Introduction
Service discovery is a fundamental problem in distributed systems: how does one component find and communicate with another when instances are ephemeral, addresses change, and the topology is dynamic?
While purpose-built service discovery tools like Consul, etcd, and ZooKeeper have gained popularity, DNS remains one of the most widely deployed and underappreciated mechanisms for service discovery.
Its ubiquity, simplicity, and broad client support make it a compelling choice, but its limitations around caching, propagation delay, and health checking requires careful engineering to use effectively at scale.
This article examines DNS-based service discovery in detail, covering the protocol mechanisms that enable it, the SRV record type that makes it practical, common architectural patterns, and the tradeoffs engineers must navigate.
Why DNS?
Every networked application already speaks DNS.
There is no additional client library to install, no sidecar proxy to configure, and no proprietary protocol to learn.
This zero-dependency property is DNS's strongest advantage.
A service can be discovered with a standard library call (getaddrinfo, resolve, or equivalent) in any programming language on any operating system.
DNS also benefits from a mature caching infrastructure.
Recursive resolvers, stub resolvers, and application-level caches all reduce the load on authoritative servers.
For service discovery, this caching behavior is both an advantage (reducing latency and backend load) and a liability (serving stale records for instances that have been removed).
Core Mechanisms
A and AAAA Records
The simplest form of DNS-based service discovery maps a service name to one or more IP addresses using A (IPv4) or AAAA (IPv6) records.
For example:
api.internal.example.com. 30 IN A 10.0.1.5
api.internal.example.com. 30 IN A 10.0.1.6
api.internal.example.com. 30 IN A 10.0.1.7
Clients resolve the hostname and receive multiple addresses.
Many DNS clients will round-robin over the returned set, providing basic load distribution.
The TTL (30 seconds in this example) controls how long resolvers cache the response before re-querying.
This approach is simple but limited.
It encodes only IP addresses, not ports, protocols, or instance priorities.
If a service moves to a non-standard port or you need weighted routing, A records alone are insufficient.
SRV Records
RFC 2782 introduced the SRV record type specifically to address service location.
SRV records encode the hostname, port, priority, and weight for instances of a named service.
The query name follows the convention _service._proto.name:
_http._tcp.api.example.com. 30 IN SRV 10 60 8080 api-1.example.com.
_http._tcp.api.example.com. 30 IN SRV 10 40 8080 api-2.example.com.
_http._tcp.api.example.com. 30 IN SRV 20 50 8080 api-3.example.com.
The fields are: priority (lower is preferred), weight (for load distribution within a priority level), port, and target hostname.
Clients should first group records by priority, then distribute traffic within each group according to weights.
DNS-SD (DNS-Based Service Discovery)
RFC 6763 builds on SRV records to define a complete service discovery protocol.
DNS-SD adds browsing capabilities: a client can enumerate available service types and instances without knowing their names in advance.
It uses PTR records to list instances of a service type, SRV records for location, and TXT records for metadata (key-value pairs like protocol version, or feature flags).
A typical DNS-SD lookup involves three steps:
- Query a PTR record for
_http._tcp.example.comto discover instance names. - Query an SRV record for each instance to get host, port, priority, and weight.
- Optionally query a TXT record for each instance to get metadata.
Walkthrough
The following walkthrough describes how a client resolves a service endpoint using SRV records, following the selection algorithm defined in RFC 2782.
SRV Record Selection Algorithm
Input: Set of SRV records R for a given service name
1. Sort R by priority (ascending). Group records into priority classes P_1, P_2, ..., P_n.
2. Select the lowest priority class P = P_1.
3. While P is non-empty:
a. Compute total_weight = sum of weights of all records in P.
b. If total_weight == 0:
Select a record uniformly at random from P.
Else:
Generate a random integer r in [0, total_weight] inclusive.
Iterate through records in P, adding each record's weight to a
running sum (starting at 0). Select the first record where the
running sum >= r.
