InterviewStack.io LogoInterviewStack.io

Domain Name System and Name Resolution Questions

Comprehensive understanding of the Domain Name System and the end to end name resolution process. Candidates should be able to explain the full query flow from a client stub resolver to a recursive resolver and onward to root name servers, top level domain name servers, and authoritative name servers, and to distinguish recursive and iterative queries and the roles of stub, recursive, and authoritative resolvers. Expected knowledge includes common resource record types and their purposes such as A and AAAA address records, CNAME alias records, MX mail exchange records, NS delegation records, SOA start of authority records and zone serials, TXT arbitrary text and verification records, PTR reverse mapping records, and SRV service records. Candidates should understand caching behavior, the role of time to live values and negative caching, how propagation delays occur, and how time to live choices affect rollouts and rollbacks. The topic covers operational impacts and common failures including misdelegation and missing glue records, stale caches and slow resolution, DNS cache poisoning and denial of service amplification, and mitigations such as domain name system security extensions, rate limiting, and validating authoritative responses. Candidates should be able to perform diagnostics using tools and commands such as dig, nslookup, host, tcpdump, and traceroute, and to run checks like querying authoritative servers, performing a trace of the resolution path, inspecting SOA serial numbers, and testing from multiple resolvers. Practical troubleshooting steps and best practices are expected, including zone verification, checking delegation chains, understanding resolver configuration and forwarders, and planning DNS changes to minimize user impact.

MediumTechnical
25 practiced
Define SLOs and an alerting strategy for a public authoritative DNS service. Recommend concrete targets (for example 99.99% resolution success, 95th percentile latency <100ms), describe synthetic probes to validate user experience, and explain how to implement error budgets and burn-rate alerts to avoid alert fatigue.
HardTechnical
23 practiced
Design an idempotent Terraform-based approach to manage DNS records across multiple providers (for example Route 53 and Cloud DNS) ensuring safe updates, drift detection, provider-agnostic aliases, and rollback strategies. Provide a short HCL pseudo-code snippet and describe how you would handle provider-specific features like alias records or DNSSEC.
MediumTechnical
25 practiced
Explain DNS amplification and reflection attacks. Describe how attackers use UDP, open resolvers, and large responses to amplify traffic, which record types historically amplify more (e.g., ANY), why EDNS increases amplification risk, and an operational mitigation plan for authoritative and recursive servers.
HardTechnical
25 practiced
Your DNS logs show frequent unauthorized AXFR attempts from multiple IPs. How would you investigate whether data was exfiltrated, what immediate containment steps would you take, and what long-term policy, access control, and monitoring changes would you implement to prevent recurrence?
EasyTechnical
26 practiced
Explain the end-to-end DNS name resolution flow from a client stub resolver to a recursive resolver and onward to the root name servers, TLD servers, and authoritative nameservers. Describe what is returned at each step (referral vs authoritative answer), the difference between recursive and iterative queries, where caching occurs, and two common failure points in the chain.

Unlock Full Question Bank

Get access to hundreds of Domain Name System and Name Resolution interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.