interval that the resource record may be cached

before it should be discarded.

4

RDLENGTH

The length of the RDATA field

2

RDATA

data of the resource record

variable(65535)

Additional
Contains resource records holding additional

information.

NAME

domain name to which this resource record pertains

variable(255)

TYPE

Type of the resource record (e.g., A, MX, CNAME)

2

CLASS

class of the resource record (e.g., IN).

2

TTL(Time to Live)
time interval that the resource record may be cached

before it should be discarded.

4

RDLENGTH

The length of the RDATA field

2

RDATA

data of the resource record

variable(65535)

S.no

Use Case

Description

1

Website Access

Resolves domain names (e.g., example.com) to IP addresses so users can access websites.

2

Email Routing

Uses MX (Mail Exchange) records to direct email traffic to the correct mail servers.

3

Load Balancing

Distributes traffic across multiple servers using DNS round-robin or geo-based records.

4

Content Delivery Networks (CDNs)

Directs users to the nearest server for faster content delivery using DNS-based redirection.

5

Service Discovery

Helps applications locate services (e.g., via SRV or TXT records), especially in microservices

and enterprise networks.

6

Security Filtering

Blocks access to malicious domains using DNS-based firewalls or filtering services.

7

IoT Device Naming

Assigns human-readable names to devices in local or cloud-connected networks.

8

Failover and Redundancy

Automatically redirects traffic to backup servers if the primary server fails.

S.no

Feature

Description

1

Name Resolution

Converts human-readable domain names (e.g., example.com) into IP addresses.

2

Record Types

Supports various record types like A (IPv4), AAAA (IPv6), MX (mail), CNAME (alias), NS (name server), TXT (text), etc

3

Caching

Stores query results temporarily to reduce lookup time and server load.

4

Recursive & Iterative Queries

Recursive resolvers fetch the full answer; iterative queries return referrals to other DNS servers.

5

Zone Management

Organizes DNS data into zones, managed by authoritative servers.

6

Delegation

Allows subdomains to be managed by different name servers using NS records.

7

Reverse DNS Lookup

Resolves IP addresses back to domain names using PTR records.

8

Security Extensions (DNSSEC)

Adds data integrity and origin authentication to DNS responses.

9

Load Balancing

Distributes traffic using multiple A/AAAA records for a single domain.

10

Redundancy & Failover

Ensures high availability using multiple name servers and TTL-based updates.

Name Resolution - Testcases

#

Test Case

Description

Expected Result

1

DNS Query

Send a standard A record query

Returns IP address of domain

2

DNS Response Validation

Check response headers and flags

Valid flags and response code

3

NXDOMAIN Response

Query non-existent domain

Returns NXDOMAIN

4

CNAME Resolution

Query domain with CNAME

Returns canonical name and resolves to IP

5

TTL Expiry

Wait for TTL to expire

DNS cache entry removed

6

DNS Cache Hit

Query cached domain

Response from cache

7

DNS Cache Miss

Query uncached domain

Resolver fetches from authoritative server

8

DNS over UDP

Send query over UDP

Response received over UDP

9

DNS over TCP

Send query over TCP

Response received over TCP

10

DNS Port Test

Send query to port 53

Server responds

11

Invalid DNS Query

Send malformed query

Server returns error

12

DNS Timeout

Block response

Client times out

13

DNS Retry

Retry after timeout

Retries query

14

DNS Server Unreachable

Point to offline DNS server

No response

15

DNS Round Robin

Query domain with multiple A records

Returns different IPs on successive queries

16

DNS Load Balancing

Query load-balanced domain

IPs vary per query

17

DNSSEC Validation

Query DNSSEC-enabled domain

Validates signatures

18

DNSSEC Failure

Tamper with DNSSEC response

Validation fails

19

DNS Zone Transfer AXFR

Request AXFR from authoritative server

Full zone data returned

20

DNS Zone Transfer IXFR

Request IXFR

Incremental zone data returned

21

DNS MX Record

Query for mail exchange record

Returns MX records

22

DNS TXT Record

Query for TXT record

Returns text data

23

DNS SRV Record

Query for service record

Returns service details

24

DNS PTR Record

Reverse lookup IP

Returns domain name

25

DNS SOA Record

Query for Start of Authority

Returns SOA record

26

DNS NS Record

Query for name servers

Returns NS records

27

DNS AAAA Record

Query for IPv6 address

Returns IPv6 address

28

DNS Wildcard Record

Query wildcard domain

Returns matching record

29

DNS Subdomain Resolution

Query subdomain

Returns correct IP

30

DNS Root Server Query

Query root server

Returns TLD servers

31

DNS TLD Server Query

Query TLD server

Returns authoritative server

32

DNS Authoritative Server Query

Query authoritative server

Returns final answer

33

DNS Resolver Forwarding

Query via resolver

Resolver forwards to upstream

34

DNS Resolver Caching

Query same domain twice

Second response from cache

35

DNS Query Logging

Enable logging on resolver

Logs show query details

36

DNS Query Filtering

Block specific domain

Query blocked or redirected

37

DNS Query Rate Limiting

Send rapid queries

Server throttles or blocks

38

DNS Amplification Test

Send small query with large response

Response size much larger

39

DNS Reflection Test

Spoof source IP

Response sent to spoofed IP

40

DNS Resolver Failover

Use multiple resolvers

Fallback to secondary on failure

41

DNS over HTTPS (DoH)

Send query via HTTPS

Encrypted response

42

DNS over TLS (DoT)