Note: RFC 2782 specifies that records with weight 0 should be
given a small but non-zero selection probability. Implementations
may assign weight-0 records a running-sum increment of 0, giving
them a chance of selection only when r == 0.
c. Remove the selected record from P.
d. Attempt to connect to the selected record's target:port.
e. If connection succeeds, return (target, port).
4. If all records in P_1 are exhausted without success,
repeat from step 2 with the next priority class P_2.
5. If all priority classes are exhausted, return failure.
This algorithm ensures that lower-priority-value (higher preference) instances are tried first, and weighted random selection provides proportional load distribution within each tier.
Architectural Patterns
Internal DNS with Short TTLs
%20%3D%3D%3D%3D%3D%20--%3E%0A%0A%3C!--%20Kubernetes%20Controller%20--%3E%0A%3Crect%20x%3D%2232%22%20y%3D%2238%22%20width%3D%2288%22%20height%3D%2238%22%20rx%3D%226%22%20fill%3D%22%231a2035%22%20stroke%3D%22%236ea8ff%22%20stroke-width%3D%221.5%22%20filter%3D%22url(%23soft)%22%2F%3E%0A%3Ctext%20x%3D%2276%22%20y%3D%2253%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%2210%22%20font-weight%3D%22600%22%20fill%3D%22%236ea8ff%22%20text-anchor%3D%22middle%22%3EKubernetes%3C%2Ftext%3E%0A%3Ctext%20x%3D%2276%22%20y%3D%2267%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%2210%22%20fill%3D%22%238a93a8%22%20text-anchor%3D%22middle%22%3EController%3C%2Ftext%3E%0A%0A%3C!--%20Arrow%20K8s%20-%3E%20CoreDNS%20--%3E%0A%3Cline%20x1%3D%22120%22%20y1%3D%2257%22%20x2%3D%22155%22%20y2%3D%2257%22%20stroke%3D%22%236ea8ff%22%20stroke-width%3D%221.5%22%20stroke-linecap%3D%22round%22%20marker-end%3D%22url(%23arr-blue)%22%2F%3E%0A%3Ctext%20x%3D%22137%22%20y%3D%2252%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%229%22%20fill%3D%22%238a93a8%22%20text-anchor%3D%22middle%22%3Epush%3C%2Ftext%3E%0A%0A%3C!--%20CoreDNS%20box%20--%3E%0A%3Crect%20x%3D%22158%22%20y%3D%2238%22%20width%3D%2284%22%20height%3D%2238%22%20rx%3D%226%22%20fill%3D%22%231a2035%22%20stroke%3D%22%236ea8ff%22%20stroke-width%3D%222%22%20filter%3D%22url(%23soft)%22%2F%3E%0A%3Ctext%20x%3D%22200%22%20y%3D%2253%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%2211%22%20font-weight%3D%22600%22%20fill%3D%22%236ea8ff%22%20text-anchor%3D%22middle%22%3ECoreDNS%3C%2Ftext%3E%0A%3Ctext%20x%3D%22200%22%20y%3D%2267%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%229%22%20fill%3D%22%238a93a8%22%20text-anchor%3D%22middle%22%3EAuthoritative%3C%2Ftext%3E%0A%0A%3C!--%20Arrow%20CoreDNS%20-%3E%20Recursive%20Resolver%20--%3E%0A%3Cline%20x1%3D%22242%22%20y1%3D%2257%22%20x2%3D%22278%22%20y2%3D%2280%22%20stroke%3D%22%238a93a8%22%20stroke-width%3D%221.5%22%20stroke-linecap%3D%22round%22%20marker-end%3D%22url(%23arr-muted)%22%2F%3E%0A%0A%3C!