Recursive & Iterative DNS Queries & More.txt - Notepad

Recursive & Iterative DNS Queries & More

What is a recursive DNS query?

A recursive DNS query is a kind of query in which the DNS server who received your query will do all the work of fetching the answer and giving it back to you. During this process, the DNS server might also query other DNS servers in the Internet on your behalf for the answer.

Suppose you want to browse www.example.com. Your DNS servers are 172.16.200.30 and 31.

STEP 1: You enter www.example.com in the browser. If the answer is not in the OS’s host file, the operating system's resolver will send a DNS query for the A record to the DNS server 172.16.200.30.

STEP 2: The DNS server 172.16.200.30 on receiving the query will look through its tables (cache) to find the IP address (A record) for the domain www.example.com, but in this case it does not have the entry, if it did it would return the entry and the process would now end.

STEP 3: As the answer for the query is not available with the DNS server 172.16.200.30, this server sends a query to one of the DNS root servers for the answer. Note that root servers are always iterative servers.

STEP 4: The DNS root servers will reply with a list of servers (referral) that are responsible for handling the .COM TLDs.

STEP 5: Our DNS server 172.16.200.30 will select one of the .COM TLD servers from the list given by the root server to query the answer for "www.example.com"

STEP 6: Similar to the root servers, the TLD servers are also iterative in nature, so it replies back to our DNS server 172.16.200.30 with the list of IP addresses of the DNS servers (authoritative name servers for the domain) responsible for the domain www.example.com.

STEP 7: Our DNS server will select one of the IPs from the given list of authoritative name servers, and queries the A record for www.example.com. The authoritative name server queried will reply back with the A record as below.
www.example.com = XXX:XX:XX:XX (Some IP address)

STEP 8: Our DNS server 172.16.200.30 will reply back to us with the IP domain pair (and any other resource if available). Now the browser will send request to the IP given for the web page www.example.com.

Note: The above explained scenario of recursive query happened only because our DNS server 172.16.200.30 was configured as a recursive name server. You can also disable this feature for your DNS server.


What is an iterative (non-recursive) DNS query?

In an iterative query, a queried DNS server will never go and fetch the answer for you, but will give you the answer if it already has it. If it does not have the answer the DNS server will give your OS resolver a referral to other DNS servers (root server in our case). Note, all DNS servers must support iterative (non-recursive) queries.

STEP 1: You enter www.example.com in the browser. If the answer is not in your local computer’s host file the operating system's resolver will send a DNS query for the A record to the DNS server 172.16.200.30.

STEP 2: The DNS server 172.16.200.30 on receiving the query will look through its tables (cache) to find the IP address (A record) for the domain www.example.com, but in this case it does not have the entry, if it did it would return the entry and the process would now end.

STEP 3: Now instead of querying the root server's, our DNS server will reply back to us with a referral to the root servers. Now our operating system resolver will query the root servers for the answer.


Stub Zones and Delegation

Let's say you’re the administrator of the root domain in a forest. This puts you in charge of the DNS servers that host the resource records for the root zone of the forest. Let’s call it root.tld.

Another administrator wants to create an AD domain in the same DNS namespace. He proposes the domain name child.root.tld. The administrator wants to integrate the DNS zone for child.root.tld into AD in their domain.

This creates a challenge for DNS clients in root.tld because they need a way to look up records in child.root.tld.

When a DNS client in root.tld requests a resource record from child.root.tld, you need a way to redirect the query to a DNS server that hosts a copy of the child.root.tld zone file.

Classic DNS uses delegation to accomplish this task. Delegation creates NS records in the parent domain that identify DNS servers in the child domain.

Delegation has a significant disadvantage in that NS records created by the Delegation Wizard point at specific name servers by IP address. If an administrator in the child domain changes those IP addresses, or renames the DNS servers, or decommissions a server, this creates a lame delegation.

Stub zones help you to avoid lame delegations by creating a zone that contains all the NS records for a specified zone, not just the ones specified for delegation. The stub zone host refreshes the NS list periodically to stay up to date with the current list of name servers for the specified zone. Hence, no lame delegations.