Send query via TLS

Encrypted response

43

DNS Query with EDNS

Use EDNS0 options

Extended response supported

44

DNS Query with Padding

Add padding to query

Response includes padding

45

DNS Query with ECS

Use EDNS Client Subnet

Response tailored to subnet

46

DNS Query with Truncation

Force large response over UDP

Response truncated

47

DNS Fallback to TCP

Truncated UDP response

Client retries over TCP

48

DNS Query with Custom Resolver

Use custom DNS server

Response from specified server

49

DNS Query with Local Hosts File

Add entry to hosts file

Resolution from hosts file

50

DNS Query with Split Horizon

Use internal/external DNS views

Different responses based on source

Record Types - Testcases

#

Test Case

Description

Expected Result

1

A Record Resolution

Query for A record

Returns IPv4 address

2

AAAA Record Resolution

Query for AAAA record

Returns IPv6 address

3

CNAME Record Resolution

Query for CNAME

Returns canonical name

4

MX Record Resolution

Query for MX record

Returns mail server details

5

TXT Record Resolution

Query for TXT record

Returns text data

6

NS Record Resolution

Query for NS record

Returns name servers

7

SOA Record Resolution

Query for SOA record

Returns zone authority details

8

PTR Record Resolution

Reverse lookup using IP

Returns domain name

9

SRV Record Resolution

Query for SRV record

Returns service location

10

SPF Record Check

Query for SPF in TXT

Returns SPF policy

11

DNSKEY Record Check

Query for DNSKEY

Returns public key

12

RRSIG Record Check

Query for RRSIG

Returns digital signature

13

NSEC Record Check

Query for NSEC

Returns next secure record

14

NSEC3 Record Check

Query for NSEC3

Returns hashed next secure record

15

DS Record Check

Query for DS record

Returns delegation signer

16

TLSA Record Check

Query for TLSA

Returns TLS certificate association

17

CAA Record Check

Query for CAA

Returns certificate authority policy

18

A Record TTL Test

Check TTL value for A record

TTL value returned

19

CNAME Chain Resolution

Query domain with multiple CNAMEs

Resolves to final A/AAAA record

20

MX Priority Test

Query MX with multiple priorities

Returns sorted by priority

21

TXT Record Length Test

Query long TXT record

Returns full text

22

Multiple A Records

Query domain with multiple A records

Returns all IPs

23

Wildcard A Record

Query subdomain with wildcard A record

Returns wildcard IP

24

Wildcard MX Record

Query subdomain with wildcard MX

Returns wildcard mail server

25

Invalid Record Type

Query unsupported record type

Returns error or empty

26

A Record with No TTL

Query A record with no TTL set

Uses default TTL

27

A Record with TTL Expiry

Wait for TTL to expire

Record removed from cache

28

CNAME Loop Detection

Create CNAME loop

Resolver detects loop

29

MX Record with No A Record

MX points to non-existent A record

Mail delivery fails

30

TXT Record for Domain Verification

Query TXT used for domain verification

Returns verification string

31

SRV Record with Weight

Query SRV with multiple weights

Returns weighted list

32

SRV Record with Port

Query SRV for service port

Returns correct port

33

PTR Record for IPv6

Reverse lookup for IPv6 address

Returns domain name

34

DNSKEY with RRSIG Validation

Validate DNSKEY with RRSIG

Signature matches

35

DS Record Delegation

Check DS record in parent zone

Matches child DNSKEY

36

TLSA Record for DANE

Query TLSA for HTTPS

Returns certificate info

37

CAA Record Enforcement

Query CAA and try unauthorized CA

CA rejects issuance

38

A Record with EDNS0

Query A record using EDNS0

Returns extended response

39

A Record with DNSSEC

Query A record with DNSSEC enabled

Returns RRSIG and DNSKEY

40

A Record with Truncation

Force large response

Response truncated

41

A Record with TCP Fallback

Retry truncated UDP query over TCP

Full response received

42

A Record with DNS Proxy

Query via DNS proxy

Proxy forwards and returns result

43

A Record with Split Horizon

Query from internal and external networks

Different IPs returned

44

A Record with Anycast

Query anycast DNS server

Response from nearest node

45

A Record with DNS Load Balancer

Query load-balanced DNS

Returns different IPs

46

A Record with DNS Firewall

Block domain via DNS firewall

Returns NXDOMAIN or redirect

47

A Record with DNS Logging

Enable logging on resolver

Logs show query and response

48

A Record with DNS Analytics

Enable analytics on DNS server

Query stats collected

49

A Record with DNS Monitoring

Monitor DNS traffic

A record queries visible

50

A Record with DNS Failover

Simulate primary IP failure

Secondary IP used

Caching - Testcases

#

Test Case

Description

Expected Result

1

Basic Cache Hit

Query same domain twice

Second response from cache

2

Basic Cache Miss

Query uncached domain

Resolver fetches from authoritative server

3

TTL Expiry

Wait for TTL to expire

Cache entry removed

4

TTL Countdown

Monitor TTL decrement

TTL decreases over time

5

Cache Invalidation

Manually clear cache

Next query fetches fresh data

6

Negative Caching

Query non-existent domain

NXDOMAIN cached for limited time

7

CNAME Cache

Query CNAME twice

Second response from cache

8

MX Record Cache

Query MX record twice

Second response from cache

9

TXT Record Cache

Query TXT record twice

Second response from cache

10

NS Record Cache

Query NS record twice

Second response from cache

11

SOA Record Cache

Query SOA record twice

Second response from cache

12

PTR Record Cache

Reverse lookup twice

Second response from cache

13

Cache Size Limit

Fill cache beyond limit

Oldest entries evicted

14

Cache Eviction Policy

Observe eviction order

Follows LRU or configured policy

15

Cache Persistence

Restart resolver

Cache cleared or persisted based on config

16

Cache TTL Respect

Query before and after TTL expiry

Fresh fetch after expiry

17

Cache Poisoning Attempt

Inject fake record

Resolver rejects or isolates

18

Cache Flush Command

Use flush command (e.g., rndc flush)