--%20Recursive%20Resolver%20--%3E%0A%3Crect%20x%3D%22280%22%20y%3D%2274%22%20width%3D%2286%22%20height%3D%2238%22%20rx%3D%226%22%20fill%3D%22%231a2035%22%20stroke%3D%22%23b58dff%22%20stroke-width%3D%221.5%22%2F%3E%0A%3Ctext%20x%3D%22323%22%20y%3D%2288%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%2210%22%20font-weight%3D%22600%22%20fill%3D%22%23b58dff%22%20text-anchor%3D%22middle%22%3ERecursive%3C%2Ftext%3E%0A%3Ctext%20x%3D%22323%22%20y%3D%22102%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%2210%22%20fill%3D%22%238a93a8%22%20text-anchor%3D%22middle%22%3EResolver%3C%2Ftext%3E%0A%0A%3C!--%20TTL%20badge%20on%20Recursive%20Resolver%20--%3E%0A%3Crect%20x%3D%22350%22%20y%3D%2278%22%20width%3D%2234%22%20height%3D%2214%22%20rx%3D%223%22%20fill%3D%22%232a1f40%22%20stroke%3D%22%23b58dff%22%20stroke-width%3D%221%22%2F%3E%0A%3Ctext%20x%3D%22367%22%20y%3D%2288%22%20font-family%3D%22ui-monospace%2C%20SFMono-Regular%2C%20Menlo%2C%20monospace%22%20font-size%3D%229%22%20fill%3D%22%23b58dff%22%20text-anchor%3D%22middle%22%3ETTL%2030s%3C%2Ftext%3E%0A%0A%3C!--%20Arrow%20Recursive%20-%3E%20Stub%20(Client%20B%20path)%20--%3E%0A%3Cline%20x1%3D%22323%22%20y1%3D%22112%22%20x2%3D%22280%22%20y2%3D%22148%22%20stroke%3D%22%238a93a8%22%20stroke-width%3D%221.5%22%20stroke-linecap%3D%22round%22%20stroke-dasharray%3D%224%2C3%22%20marker-end%3D%22url(%23arr-muted)%22%2F%3E%0A%0A%3C!--%20Arrow%20Recursive%20-%3E%20Client%20A%20(direct%20short%20TTL%20path)%20--%3E%0A%3Cline%20x1%3D%22366%22%20y1%3D%2293%22%20x2%3D%22400%22%20y2%3D%22115%22%20stroke%3D%22%236ea8ff%22%20stroke-width%3D%221.5%22%20stroke-linecap%3D%22round%22%20marker-end%3D%22url(%23arr-blue)%22%2F%3E%0A%0A%3C!--%20Client%20A%20-%20Stub%20with%20TTL%205s%20--%3E%0A%3Crect%20x%3D%22402%22%20y%3D%22108%22%20width%3D%2280%22%20height%3D%2242%22%20rx%3D%226%22%20fill%3D%22%231a2035%22%20stroke%3D%22%236ea8ff%22%20stroke-width%3D%221.5%22%20filter%3D%22url(%23soft)%22%2F%3E%0A%3Ctext%20x%3D%22442%22%20y%3D%22124%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%2210%22%20font-weight%3D%22600%22%20fill%3D%22%236ea8ff%22%20text-anchor%3D%22middle%22%3EClient%20A%3C%2Ftext%3E%0A%3Ctext%20x%3D%22442%22%20y%3D%22136%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%229%22%20fill%3D%22%238a93a8%22%20text-anchor%3D%22middle%22%3EStub%20Cache%3C%2Ftext%3E%0A%3Crect%20x%3D%22418%22%20y%3D%22141%22%20width%3D%2234%22%20height%3D%2212%22%20rx%3D%223%22%20fill%3D%22%230f2030%22%20stroke%3D%22%236ea8ff%22%20stroke-width%3D%221%22%2F%3E%0A%3Ctext%20x%3D%22435%22%20y%3D%22150%22%20font-family%3D%22ui-monospace%2C%20SFMono-Regular%2C%20Menlo%2C%20monospace%22%20font-size%3D%229%22%20fill%3D%22%236ea8ff%22%20text-anchor%3D%22middle%22%3ETTL%205s%3C%2Ftext%3E%0A%0A%3C!