DNS

First you have to think DNS (or NameServer) also as a important component of your website/Service.

DNS is not only used in internet but also within your local intranet network (active directory et al uses it to find the ip address associated with the hosts)

Most developer think that DNS stuff is taken care by some magic, and we just have to add few entry in the some NameServer provided by your hosting service company. In reality if you are running a website which have decent traffic you have to use some of the DNS service provider. For very small website the adding a entry in the NameServer (NS) of your web hosting company (which might be providing this as a free NS) is sufficient. For a decent big operation you have to have DNS as a service. Think about amazon Route 53 or cloudflare DNS or hosting your own NameServer. One can ask what additional service does route-53 or cloudflare provide compare to traditional nameservers? The short answer is health check, conditional routing and many more. This topic is discussed in detail here

AWS Route 53 Best Practices

Here is more details about it.

DNS systemdoes not care about whether you are using http or https so http://example.com or https://example.com both are same for DNS

DNS is only storing mapping from domain name to ip address. It does not store protocol infomation (http/https) or port #. Here is the most important entries it stores.

1. “A record” domain_name → ipv4 address. you can have muliple A recored for the same domain example.com. This is for redundency and DNS level load balancing.
2. Similar to the above you can have “AAAA record” domain_name→ ipv6 address
3. In DNS level load balancing every time the client query the DNS server it will return different permuation of the associated IP addresses with the host name. Since clients usually try ip address in the order given to it. This will serve as a loadbalancing. The problem here is the lot of DNS queries are cached and not updated frequently (depend on TTL).
4. CNAME (alias) host → points_to (xyz.com). [ Good idea if you continously change your ip address. In that case just change your A record entry]. CNAME is the Alias entry
5. http or https does not come into play at DNS level. It will be entirely handled at your webserver level
6. http request will end up in port 80 and https in port 443. So your same host can have both the services running (this is not recommended). Based on the browser request (http or https) request will go the appropriate port number. It is not a good idea for running your website in both https and http version as it will create a duplicate in SEO crawling and it will be hard for you to do analytics
7. (HTTPS) TLS servers can only strictly present one certificate for a particular address and port combination.In the past, this meant that it was not feasible to use name-based virtual hosting with HTTP. A solution called Server Name Indication (SNI) exists, which sends the hostname to the server before encrypting the connection.
8. Based on the scale you website is operating you might need a service of DNS hosting (cloudflare is one of the leading from 100’s of choices). Some of the key consideration are speed (is the servers geographically distributed for low latency), reliability , and DDos Prevention at DNS servers. So DNS service is one of your website key service and you have to make is reliable and fault tolerant too!
9. Services like cloudflare or Amazon route 53 forward the client DNS request to the nearest (geographically) nameserver using anycast. So the route 53 or cloudflare NS will point to different webserver based on the client IP-address. This achieve the multidata center load balancing.

How DNS queries are resolved:

Notice that DNS query system (or forward lookup), is a chain of requests from client → ISP → root server → .com server → your NS server.

Notice the number of queries done to get a final answer of of forward lookup. To make DNS system work caching is necessary part of it.

More detail in DNS

Most of the client have the DNS resolver (part of OS). This is the caching system at client end. Also if you put any entries in hosts file the DNS resolver automatically update its entries to add the entries from hosts file. DNS resolver is the caching system with TTL at client end.

ipconfig /displaydns → display the current resolver cache

One entry of the ipconfig/ displaydns

ipconfig/ flushall → flush all DNS entries

if client issue www.abc.com and lets assume that the client resolver does not have the answer (no cache) than the request will first go to root level server which will return the NS server for .com, once again the query will go to .com DNS servers which will return the reference to abc.com NS. Finally the ns1.abc.com will return the address of abc.com

DNS TTL and caching

The time to live (TTL) is the expiration date of your cached DNS entries. Remember there is no way to force the DNS/IP update from server to client. The TTL have to expire before the new request hit your DNS servers. The TTL can typically range from 5 min to 7 days.

Rememer each DNS lookup incur 100–200 ms of latency so too short TTL will end up having slow user experience.

Before you change IP in A record , you should gradually update your TTL to shorter values. This ensure faster switching to new IP by all the clients there.

Where does your DNS record live (For small/medium size hosted websites):

DNS records are living in chain of servers which ultimately land up your organizaotin nameservers.

https://www.cloudflare.com/learning/dns/what-is-dns/

References

How Route 53 Geo DNS works?

Behind the Scenes: How Geographic Routing Works

HTTP Redirects with DNS, and Why HTTPS Redirects are So &!$%-ing Hard | Constellix Blog

DNS Management: Record Types and When To Use Them

What Is DNS Load Balancing? | NGINX

Domains - WebFaction User Guide