Cache cleared

19

Cache Logging

Enable cache logs

Logs show cache hits/misses

20

Cache Monitoring Tool

Use tool to inspect cache

Shows cached entries

21

DNSSEC with Cache

Query DNSSEC-enabled domain

Validated and cached

22

DNSSEC Expiry in Cache

Wait for RRSIG expiry

Record removed or revalidated

23

Cache with EDNS0

Query with EDNS0

Cached normally

24

Cache with ECS

Query with different client subnets

Separate cache entries

25

Cache with Split Horizon

Query from internal and external networks

Different cache entries

26

Cache with Forwarding Resolver

Use forwarding resolver

Cache at forwarder

27

Cache with Recursive Resolver

Use recursive resolver

Cache at resolver

28

Cache with Stub Resolver

Use stub resolver

No local cache

29

Cache with DNS Proxy

Query via proxy

Proxy may cache

30

Cache with Load Balancer

Query load-balanced DNS

May bypass cache due to IP rotation

31

Cache with Round Robin

Query domain with multiple A records

Cache stores all or rotates

32

Cache with Wildcard Record

Query wildcard domain

Cached normally

33

Cache with DNS Failover

Simulate primary IP failure

Cache may delay failover

34

Cache with DNS Firewall

Block domain via firewall

Cache may still hold old entry

35

Cache with DNS Analytics

Enable analytics

Cache stats visible

36

Cache with DNS Monitoring

Monitor DNS traffic

Cache hits reduce traffic

37

Cache with TTL=0

Query record with TTL 0

Not cached

38

Cache with TTL=1

Query record with TTL 1

Cached briefly

39

Cache with Long TTL

Query record with TTL > 1 day

Cached for long duration

40

Cache with DNS Load Test

Send high volume of queries

Cache reduces load

41

Cache with DNS Amplification

Observe cache behavior

Cached responses not amplified

42

Cache with DNS Reflection

Spoofed query

Cache not affected

43

Cache with DNS over HTTPS

Query via DoH

Client-side cache

44

Cache with DNS over TLS

Query via DoT

Client-side cache

45

Cache with VPN

Query over VPN

May bypass local cache

46

Cache with IPv6

Query AAAA record

Cached normally

47

Cache with IPv4

Query A record

Cached normally

48

Cache with DNS Stub Zones

Use stub zones

Cache behavior depends on config

49

Cache with DNS Views

Use different views

Separate caches per view

50

Cache with DNS Forward Zones

Use forward zones

Cache at forwarder

Recursive & Iterative Queries - Testcases

#

Test Case

Description

Expected Result

1

Recursive Query to Resolver

Send recursive query to resolver

Resolver returns final answer

2

Iterative Query to Resolver

Send iterative query to resolver

Resolver returns referral

3

Recursive Query to Root Server

Send recursive query to root server

Returns error or referral

4

Iterative Query to Root Server

Send iterative query to root server

Returns TLD server info

5

Recursive Query to TLD Server

Send recursive query to TLD server

Returns error or referral

6

Iterative Query to TLD Server

Send iterative query to TLD server

Returns authoritative server info

7

Recursive Query to Authoritative

Send recursive query to authoritative server

Returns final answer

8

Iterative Query to Authoritative

Send iterative query to authoritative server

Returns final answer

9

Resolver Recursion Enabled

Query resolver with recursion desired flag

Resolver performs recursion

10

Resolver Recursion Disabled

Query resolver with recursion disabled

Resolver returns referral

11

Iterative Query with No Cache

Query uncached domain iteratively

Resolver walks DNS hierarchy

12

Recursive Query with Cache Hit

Query cached domain recursively

Resolver returns cached result

13

Recursive Query with Cache Miss

Query uncached domain recursively

Resolver performs full resolution

14

Iterative Query with Cache Hit

Query cached domain iteratively

Resolver returns cached referral

15

Recursive Query with TTL Expiry

Wait for TTL to expire

Resolver re-queries authoritative servers

16

Iterative Query with TTL Expiry

Wait for TTL to expire

Resolver re-queries hierarchy

17

Recursive Query for CNAME Chain

Query domain with CNAMEs

Resolver follows chain and returns final IP

18

Iterative Query for CNAME Chain

Query domain with CNAMEs

Resolver returns intermediate CNAMEs

19

Recursive Query for MX Record

Query MX record recursively

Returns mail server info

20

Iterative Query for MX Record

Query MX record iteratively

Returns referral or final answer

21

Recursive Query with DNSSEC

Query DNSSEC-enabled domain recursively

Resolver validates and returns result

22

Iterative Query with DNSSEC

Query DNSSEC-enabled domain iteratively

Returns RRSIGs and DNSKEYs

23

Recursive Query with Truncation

Force large response

Resolver retries over TCP

24

Iterative Query with Truncation

Force large response

Resolver retries over TCP

25

Recursive Query with Timeout

Simulate timeout at resolver

Resolver retries or fails

26

Iterative Query with Timeout

Simulate timeout at resolver

Resolver retries or fails

27

Recursive Query with NXDOMAIN

Query non-existent domain

Resolver returns NXDOMAIN

28

Iterative Query with NXDOMAIN

Query non-existent domain

Resolver returns NXDOMAIN

29

Recursive Query with SERVFAIL

Simulate server failure

Resolver returns SERVFAIL

30

Iterative Query with SERVFAIL

Simulate server failure

Resolver returns SERVFAIL

31

Recursive Query with REFUSED

Simulate refusal

Resolver returns REFUSED

32

Iterative Query with REFUSED

Simulate refusal

Resolver returns REFUSED

33

Recursive Query with Loop

Create CNAME loop

Resolver detects and breaks loop

34

Iterative Query with Loop

Create CNAME loop

Resolver detects and breaks loop

35

Recursive Query with Wildcard

Query wildcard domain

Resolver returns wildcard match

36

Iterative Query with Wildcard

Query wildcard domain

Resolver returns wildcard match

37

Recursive Query with Forwarder

Use resolver with forwarder

Forwarder performs recursion

38

Iterative Query with Forwarder

Use resolver with forwarder