--%20Stub%20Resolver%20(Client%20B%20side)%20--%3E%0A%3Crect%20x%3D%22232%22%20y%3D%22142%22%20width%3D%2286%22%20height%3D%2238%22%20rx%3D%226%22%20fill%3D%22%231a2035%22%20stroke%3D%22%23ff7a93%22%20stroke-width%3D%221.5%22%2F%3E%0A%3Ctext%20x%3D%22275%22%20y%3D%22157%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%2210%22%20font-weight%3D%22600%22%20fill%3D%22%23ff7a93%22%20text-anchor%3D%22middle%22%3EClient%20B%3C%2Ftext%3E%0A%3Ctext%20x%3D%22275%22%20y%3D%22169%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%229%22%20fill%3D%22%238a93a8%22%20text-anchor%3D%22middle%22%3EStub%20Cache%3C%2Ftext%3E%0A%0A%3C!--%20TTL%20badge%20on%20Stub%2FClient%20B%20--%3E%0A%3Crect%20x%3D%22250%22%20y%3D%22173%22%20width%3D%2234%22%20height%3D%2212%22%20rx%3D%223%22%20fill%3D%22%232d1020%22%20stroke%3D%22%23ff7a93%22%20stroke-width%3D%221%22%2F%3E%0A%3Ctext%20x%3D%22267%22%20y%3D%22182%22%20font-family%3D%22ui-monospace%2C%20SFMono-Regular%2C%20Menlo%2C%20monospace%22%20font-size%3D%229%22%20fill%3D%22%23ff7a93%22%20text-anchor%3D%22middle%22%3ETTL%2030s%3C%2Ftext%3E%0A%0A%3C!--%20Staleness%20label%20--%3E%0A%3Ctext%20x%3D%22200%22%20y%3D%22200%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%229%22%20fill%3D%22%23ff7a93%22%20text-anchor%3D%22middle%22%20opacity%3D%220.9%22%3Estale%20until%20t0%2B30s%3C%2Ftext%3E%0A%0A%3C!--%20Fresh%20label%20for%20client%20A%20--%3E%0A%3Ctext%20x%3D%22442%22%20y%3D%22164%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%229%22%20fill%3D%22%236ea8ff%22%20text-anchor%3D%22middle%22%3Efresh%20at%20t0%2B5s%3C%2Ftext%3E%0A%0A%3C!--%20Divider%20--%3E%0A%3Cline%20x1%3D%22500%22%20y1%3D%2234%22%20x2%3D%22500%22%20y2%3D%22245%22%20stroke%3D%22%233a3f52%22%20stroke-width%3D%221%22%20opacity%3D%220.6%22%2F%3E%0A%0A%3C!--%20%3D%3D%3D%3D%3D%20RIGHT%20TIMELINE%20PANEL%20(x%3A%20508%20to%20572)%20%3D%3D%3D%3D%3D%20--%3E%0A%3Ctext%20x%3D%22536%22%20y%3D%2243%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%2210%22%20font-weight%3D%22600%22%20fill%3D%22%23e8edf5%22%20text-anchor%3D%22middle%22%20letter-spacing%3D%220.3%22%3ETimeline%3C%2Ftext%3E%0A%0A%3C!--%20Timeline%20axis%20--%3E%0A%3Cline%20x1%3D%22522%22%20y1%3D%2255%22%20x2%3D%22522%22%20y2%3D%22240%22%20stroke%3D%22%233a3f52%22%20stroke-width%3D%221.5%22%20stroke-linecap%3D%22round%22%2F%3E%0A%0A%3C!--%20t0%20marker%20-%20Pod%20scale%20event%20--%3E%0A%3Cline%20x1%3D%22518%22%20y1%3D%2268%22%20x2%3D%22526%22%20y2%3D%2268%22%20stroke%3D%22%23e8edf5%22%20stroke-width%3D%221.5%22%20stroke-linecap%3D%22round%22%2F%3E%0A%3Ctext%20x%3D%22530%22%20y%3D%2272%22%20font-family%3D%22ui-monospace%2C%20SFMono-Regular%2C%20Menlo%2C%20monospace%22%20font-size%3D%229%22%20fill%3D%22%23e8edf5%22%3Et0%3C%2Ftext%3E%0A%3Crect%20x%3D%22508%22%20