HLDsystem_design~25 mins

DNS and how domain resolution works in HLD - System Design Exercise

Choose your learning style9 modes available

Learn Why Deep Arch Practice Challenge Design Recall Scale

Design: Domain Name System (DNS)

Design focuses on the DNS resolution process and infrastructure. Does not cover domain registration or web hosting services.

Functional Requirements

FR1: Translate human-friendly domain names (e.g., example.com) into IP addresses (e.g., 192.0.2.1)

FR2: Support fast and reliable domain name resolution for internet users worldwide

FR3: Handle millions of queries per second with low latency

FR4: Provide caching to reduce repeated lookups and improve performance

FR5: Support hierarchical domain structure (root, TLD, authoritative servers)

FR6: Allow updates to domain records with eventual consistency

Non-Functional Requirements

NFR1: Handle at least 10 million queries per second globally

NFR2: Average query latency under 50 milliseconds

NFR3: Availability of 99.99% uptime (less than 52.56 minutes downtime per year)

NFR4: Scalable to support growth in internet users and domains

NFR5: Secure against common attacks like DNS spoofing and cache poisoning

Think Before You Design

Questions to Ask

❓ Question 1

❓ Question 2

❓ Question 3

❓ Question 4

❓ Question 5

❓ Question 6

Key Components

Recursive DNS resolver

Root DNS servers

Top-Level Domain (TLD) DNS servers

Authoritative DNS servers

DNS cache

DNS client (stub resolver)

Security components (DNSSEC)

Design Patterns

Hierarchical distributed system

Caching with TTL expiration

Load balancing for DNS servers

Failover and redundancy

Security with DNSSEC and query validation

Reference Architecture

Client (Stub Resolver)
    |
    v
Recursive Resolver (with Cache)
    |
    v
+-------------------+
| Root DNS Servers   |
+-------------------+
    |
    v
+-------------------+
| TLD DNS Servers    |
+-------------------+
    |
    v
+-------------------+
| Authoritative DNS  |
| Servers           |
+-------------------+

Components

Client (Stub Resolver)

Operating system DNS client

Sends DNS queries to recursive resolver to resolve domain names

Recursive DNS Resolver

DNS resolver software (e.g., BIND, Unbound)

Receives queries from clients, checks cache, queries other DNS servers if needed, returns IP address

Root DNS Servers

Highly available global servers

Provide referral to TLD servers for domain queries

TLD DNS Servers

Managed by domain registries

Provide referral to authoritative DNS servers for specific domains

Authoritative DNS Servers

Managed by domain owners or DNS providers

Store actual DNS records and respond with IP addresses or other data

DNS Cache

In-memory cache in recursive resolver

Store recent DNS query results to reduce latency and load

Security Components (DNSSEC)

DNS Security Extensions

Validate authenticity and integrity of DNS responses

Request Flow

1. 1. Client sends DNS query to recursive resolver.

2. 2. Recursive resolver checks its cache for the domain record.

3. 3. If cache miss, recursive resolver queries a root DNS server.

4. 4. Root server responds with referral to appropriate TLD DNS server.

5. 5. Recursive resolver queries the TLD DNS server.

6. 6. TLD server responds with referral to authoritative DNS server for the domain.

7. 7. Recursive resolver queries authoritative DNS server.

8. 8. Authoritative server responds with the requested DNS record (e.g., IP address).

9. 9. Recursive resolver caches the response with TTL and returns it to the client.

10. 10. Client receives the IP address and can connect to the target server.

Database Schema

Entities: - DomainRecord: domain_name (PK), record_type, value, TTL, last_updated - DNSCacheEntry: domain_name (PK), record_type, cached_value, expiry_time Relationships: - DomainRecord stores authoritative DNS records for domains. - DNSCacheEntry stores cached records in recursive resolvers with expiry based on TTL.

Scaling Discussion

Bottlenecks

Recursive resolver overload due to high query volume

Root and TLD servers becoming hotspots under heavy load

Cache misses causing increased latency and load on authoritative servers

Propagation delay of DNS record updates

Security vulnerabilities like cache poisoning attacks

Solutions

Deploy multiple recursive resolvers with load balancing and geographic distribution

Use Anycast IP addressing for root and TLD servers to distribute traffic globally

Implement aggressive caching with proper TTL tuning to reduce upstream queries

Use incremental zone transfers and DNS NOTIFY to speed up record propagation

Implement DNSSEC to sign DNS records and validate responses to prevent spoofing

Interview Tips

Time: Spend 10 minutes clarifying requirements and constraints, 20 minutes designing the architecture and data flow, 10 minutes discussing scaling and security, and 5 minutes summarizing.

Explain the hierarchical nature of DNS and why it is distributed

Discuss caching benefits and TTL impact on performance

Highlight security concerns and DNSSEC importance

Describe how recursive resolvers interact with root, TLD, and authoritative servers

Address scalability challenges and solutions like Anycast and load balancing