menu
Internal Engineering Standard

Internal Engineering Standard

Leader posted 1 min read

DNS-First Connectivity for Distributed Systems

1. Mandatory Rule

All services must be addressed by DNS/service name.
localhost, 127.0.0.1, or static IPs are forbidden outside single-process unit tests.

2. Scope

Applies to:

Applications

ETL / MDM jobs

Kafka producers & consumers

Kafka Connect

CI/CD pipelines

Batch jobs, CronJobs, sidecars

3. Environment-Specific Naming Policy

Local (Docker / Compose)

kafka:9092
zookeeper:2181
elasticsearch:9200
connect:8083

Kubernetes

kafka.<namespace>.svc.cluster.local:9092
elasticsearch.<namespace>.svc.cluster.local:9200
connect.<namespace>.svc.cluster.local:8083

Rule:

Service name stays constant.
Only the DNS suffix changes per environment.

4. Prohibited Patterns

The following are architecture violations:

localhost:*

127.0.0.1:*

Hard-coded pod IPs

Node IPs

Hostnames tied to machines

5. Configuration Requirements

All endpoints must be externalized (env vars, config files, Helm values)

No environment-specific logic in code

No string replacement during deployment

6. CI/CD Enforcement

Pipelines must fail if:

localhost appears in configs

IP literals are detected

Environment-specific rewrites are required

Static scans are mandatory.

7. Kafka-Specific Rules

bootstrap.servers must use DNS

Kafka Connect REST must be addressed via service DNS

No broker IPs in configs

No advertised.listeners pointing to localhost

8. Kubernetes Requirements

All services exposed via Service objects

Stateful systems use headless services when required

Pods may never reference other pods directly by IP

9. Reliability & Audit Rationale

This standard ensures:

Zero config rewrites across environments

Predictable scaling

Restart tolerance

CI/CD portability

MDM lineage stability

Audit-safe deployments

10. Non-Compliance Impact

Violations will cause:

Deployment rejection

CI/CD failure

Architecture review

Mandatory refactor before promotion

Final Principle

DNS is not networking detail — it is system architecture.
If a component is not reachable by DNS, it is not production-ready.

1 Comment

DNS is system architecture is a bold line but honestly it makes a lot of sense once you’ve been burned by hardcoded IPs, nice point.

0 votes

@[Danny Jay] Thank you for your comment. Speaking from experience, I learned these lessons the hard way. When you start building a data pipeline using multiple Docker containers, each running a different application, the challenges become clear very quickly. Things get even more interesting when you’re troubleshooting all of this through Ubuntu on a Windows machine. It’s a valuable learning journey, but definitely not without its surprises.

0

More Posts

Beyond the Crisis: Why Engineering Your Personal Health Baseline Matters

Huifer - Jan 24

Most Startups Add AI Too Early — Here’s How I Decide When It’s Worth It

kajolshah - Jan 8

From Subjective Narratives to Objective Data: Re-engineering the Elderly Care Communication Loop

Huifer - Jan 28

Engineering Team Red Flags and What They Mean

Will Barrett - Mar 23

Istio ServiceEntry Explained: External Services, DNS, and Traffic Control

Alexandre Vazquez - Apr 14
chevron_left

More From Dr. Usman Zafar

Governance: A buzz word or Serious Business for AI and LLM

Zulfr.com Research Papaers to Apps!

Zulfr.com founder: Google Scholar list of research Articles Recent Update!

Related Jobs

View all jobs →

Commenters (This Week)

4 comments
1 comment
1 comment

Contribute meaningful comments to climb the leaderboard and earn badges!