y%3D%2275%22%20width%3D%2262%22%20height%3D%2224%22%20rx%3D%224%22%20fill%3D%22%231a2035%22%20stroke%3D%22%236ea8ff%22%20stroke-width%3D%221%22%2F%3E%0A%3Ctext%20x%3D%22539%22%20y%3D%2285%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%228%22%20fill%3D%22%236ea8ff%22%20text-anchor%3D%22middle%22%3EPod%20scale%2F%3C%2Ftext%3E%0A%3Ctext%20x%3D%22539%22%20y%3D%2295%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%228%22%20fill%3D%22%236ea8ff%22%20text-anchor%3D%22middle%22%3Eupdate%20event%3C%2Ftext%3E%0A%0A%3C!--%20t0%20arrow%20pushing%20to%20CoreDNS%20label%20--%3E%0A%3Cline%20x1%3D%22522%22%20y1%3D%2299%22%20x2%3D%22522%22%20y2%3D%22112%22%20stroke%3D%22%233a3f52%22%20stroke-width%3D%221%22%20stroke-linecap%3D%22round%22%2F%3E%0A%0A%3C!--%20CoreDNS%20update%20marker%20--%3E%0A%3Ccircle%20cx%3D%22522%22%20cy%3D%22112%22%20r%3D%223%22%20fill%3D%22%236ea8ff%22%2F%3E%0A%3Ctext%20x%3D%22530%22%20y%3D%22116%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%228%22%20fill%3D%22%238a93a8%22%3EDNS%20updated%3C%2Ftext%3E%0A%0A%3C!--%20line%20to%20t0%2B5%20--%3E%0A%3Cline%20x1%3D%22522%22%20y1%3D%22115%22%20x2%3D%22522%22%20y2%3D%22148%22%20stroke%3D%22%233a3f52%22%20stroke-width%3D%221%22%20stroke-linecap%3D%22round%22%20stroke-dasharray%3D%223%2C2%22%2F%3E%0A%0A%3C!--%20t0%2B5s%20marker%20-%20Client%20A%20refreshes%20--%3E%0A%3Cline%20x1%3D%22518%22%20y1%3D%22148%22%20x2%3D%22526%22%20y2%3D%22148%22%20stroke%3D%22%236ea8ff%22%20stroke-width%3D%221.5%22%20stroke-linecap%3D%22round%22%2F%3E%0A%3Ctext%20x%3D%22530%22%20y%3D%22152%22%20font-family%3D%22ui-monospace%2C%20SFMono-Regular%2C%20Menlo%2C%20monospace%22%20font-size%3D%229%22%20fill%3D%22%236ea8ff%22%3Et0%2B5s%3C%2Ftext%3E%0A%3Crect%20x%3D%22508%22%20y%3D%22157%22%20width%3D%2262%22%20height%3D%2222%22%20rx%3D%224%22%20fill%3D%22%230f2030%22%20stroke%3D%22%236ea8ff%22%20stroke-width%3D%221%22%2F%3E%0A%3Ctext%20x%3D%22539%22%20y%3D%22167%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%228%22%20fill%3D%22%236ea8ff%22%20text-anchor%3D%22middle%22%3EClient%20A%3C%2Ftext%3E%0A%3Ctext%20x%3D%22539%22%20y%3D%22175%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%228%22%20fill%3D%22%236ea8ff%22%20text-anchor%3D%22middle%22%3Ere-queries%20%E2%9C%93%3C%2Ftext%3E%0A%0A%3C!--%20line%20to%20t0%2B30%20--%3E%0A%3Cline%20x1%3D%22522%22%20y1%3D%22179%22%20x2%3D%22522%22%20y2%3D%22212%22%20stroke%3D%22%233a3f52%22%20stroke-width%3D%221%22%20stroke-linecap%3D%22round%22%20stroke-dasharray%3D%223%2C2%22%2F%3E%0A%0A%3C!