libraz

English

日本語

English

日本語

Appearance

Apr 27, 2026/#networking#infrastructureENJA

Port 53

DNS is the backbone of the internet. Every connection begins with name resolution.

The first nameserver I touched was BIND. Write named.conf, define zone files. SOA records, NS records, A records. Forget to increment the serial number and zone transfers stop running. The slave keeps serving stale data. DNS failures are insidious that way. You break something in seconds, but the damage surfaces only after the TTL expires.

BIND served as both authoritative server and caching resolver. Unthinkable now, but back then running both on one box was standard practice. Unbound arrived as a dedicated caching resolver. PowerDNS appeared as an authoritative server with an RDBMS backend. Roles split apart.

DNS feels like a UDP protocol, but it uses TCP too. Responses over 512 bytes and zone transfers go over TCP. Leave port 53 open for UDP only, and name resolution fails in unexpected places.

DNS cutover during the Japanese feature-phone era was hell. Carrier crawlers cached DNS at undisclosed intervals. You shortened the TTL, but the carrier's resolver ignored it anyway. Change the IP during a server migration and certain carriers kept hitting the old box. au in particular. I still hold that grudge. That era is where the lesson was beaten into me: shorten the TTL well before migration.

Route 53's name comes straight from the port number. It looks interoperable with DNS standards, but few people know the ALIAS record is not an RFC standard. Managed services like ALB hand out endpoints as CNAMEs, not IP addresses. Yet DNS spec forbids setting a CNAME on a zone apex — the bare domain like example.com. AWS works around this constraint with its proprietary ALIAS record.

There was a push to standardize ANAME, but it never made it into an RFC. Cloudflare solves the same problem with its own CNAME Flattening implementation. Each vendor patches a gap near the foundation of DNS with proprietary extensions. Standardization has not caught up.

Cloudflare now looms large in the DNS world too. The 1.1.1.1 public resolver. DNS proxying at the edge. From hand-editing BIND zone files, through clicking around web consoles, to managing everything in Terraform via IaC. The tools changed. Forgetting to shorten the TTL before a migration and breaking into a cold sweat — that has not changed.

For the record, I have caused DNS outages more than once by letting the credit card on file at my registrar expire. Did it in a colocation environment too. Not even a technical problem.

© 2026 libraz · All bugs are considered features.