← Course Index

System Design · Lesson 04

Networking, DNS & Proxies

~20 min · Foundations · System Design Primer · Hussein Nasser

Ref
Primary Source
Hussein Nasser — YouTube: "How DNS Works" + "Proxy vs Reverse Proxy"

Hussein's channel is the gold standard for networking depth. Watch these two videos for visual walkthroughs.

What Happens Before Your App Even Runs

Every web request starts with networking. Before a single line of your application code runs, DNS resolves the domain, TCP establishes a connection, TLS negotiates encryption, and HTTP/2 multiplexes streams. Understanding this chain helps you identify where latency hides.

DNS — Domain Name System

DNS translates a human-readable domain (api.twitter.com) into an IP address (104.244.42.1). It's the phone book of the internet.

Browser 1. api.twitter.com? Recursive Resolver 2. ask root Root NS 3. ask .com NS .com NS 4. ask twitter NS Twitter Auth NS 5. Returns IP: 104.244.42.1 → cached by resolver (TTL)
DNS resolution — browser asks a recursive resolver, which walks the hierarchy to find the answer

TTL (Time To Live) — DNS records are cached at each step for TTL seconds. Short TTL = fast failover but more DNS traffic. Long TTL = better performance but slow propagation of changes.

GeoDNS — DNS can return different IPs based on the requester's location, routing US users to US servers and Asian users to Asian servers.

TCP vs UDP

TCP — Reliable
Three-way handshake: SYN → SYN-ACK → ACK
Guarantees delivery and ordering
Retransmits lost packets
Use: HTTP, databases, email, file transfer
Cost: ~1 RTT overhead to establish
UDP — Fast, No Guarantees
No handshake — fire and forget
No delivery guarantee, no ordering
No retransmission
Use: DNS, video streaming, gaming, VoIP
Cost: lowest possible overhead
Interview rule

Use TCP when data loss is unacceptable (payments, messages, file uploads). Use UDP when speed matters more than completeness (live video, DNS lookups, real-time gaming).

HTTP/1.1 vs HTTP/2

HTTP/1.1 opens a new TCP connection per request (or reuses one serially — one request at a time). Head-of-line blocking is a major problem: if one request is slow, everything behind it waits.

HTTP/2 multiplexes multiple requests over a single TCP connection. No head-of-line blocking. Also compresses headers. Standard for modern web.

WebSockets — upgrade an HTTP/1.1 connection to a persistent, bidirectional channel. Used for chat, real-time notifications, collaborative editing. See Lesson 23.

Proxies & Reverse Proxies

Forward Proxy (client-side)
Client → [Forward Proxy] → Internet

Client sends requests through the proxy.
The server sees the proxy's IP, not the client.

Use cases:
- Corporate network filtering
- VPNs and anonymization
- Caching outbound requests
Reverse Proxy (server-side)
Internet → [Reverse Proxy] → Backend Servers

Client sends to proxy, proxy routes to backend.
Client sees only the proxy's IP.

Use cases:
- Load balancing
- SSL termination
- Caching responses
- DDoS protection (WAF)
- NGINX, CloudFront, API Gateway

In interviews, "proxy" usually means reverse proxy. Load balancers, CDNs, and API gateways are all forms of reverse proxies.

Latency Numbers You Must Know

OperationLatencyImplication
RAM read~100 nsIn-memory cache is nearly instant
SSD read~16 μsFast but 160× slower than RAM
Datacenter round trip~500 μsOK for most service calls
Cross-continent RTT~150 msDo NOT do this in a hot path

Check Your Understanding

1. A client wants to watch live sports on a streaming app. Should the video stream use TCP or UDP?
2. What does a reverse proxy NOT typically do?
3. DNS TTL is set to 3600 seconds. You change the server IP. How long until all clients see the new IP?

🎓 Networking can go deep fast. If you want to understand TLS handshakes, HTTP/3 (QUIC), or how WebSockets differ from Server-Sent Events, just ask.