--%20t0%2B30s%20marker%20-%20Client%20B%20finally%20updates%20--%3E%0A%3Cline%20x1%3D%22518%22%20y1%3D%22212%22%20x2%3D%22526%22%20y2%3D%22212%22%20stroke%3D%22%23ff7a93%22%20stroke-width%3D%221.5%22%20stroke-linecap%3D%22round%22%2F%3E%0A%3Ctext%20x%3D%22530%22%20y%3D%22216%22%20font-family%3D%22ui-monospace%2C%20SFMono-Regular%2C%20Menlo%2C%20monospace%22%20font-size%3D%229%22%20fill%3D%22%23ff7a93%22%3Et0%2B30s%3C%2Ftext%3E%0A%3Crect%20x%3D%22508%22%20y%3D%22220%22%20width%3D%2262%22%20height%3D%2222%22%20rx%3D%224%22%20fill%3D%22%232d1020%22%20stroke%3D%22%23ff7a93%22%20stroke-width%3D%221%22%2F%3E%0A%3Ctext%20x%3D%22539%22%20y%3D%22230%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%228%22%20fill%3D%22%23ff7a93%22%20text-anchor%3D%22middle%22%3EClient%20B%3C%2Ftext%3E%0A%3Ctext%20x%3D%22539%22%20y%3D%22238%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%228%22%20fill%3D%22%23ff7a93%22%20text-anchor%3D%22middle%22%3Estale%20expires%3C%2Ftext%3E%0A%0A%3C!--%20Stale%20bar%20for%20Client%20B%20(visual)%20--%3E%0A%3Crect%20x%3D%22512%22%20y%3D%22118%22%20width%3D%226%22%20height%3D%2290%22%20rx%3D%222%22%20fill%3D%22%23ff7a93%22%20opacity%3D%220.18%22%2F%3E%0A%3Ctext%20x%3D%22510%22%20y%3D%22165%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%227.5%22%20fill%3D%22%23ff7a93%22%20opacity%3D%220.7%22%20text-anchor%3D%22middle%22%20transform%3D%22rotate(-90%2C%20510%2C%20165)%22%3Estale%20window%3C%2Ftext%3E%0A%0A%3C!--%20Fresh%20bar%20for%20Client%20A%20--%3E%0A%3Crect%20x%3D%22520%22%20y%3D%22118%22%20width%3D%224%22%20height%3D%2230%22%20rx%3D%222%22%20fill%3D%22%236ea8ff%22%20opacity%3D%220.25%22%2F%3E%0A%0A%3C!--%20Bottom%20caption%20--%3E%0A%3Ctext%20x%3D%22300%22%20y%3D%22262%22%20font-family%3D%22Inter%2C%20-apple-system%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%229%22%20fill%3D%22%233a3f52%22%20text-anchor%3D%22middle%22%3EShort%20TTL%20(5s)%20%3D%20faster%20convergence%20%C2%B7%20Long%20TTL%20(30s)%20%3D%20stale%20reads%20persist%3C%2Ftext%3E%0A%0A%3C%2Fsvg%3E)
The most common pattern for DNS-based service discovery in microservice architectures uses an internal authoritative DNS server that is updated by the orchestration layer.
Kubernetes, for example, runs CoreDNS as a cluster add-on that watches the Kubernetes API and creates DNS records for Services and Pods.
When a Deployment scales or a Pod is replaced, the DNS server updates its records.
Clients using short TTLs (5 to 30 seconds) will pick up changes relatively quickly.
The tradeoff is clear: shorter TTLs mean faster convergence at the cost of higher query volume.
Anycast and GeoDNS
For geographically distributed services, anycast DNS allows the same IP address to be announced from multiple locations via BGP.
Clients are routed to the nearest (in network terms) instance.
This is how most large CDNs and public DNS resolvers (like 1.1.1.1 and 8.8.8.8) operate — often in combination with GeoDNS, which returns different records based on the client's inferred geographic location.