Forwarder returns referral

39

Recursive Query with Stub Zone

Use stub zone

Resolver queries stub zone

40

Iterative Query with Stub Zone

Use stub zone

Resolver queries stub zone

41

Recursive Query with Split Horizon

Query from different networks

Different answers based on view

42

Iterative Query with Split Horizon

Query from different networks

Different referrals based on view

43

Recursive Query with DNS Proxy

Query via DNS proxy

Proxy performs recursion

44

Iterative Query with DNS Proxy

Query via DNS proxy

Proxy returns referral

45

Recursive Query with DoH

Query via DNS over HTTPS

Resolver performs recursion

46

Iterative Query with DoH

Query via DNS over HTTPS

Resolver returns referral

47

Recursive Query with DoT

Query via DNS over TLS

Resolver performs recursion

48

Iterative Query with DoT

Query via DNS over TLS

Resolver returns referral

49

Recursive Query with ECS

Use EDNS Client Subnet

Resolver tailors response

50

Iterative Query with ECS

Use EDNS Client Subnet

Resolver returns ECS-aware referral

Zone Management - Testcases

#

Test Case

Description

Expected Result

1

Create Primary Zone

Create a new primary zone

Zone created successfully

2

Create Secondary Zone

Create a secondary zone

Zone created and synced

3

Zone File Syntax Validation

Add invalid syntax in zone file

Error detected

4

Add A Record to Zone

Add A record to zone

Record added

5

Add CNAME Record to Zone

Add CNAME record

Record added

6

Add MX Record to Zone

Add MX record

Record added

7

Add TXT Record to Zone

Add TXT record

Record added

8

Add NS Record to Zone

Add NS record

Record added

9

Add SOA Record to Zone

Add SOA record

Record added

10

Delete Record from Zone

Remove a record

Record deleted

11

Modify Record in Zone

Update an existing record

Record updated

12

Zone Serial Number Increment

Modify zone file

Serial number incremented

13

Zone Transfer AXFR

Perform full zone transfer

Zone data transferred

14

Zone Transfer IXFR

Perform incremental zone transfer

Only changes transferred

15

Zone Transfer to Unauthorized

Attempt transfer from unauthorized IP

Transfer denied

16

Zone Transfer Logging

Enable logging for transfers

Logs show transfer activity

17

Zone File Reload

Reload zone after changes

Changes applied

18

Zone File Backup

Backup zone file

Backup created

19

Zone File Restore

Restore from backup

Zone restored

20

Zone Delegation

Delegate subdomain to another server

NS records updated

21

Zone Expiry

Let secondary zone expire

Zone marked as expired

22

Zone Refresh

Trigger refresh from primary

Secondary updates zone

23

Zone Retry

Retry after failed transfer

Retry attempt made

24

Zone Notify

Primary sends NOTIFY to secondary

Secondary initiates transfer

25

Zone Signing with DNSSEC

Sign zone with DNSSEC

RRSIG and DNSKEY added

26

Zone Signature Expiry

Let DNSSEC signature expire

Validation fails

27

Zone Key Rollover

Perform key rollover

New keys published

28

Zone File Size Limit

Add many records to zone

Size limit enforced

29

Zone File Comment Handling

Add comments in zone file

Comments ignored

30

Zone File TTL Default

Omit TTL in record

Default TTL applied

31

Zone File TTL Override

Set TTL per record

TTL respected

32

Zone File Include Directive

Use $INCLUDE in zone file

External file included

33

Zone File Origin Directive

Use $ORIGIN in zone file

Origin updated

34

Zone File Multi-line Record

Use multi-line record syntax

Parsed correctly

35

Zone File Invalid Record Type

Add unsupported record type

Error returned

36

Zone File Duplicate Record

Add duplicate record

Duplicate detected

37

Zone File Wildcard Record

Add wildcard entry

Matches subdomains

38

Zone File Reverse Mapping

Add PTR record in reverse zone

Reverse lookup works

39

Zone File with IPv6 Records

Add AAAA records

IPv6 addresses resolved

40

Zone File with SRV Records

Add SRV records

Service discovery works

41

Zone File with CAA Records

Add CAA records

CA restrictions enforced

42

Zone File with TLSA Records

Add TLSA records

DANE validation possible

43

Zone File with DS Records

Add DS record for child zone

Delegation signed

44

Zone File with NAPTR Records

Add NAPTR records

Used in SIP/VoIP

45

Zone File with HINFO Records

Add HINFO records

Host info available

46

Zone File with LOC Records

Add LOC records

Geolocation info available

47

Zone File with RP Records

Add RP records

Responsible person info available

48

Zone File with SSHFP Records

Add SSHFP records

SSH key validation supported

49

Zone File with SPF Records

Add SPF in TXT format

Email policy enforced

50

Zone File Syntax Check Tool

Use tool to validate zone file

Errors and warnings reported

Delegation - Testcases

#

Test Case

Description

Expected Result

1

Create Subdomain Delegation

Delegate subdomain to another nameserver

NS records added in parent zone

2

Verify NS Records in Parent Zone

Check NS records for delegated subdomain

Correct NS records present

3

Verify Glue Records

Check glue A/AAAA records for child NS

Glue records present if needed

4

Missing Glue Record

Delegate to NS without glue

Resolution may fail

5

Delegation to External NS

Delegate to nameserver outside parent domain

Delegation works if NS is reachable

6

Delegation to Internal NS

Delegate to nameserver within parent domain

Delegation works

7

Delegation Loop Detection

Create circular delegation

Resolver detects loop

8

Delegation with DNSSEC

Sign both parent and child zones

Delegation signed with DS record

9

Missing DS Record

Omit DS record for signed child

DNSSEC validation fails

10

Incorrect DS Record

Add incorrect DS record

DNSSEC validation fails

11

Delegation with Correct DS Record

Add correct DS record

DNSSEC validation succeeds

12

Delegation with Multiple NS

Delegate to multiple nameservers

All NS records returned

13

Delegation with Unreachable NS

Delegate to unreachable nameserver

Resolution fails or delays

