The Domain Name System (DNS) is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities, most prominently translating memorable domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols.
DNS is the foundation of service discovery and user connectivity. Failures in DNS resolution (latency, outages, or misconfiguration) render services unreachable regardless of backend uptime. It is a dependency with important security implications regarding spoofing and availability.
We treat DNS as a critical layer of our infrastructure. Relying solely on public upstream resolvers introduces privacy leaks and reliability risks. We advocate for authoritative control over our zones, rigorous DNSSEC implementation, and the use of split-horizon DNS to enforce separation between internal service discovery and public ingress.