These approaches provide latency-based routing without client-side logic, but anycast failover depends on BGP convergence times, which can range from seconds to minutes.
Hybrid Approaches
Many production systems combine DNS with a more dynamic service mesh or load balancer layer.
DNS provides the initial endpoint (e.g., resolving to a load balancer's VIP), while the load balancer handles fine-grained health checking, circuit breaking, and traffic shifting.
This avoids pushing all dynamism into the DNS layer while still leveraging its universality for initial bootstrap.
Limitations and Tradeoffs
Caching and staleness. DNS caching is pervasive and not always well-behaved.
Some resolvers ignore TTLs or enforce minimum cache times.
Java's JVM DNS cache, for instance, historically cached entries indefinitely when running with a security manager; while modern JVM versions (Java 8u131+ and Java 9+) have improved defaults, application-level DNS caching behavior should always be verified for the specific runtime version in use.
Stale records pointing to dead instances cause connection failures or misdirected traffic.
No health checking. DNS is a passive system.
The authoritative server does not know whether a registered instance is actually healthy unless an external system performs health checks and updates the records accordingly.
This is a significant gap compared to systems like Consul, where health checks are a first-class concept integrated with the service registry.
Propagation delay. Even with low TTLs, there is an inherent delay between an instance becoming unavailable and all clients learning about it.
The worst case is approximately equal to the TTL value, but in practice it can be longer due to resolver caching chains.
Limited metadata. While TXT records can carry key-value metadata, the DNS protocol imposes a 512-byte UDP message limit without EDNS0 (RFC 6891).
With EDNS0, responses can be larger, up to the negotiated buffer size, but DNS remains a poor transport for complex service metadata, routing rules, or configuration data, which are better served by a dedicated registry.
Load distribution is coarse. DNS round-robin distributes queries, not connections or requests.
A client that resolves once and holds a persistent connection will send all traffic to a single backend.
Combined with uneven TTL expiration across clients, this can produce significant load imbalance.
When to Use DNS-Based Service Discovery
DNS-based service discovery works best in environments where simplicity and broad compatibility are prioritized, where the service topology changes infrequently (on the order of minutes, not seconds), or where DNS is already the established resolution mechanism (as in Kubernetes).
It is a poor fit for scenarios requiring sub-second failover, fine-grained load balancing, or rich metadata exchange between services.
In practice, most large-scale systems use DNS as one layer in a multi-tier discovery and routing stack.
DNS handles the coarse resolution, while application-level mechanisms or sidecar proxies handle the rest.
Key Points
- DNS-based service discovery leverages a universally supported protocol, eliminating the need for specialized client libraries or agents.
- SRV records (RFC 2782) extend basic DNS resolution with port, priority, and weight information, enabling structured service location.
- DNS-SD (RFC 6763) adds browsing and metadata capabilities on top of SRV and TXT records for a complete discovery protocol.
- Caching is both DNS's greatest operational strength and its most significant liability for service discovery, since stale records cause misdirected traffic.
- DNS has no native health checking; an external system must monitor instance health and update records accordingly.
- Short TTLs (5 to 30 seconds) improve convergence speed but increase query volume and do not eliminate the staleness window.
- Most production architectures use DNS as a coarse discovery layer combined with load balancers or service meshes for fine-grained routing and failover.
References
P. Mockapetris. "Domain Names - Implementation and Specification." RFC 1035, Internet Engineering Task Force, November 1987.
A. Gulbrandsen, P. Vixie, L. Esibov. "A DNS RR for specifying the location of services (DNS SRV)." RFC 2782, Internet Engineering Task Force, February 2000.
S. Cheshire, M. Krochmal. "DNS-Based Service Discovery." RFC 6763, Internet Engineering Task Force, February 2013.
J. Damas, M. Graff, P. Vixie. "Extension Mechanisms for DNS (EDNS0)." RFC 6891, Internet Engineering Task Force, April 2013.