14

Delegation with Slow NS

Delegate to slow-responding NS

Increased resolution time

15

Delegation with TTL

Set TTL for NS records

TTL respected

16

Delegation with Expired TTL

Wait for TTL to expire

Resolver re-queries parent

17

Delegation with Wildcard Subdomain

Delegate wildcard subdomain

Wildcard applies in child zone

18

Delegation with CNAME Conflict

Add CNAME at delegation point

Conflict detected

19

Delegation with MX Record Conflict

Add MX at delegation point

Conflict detected

20

Delegation with TXT Record Conflict

Add TXT at delegation point

Conflict detected

21

Delegation with SOA Record

Check SOA record in child zone

Valid SOA present

22

Delegation with No SOA Record

Omit SOA in child zone

Zone invalid

23

Delegation with Zone Transfer

Perform AXFR from child zone

Transfer succeeds

24

Delegation with IXFR

Perform IXFR from child zone

Incremental transfer succeeds

25

Delegation with NOTIFY

Send NOTIFY from child to parent

Parent ignores or logs

26

Delegation with Stub Zone

Use stub zone for delegated domain

Queries forwarded to child NS

27

Delegation with Forward Zone

Use forward zone for delegated domain

Queries forwarded

28

Delegation with View Separation

Use different views for parent and child

Delegation works per view

29

Delegation with ACLs

Restrict access to child NS

Unauthorized queries blocked

30

Delegation with Logging

Enable logging on parent and child

Logs show delegation queries

31

Delegation with Monitoring

Monitor delegated zone

Alerts on failures

32

Delegation with DNS Proxy

Use proxy to reach child NS

Delegation works via proxy

33

Delegation with DNS Firewall

Block delegated domain

Resolution fails

34

Delegation with DNS Load Balancer

Use load-balanced NS for child

Responses vary per NS

35

Delegation with Anycast NS

Use anycast for child NS

Fastest NS responds

36

Delegation with IPv6 NS

Use IPv6 address for child NS

Resolution works over IPv6

37

Delegation with IPv4 NS

Use IPv4 address for child NS

Resolution works over IPv4

38

Delegation with Mixed IP NS

Use both A and AAAA for child NS

Resolver uses either

39

Delegation with DNSSEC Key Rollover

Rollover keys in child zone

DS updated in parent

40

Delegation with Expired Signature

Let RRSIG in child expire

Validation fails

41

Delegation with Insecure Zone

Delegate to unsigned child

Marked as insecure

42

Delegation with Secure Zone

Delegate to signed child

Marked as secure

43

Delegation with Broken Chain

Remove DS or DNSKEY

Validation fails

44

Delegation with Parent Zone Reload

Reload parent zone after delegation

Delegation becomes active

45

Delegation with Child Zone Reload

Reload child zone

Changes applied

46

Delegation with Zone File Include

Use $INCLUDE for delegation records

Records loaded correctly

47

Delegation with Zone File Comment

Comment out delegation

Delegation inactive

48

Delegation with DNS Query Logging

Enable query logging

Delegation queries visible

49

Delegation with DNS Analytics

Enable analytics

Delegation stats available

50

Delegation with DNS Monitoring Tool

Use tool like dig, dnsviz, zonemaster

Delegation path validated

Reverse DNS Lookup - Testcases

#

Test Case

Description

Expected Result

1

Basic IPv4 Reverse Lookup

Perform reverse lookup on valid IPv4 address

Returns domain name

2

Basic IPv6 Reverse Lookup

Perform reverse lookup on valid IPv6 address

Returns domain name

3

Invalid IPv4 Address

Use malformed IPv4 address

Returns error

4

Invalid IPv6 Address

Use malformed IPv6 address

Returns error

5

Non-existent PTR Record

Lookup IP with no PTR record

Returns NXDOMAIN or no result

6

PTR Record Exists

Lookup IP with valid PTR record

Returns correct domain

7

PTR Record Mismatch

PTR record does not match forward A/AAAA record

Warning or mismatch detected

8

PTR Record with Multiple Names

PTR record maps to multiple domains

All names returned

9

PTR Record with CNAME

PTR points to CNAME

CNAME resolved to domain

10

PTR Record with Wildcard

PTR uses wildcard

Wildcard resolved

11

Reverse Lookup with Timeout

Simulate slow DNS response

Lookup times out

12

Reverse Lookup with DNSSEC

Perform reverse lookup with DNSSEC validation

Signature validated

13

Reverse Lookup with DNSSEC Failure

Tamper with signed PTR record

Validation fails

14

Reverse Lookup with Cache Hit

Repeat lookup

Response from cache

15

Reverse Lookup with Cache Miss

Lookup uncached IP

Resolver queries authoritative servers

16

Reverse Lookup with TTL Expiry

Wait for TTL to expire

Record re-fetched

17

Reverse Lookup with IPv6 Compression

Use compressed IPv6 format

Correctly expanded and resolved

18

Reverse Lookup with IPv6 Expansion

Use full IPv6 format

Correctly resolved

19

Reverse Lookup with DNS Proxy

Perform lookup via proxy

Proxy returns result

20

Reverse Lookup with VPN

Perform lookup over VPN

May resolve differently

21

Reverse Lookup with NAT

Lookup private IP

No PTR record found

22

Reverse Lookup with Public IP

Lookup public IP

Returns domain if PTR exists

23

Reverse Lookup with Private IP

Lookup 192.168.x.x or 10.x.x.x

No PTR record

24

Reverse Lookup with Loopback IP

Lookup 127.0.0.1

Returns localhost or no result

25

Reverse Lookup with Reserved IP

Lookup reserved IP (e.g., 0.0.0.0)

Returns error or no result

26

Reverse Lookup with Broadcast IP

Lookup 255.255.255.255

Returns error or no result

27

Reverse Lookup with Multicast IP

Lookup 224.0.0.1

Returns error or no result

28

Reverse Lookup with Logging

Enable DNS logs

Logs show reverse lookup

29

Reverse Lookup with Monitoring

Monitor DNS traffic

Reverse queries visible

30

Reverse Lookup with Firewall

Block DNS port

Lookup fails

31

Reverse Lookup with DNS Tool

Use dig -x or nslookup

Returns PTR record

32

Reverse Lookup with DNS Library

Use Python socket.gethostbyaddr()

Returns domain or error

33

Reverse Lookup with DNS API

Use public DNS API (e.g., Google, Cloudflare)

