TUX.RE/forum

What is DNS?

DNS stands for Domain Name System. In Wikipedia, the following is stated in the introduction about it:

The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various information with domain names (identification strings) assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols.[1] The Domain Name System has been an essential component of the functionality of the Internet since 1985. Source: Wikipedia: DNS

It is basically the “phone book of the internet”.

It translates human-readable names into machine-readable IP addresses.

Example:

google.com → 142.250.x.x
tux.re → 167.114.0.4

Without DNS, you would need to type IP addresses manually for every website.

How DNS works (simple flow)

You type a domain in your browser
Your computer asks a DNS resolver
The resolver checks if it already knows the answer
If not, it queries other DNS servers
It returns the correct IP address
Your browser connects to the server

Important DNS components

1. Resolver

The first stop. Usually provided by your ISP or services like Cloudflare or Google DNS.

2. Root DNS servers

Top-level servers that know where TLD servers are.

3. TLD servers

Handle domains like:

.com
.org
.net
.re

4. Authoritative DNS server

The final source that holds the real record for a domain.

Why DNS is important

Without DNS:

You couldn’t use domain names
The internet would be hard to navigate
Every service would require raw IPs

DNS makes the internet usable for humans.

DNS and security

DNS is also a target for attacks:

DNS spoofing (fake responses)
Cache poisoning
Man-in-the-middle attacks

That’s why modern systems often use:

DNS over HTTPS (DoH)
DNS over TLS (DoT)

Real-world example

When you open a website like:

https://tux.re

DNS is the first system that makes this possible. Without it, your browser would not know where to connect.

DNS is one of the most critical layers of the internet. Every request to a domain like tux.re or tu.wf depends on it. Without DNS, domain names would not resolve to IP addresses, and services would not be reachable.

In this post we want to explain how DNS actually works under the hood and how we operate DNS infrastructure in our environment, including projects like DNSys and our subdomain systems.

What DNS actually is

The Domain Name System (DNS) is a distributed database that translates domain names into IP addresses.

When a user opens:

tux.re → resolves to an IP
mail.tux.re → resolves to another service
tux.wf → may point to redirect or service endpoints

This mapping is essential for all internet communication.

Our DNS infrastructure approach

In our infrastructure we rely on two major DNS systems:

BIND
PowerDNS

Each plays a specific role in our setup.

BIND – The traditional authoritative DNS layer

BIND (Berkeley Internet Name Domain) is one of the oldest and most widely used DNS server implementations.

We use BIND primarily for:

Authoritative zone hosting
Stable DNS zone management
High compatibility with standard DNS tooling
Why BIND is still relevant:
Extremely stable and battle-tested
Full RFC compliance
Widely supported across systems
Predictable zone behavior

In our setup, BIND is typically used for core zone authority for stable domains.

PowerDNS – Modern, dynamic DNS layer

PowerDNS is used in our infrastructure for more dynamic and programmable DNS handling.

We use PowerDNS for:

API-driven DNS management
Automated subdomain creation
Integration with internal systems (DNSys)
Fast provisioning of records
Advantages of PowerDNS:
Database-backed zone storage (SQL / backend flexibility)
REST API for automation
Easier integration with custom platforms
High performance for dynamic environments

DNSYS – Our DNS management layer

DNSYS is our system used to manage DNS zones and subdomains across projects like:

tux.re
tux.wf
internal service domains
extern domains

It interfaces with PowerDNS to:

Create subdomains automatically
Manage DNS records programmatically
Handle service-based routing
Provide unified control across projects

How subdomains are handled (tux.re / tu.wf)

We heavily rely on structured subdomain delegation:

Examples:

mail.tux.re → mail services
www.tux.re → web frontend



This structure allows:

Clear service separation
Independent scaling
Easier maintenance
Flexible deployment strategies

BIND + PowerDNS hybrid model

Our architecture is intentionally hybrid:

BIND → stable authoritative DNS zones
PowerDNS → dynamic and API-controlled zones

This gives us:

Stability where needed
Flexibility where required
Automation for large-scale management

Reliability and design goals

DNS infrastructure must be:

Highly available
Fast to resolve
Resistant to misconfiguration
Easy to automate

We design our DNS systems with:

Redundant zone hosting
Automated sync processes
Strict validation of DNS records
Monitoring of resolution health

Why this matters for our projects

Services like:

tux.re
tux.wf
DNSYS-based subdomains

depend directly on DNS reliability.

A misconfigured DNS record can mean:

downtime
mail delivery issues
broken services

That’s why DNS is treated as core infrastructure, not just configuration.

Final thoughts

DNS is often invisible, but it is one of the most important systems in modern networking.

By combining:

BIND for stability
PowerDNS for automation
DNSys for orchestration

we build a flexible and scalable DNS ecosystem that supports all our current and future services.

— Admin
TUX Network Infrastructure