Returns PTR record

34

Reverse Lookup with DNS Load Balancer

Lookup IP behind load balancer

May return generic domain

35

Reverse Lookup with CDN IP

Lookup IP of CDN node

Returns CDN domain

36

Reverse Lookup with Hosting Provider

Lookup IP of hosting service

Returns provider domain

37

Reverse Lookup with ISP IP

Lookup IP owned by ISP

Returns ISP domain

38

Reverse Lookup with Cloud IP

Lookup IP from AWS, Azure, GCP

Returns cloud provider domain

39

Reverse Lookup with Anycast IP

Lookup anycast IP

May return shared domain

40

Reverse Lookup with DNS View

Use different DNS views

Different results based on source

41

Reverse Lookup with DNS Zone File

Add PTR record to reverse zone

Lookup returns new domain

42

Reverse Lookup with Zone Transfer

Perform AXFR on reverse zone

PTR records listed

43

Reverse Lookup with Stub Zone

Use stub zone for reverse lookup

Queries forwarded

44

Reverse Lookup with Forward Zone

Use forward zone for reverse lookup

Queries forwarded

45

Reverse Lookup with Split Horizon

Use internal and external views

Different PTR results

46

Reverse Lookup with DNSSEC-signed Zone

Sign reverse zone

PTR records validated

47

Reverse Lookup with Delegation

Delegate reverse zone

Lookup follows delegation

48

Reverse Lookup with Misconfigured Zone

PTR record points to wrong domain

Incorrect result or failure

49

Reverse Lookup with Multiple PTRs

IP has multiple PTR records

All returned or one selected

50

Reverse Lookup with No Reverse Zone

No reverse zone configured

Lookup fails

Security Extensions (DNSSEC) - Testcases

#

Test Case

Description

Expected Result

1

DNSSEC Enabled Zone

Query signed zone

Returns RRSIG and DNSKEY records

2

DNSSEC Disabled Zone

Query unsigned zone

No RRSIG or DNSKEY returned

3

Validate RRSIG Record

Validate signature of DNS record

Signature matches

4

Tampered RRSIG Record

Modify RRSIG record

Validation fails

5

Missing RRSIG Record

Omit RRSIG from signed zone

Validation fails

6

Expired RRSIG Record

Use expired signature

Validation fails

7

Future-Dated RRSIG Record

Use signature not yet valid

Validation fails

8

Valid DNSKEY Record

Query DNSKEY for signed zone

Key returned and matches RRSIG

9

Invalid DNSKEY Record

Use incorrect DNSKEY

Validation fails

10

Missing DNSKEY Record

Omit DNSKEY

Validation fails

11

DS Record in Parent Zone

Query DS record for child zone

DS record returned

12

DS Record Mismatch

DS does not match child DNSKEY

Validation fails

13

DS Record Match

DS matches child DNSKEY

Validation succeeds

14

DNSSEC Key Rollover

Perform key rollover

New keys published and validated

15

DNSSEC with Delegation

Delegate signed child zone

DS record added to parent

16

DNSSEC with CNAME Record

Query CNAME in signed zone

RRSIG for CNAME validated

17

DNSSEC with MX Record

Query MX in signed zone

RRSIG for MX validated

18

DNSSEC with TXT Record

Query TXT in signed zone

RRSIG for TXT validated

19

DNSSEC with A Record

Query A record in signed zone

RRSIG for A validated

20

DNSSEC with AAAA Record

Query AAAA record in signed zone

RRSIG for AAAA validated

21

DNSSEC with NS Record

Query NS record in signed zone

RRSIG for NS validated

22

DNSSEC with SOA Record

Query SOA record in signed zone

RRSIG for SOA validated

23

DNSSEC with PTR Record

Query PTR record in signed reverse zone

RRSIG for PTR validated

24

DNSSEC with SRV Record

Query SRV record in signed zone

RRSIG for SRV validated

25

DNSSEC with Wildcard Record

Query wildcard record

RRSIG validated

26

DNSSEC with NSEC Record

Query non-existent record

NSEC proves non-existence

27

DNSSEC with NSEC3 Record

Query non-existent record

NSEC3 proves non-existence

28

DNSSEC with Opt-Out

Use NSEC3 opt-out

Some delegations not signed

29

DNSSEC with Zone Signing Key

Use ZSK for signing records

RRSIG signed with ZSK

30

DNSSEC with Key Signing Key

Use KSK for signing DNSKEY

RRSIG signed with KSK

31

DNSSEC with Algorithm Change

Change signing algorithm

New algorithm validated

32

DNSSEC with Multiple Algorithms

Use multiple signing algorithms

All signatures validated

33

DNSSEC with Signature Expiry

Let signature expire

Validation fails

34

DNSSEC with Signature Refresh

Refresh expired signature

Validation succeeds

35

DNSSEC with Zone Transfer

Transfer signed zone

RRSIG and DNSKEY included

36

DNSSEC with AXFR

Full zone transfer includes DNSSEC records

Transfer successful

37

DNSSEC with IXFR

Incremental transfer includes DNSSEC records

Transfer successful

38

DNSSEC with DNS Proxy

Query via proxy

Proxy forwards DNSSEC records

39

DNSSEC with DNS Firewall

Block signed domain

Query blocked

40

DNSSEC with DNS Monitoring

Monitor DNSSEC traffic

Signed queries visible

41

DNSSEC with DNS Tool

Use dig +dnssec

RRSIG and DNSKEY returned

42

DNSSEC with Resolver Validation

Use validating resolver

Validates signatures

43

DNSSEC with Non-validating Resolver

Use non-validating resolver

Returns records without validation

44

DNSSEC with DNSSEC Analyzer Tool

Use tool like DNSViz

Shows validation path

45

DNSSEC with DNSSEC Testbed

Use testbed zone

Validation results visible

46

DNSSEC with DNSSEC Debugging

Enable debugging logs

Logs show validation steps

47

DNSSEC with DNSSEC Statistics

Enable stats collection

Shows validation success/failure

48

DNSSEC with DNSSEC Alerts

Enable alerts for failures

Alerts triggered

49

DNSSEC with DNSSEC Policy

Apply signing policy

Policy enforced

50

DNSSEC with DNSSEC Automation

Automate signing and rollover

Keys and signatures managed

Load Balancing - Testcases

#

Test Case

Description

Expected Result

1

Round-Robin DNS

Query domain with multiple A records

IPs returned in rotation

2

Weighted Round-Robin

Assign weights to A records

Higher-weighted IPs returned more often

3

Geo-based Load Balancing

Query from different locations

Closest server IP returned

4

Latency-based Load Balancing

Query from high-latency region

Lowest-latency server returned

5

Failover Load Balancing

Simulate primary server failure

Traffic routed to backup server

6

Health Check Failure

Mark server as unhealthy

Server removed from rotation

7

Health Check Recovery

Server becomes healthy again

Server added back to rotation

8

Load Balancer Logging

Enable logging

Logs show request distribution

9

Load Balancer Monitoring

Monitor traffic

Shows balanced distribution

10

DNS TTL Impact

Set low TTL

Frequent re-resolution

11

DNS Sticky Sessions

Enable session persistence

Same client gets same server

12

DNS Sticky Session Expiry

Let session expire

New server assigned

13

Load Balancer with SSL Termination

Terminate SSL at load balancer

SSL handled at LB

14

Load Balancer with TCP Protocol

Use TCP-based service

Load balancing works

15

Load Balancer with UDP Protocol

Use UDP-based service

Load balancing works

16

Load Balancer with HTTP Headers

Inspect headers for routing

Routed based on header values

17

Load Balancer with Path Routing

Route based on URL path

Correct backend selected

18

Load Balancer with Host Routing

Route based on hostname

Correct backend selected

19

Load Balancer with IP Hashing

Use client IP for routing

Same IP gets same server

20

Load Balancer with Cookie Affinity

Use cookie for session stickiness

Same cookie = same server

21

Load Balancer with SSL Passthrough

Pass SSL to backend

SSL handled by backend

22

Load Balancer with SSL Offloading

Decrypt SSL at LB

Backend receives HTTP

23

Load Balancer with Rate Limiting

Set request rate limit

Excess requests dropped

24

Load Balancer with Connection Limit

Set max connections per server

New connections routed elsewhere

25

Load Balancer with Auto Scaling

Add/remove servers dynamically

Load distributed to new servers

26

Load Balancer with DNSSEC

Use DNSSEC with load-balanced domain

RRSIG and DNSKEY returned

27

Load Balancer with IPv6

Use IPv6 addresses

Load balancing works

28

Load Balancer with IPv4

Use IPv4 addresses

Load balancing works

29

Load Balancer with Mixed IPs

Use both A and AAAA records

Clients use preferred IP type

30

Load Balancer with CDN

Use CDN in front of servers

CDN handles load balancing

31

Load Balancer with Anycast

Use anycast IPs

Closest node responds

32

Load Balancer with DNS Failover

Remove failed IP from DNS

Clients use alternate IP

33

Load Balancer with DNS Proxy

Use DNS proxy

Proxy returns balanced IPs

34

Load Balancer with DNS Firewall

Block one of the IPs

Clients use other IPs

35

Load Balancer with DNS Cache

Query cached domain

Same IP returned until TTL expires

36

Load Balancer with DNS View

Use different views for different clients

Different IPs returned

37

Load Balancer with DNS Logging

Enable DNS logs

Logs show IP rotation

38

Load Balancer with DNS Monitoring

Monitor DNS traffic

Shows balanced queries

39

Load Balancer with DNS Analytics

Enable analytics

Shows distribution stats

40

Load Balancer with DNSSEC Validation

Validate signed load-balanced domain

Signatures verified

41

Load Balancer with DNS Amplification

Use small query, large response

Response size monitored

42

Load Balancer with DNS Reflection

Spoof source IP

Response sent to spoofed IP

43

Load Balancer with DNS Tool

Use dig +short repeatedly

IPs rotate

44

Load Balancer with Resolver Cache

Query from resolver with cache

Same IP until TTL expires

45

Load Balancer with Resolver Retry

Retry failed IP

Resolver uses next IP

46

Load Balancer with DNS Round Trip

Measure response time

Balanced across servers

47

Load Balancer with DNS Failover Test

Simulate server crash

Traffic rerouted

48

Load Balancer with DNS Zone File

Add multiple A records

Load balancing enabled

49

Load Balancer with DNS Delegation

Delegate subdomain to load-balanced NS

Delegation works

50

Load Balancer with DNSSEC Delegation

Delegate signed subdomain

DNSSEC chain validated

Redundancy & Failover - Testcases

#

Test Case

Description

Expected Result

1

Primary DNS Failure

Simulate primary DNS server failure

Secondary DNS responds

2

Secondary DNS Failure

Simulate secondary DNS server failure

Primary DNS responds

3

All DNS Servers Down

Simulate all DNS servers down

Resolution fails

4

DNS Server Recovery

Bring failed DNS server back online

Server resumes handling queries

5

DNS Server Load Balancing

Distribute queries across multiple DNS servers

Load evenly distributed

6

DNS Server Health Check

Monitor DNS server health

Unhealthy servers removed from rotation

7

DNS Failover Logging

Enable logging

Failover events logged

8

DNS Failover Notification

Enable alerts

Notification sent on failover

9

DNS Failover with TTL

Use low TTL for records

Faster failover

10

DNS Failover with High TTL

Use high TTL for records

Delayed failover

11

DNS Failover with Round-Robin

Use round-robin A records

Clients switch to next IP

12

DNS Failover with GeoDNS

Use GeoDNS for regional failover

Traffic rerouted to healthy region

13

DNS Failover with Anycast

Use anycast IPs

Closest healthy node responds

14

DNS Failover with Load Balancer

Use DNS behind load balancer

Load balancer handles failover

15

DNS Failover with Proxy

Use DNS proxy

Proxy reroutes queries

16

DNS Failover with Firewall

Block one DNS server

Traffic rerouted to another

17

DNS Failover with NAT

Use NAT with multiple DNS servers

Failover works through NAT

18

DNS Failover with VPN

Use VPN with DNS redundancy

Queries rerouted through VPN

19

DNS Failover with IPv6

Use IPv6 addresses for DNS servers

Failover works over IPv6

20

DNS Failover with IPv4

Use IPv4 addresses for DNS servers

Failover works over IPv4

21

DNS Failover with Mixed IPs

Use both A and AAAA records

Clients switch between IP types

22

DNS Failover with DNSSEC

Use signed zones

Failover maintains validation

23

DNS Failover with Delegation

Delegate subdomain to multiple NS

Failover between delegated servers

24

DNS Failover with Stub Zones

Use stub zones for redundancy

Queries rerouted

25

DNS Failover with Forward Zones

Use forwarders with failover

Alternate forwarder used

26

DNS Failover with Resolver Config

Configure multiple resolvers

Resolver switches on failure

27

DNS Failover with Resolver Timeout

Set short timeout

Faster failover

28

DNS Failover with Resolver Retry

Enable retry logic

Resolver retries alternate servers

29

DNS Failover with Monitoring Tool

Use monitoring tool

Failover events detected

30

DNS Failover with Analytics

Enable analytics

Failover stats visible

31

DNS Failover with Alerts

Enable alerting system

Alerts triggered on failure

32

DNS Failover with Logging

Enable detailed logs

Logs show failover path

33

DNS Failover with Cloud DNS

Use cloud-based DNS

Cloud handles failover

34

DNS Failover with On-Prem DNS

Use on-prem DNS with redundancy

Local failover works

35

DNS Failover with Hybrid DNS

Use hybrid cloud/on-prem DNS

Failover across environments

36

DNS Failover with CDN

Use CDN with DNS failover

CDN reroutes traffic

37

DNS Failover with Application LB

Use app-level load balancer

DNS failover complements app failover

38

DNS Failover with Health Probes

Use health probes for DNS servers

Unhealthy servers removed

39

DNS Failover with Manual Switch

Manually switch DNS server

Traffic rerouted

40

DNS Failover with Automation

Automate failover using scripts

Failover triggered automatically

41

DNS Failover with DNS Tools

Use dig, nslookup to test

Shows alternate IPs

42

DNS Failover with DNS Cache

Query cached domain

Failover delayed until TTL expires

43

DNS Failover with DNS View

Use different views for clients

Failover per view

44

DNS Failover with DNSSEC Validation

Validate signed records during failover

Validation succeeds

45

DNS Failover with DNS Amplification

Simulate attack

Failover unaffected

46

DNS Failover with DNS Reflection

Simulate spoofed query

Failover unaffected

47

DNS Failover with Zone Transfer

Transfer zone to backup server

Backup ready for failover

48

DNS Failover with Zone Reload

Reload zone on backup server

Updated records available

49

DNS Failover with Delegated Subdomain

Failover for subdomain

Delegation handles failover

50

DNS Failover with DNSSEC Delegation

Signed delegation with failover

Chain of trust maintained

  • Reference links