Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Accepted queries for DNS root server [closed]

Tags:

dns

root

I haven't found the answer to this question anywhere and I'm a bit confused.. I want to know if the root DNS servers are queried iteratively or recursively? As far as my understanding of the subject goes, they can be queried recursively,as they are the 'last option' to resove a name, so they must answer with the IP address/error message. Am I correct? Please make this clear for me. Thanks.

like image 457
joanna Avatar asked Nov 28 '22 22:11

joanna


2 Answers

Queries to any DNS server, regardless of whether they're the root server or not, get answered with information that the server is allowed to give out about names they know something about. What that means is that if you query a server for a name it doesn't know about, but it does know who owns part of it, it'll refer you to the next place to ask.

Lets say you need to find out where www.example.com is. If you use the dig utility from the bind package, you can query the root for the answer and see what it will tell you:

# dig @b.root-servers.net. www.example.com a
;; QUESTION SECTION:
;www.example.com.               IN      A

;; AUTHORITY SECTION:
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
; [...11 more authority servers  for .com not shown...]

;; ADDITIONAL SECTION:
h.gtld-servers.net.     172800  IN      A       192.54.112.30
d.gtld-servers.net.     172800  IN      A       192.31.80.30
; [...11 more IP addresses  for .com not shown...]

The effect of the above response is the root server telling you "I don't know where www.exmaple.com is. You'll need to go ask .com next, which is at the following list of addresses.

And so off you'd march to ask the .com server's the same question:

 # dig @h.gtld-servers.net. www.example.com a
;; QUESTION SECTION:
;www.example.com.               IN      A

;; AUTHORITY SECTION:
example.com.            172800  IN      NS      a.iana-servers.net.
example.com.            172800  IN      NS      b.iana-servers.net.

;; ADDITIONAL SECTION:
a.iana-servers.net.     172800  IN      A       199.43.132.53
a.iana-servers.net.     172800  IN      AAAA    2001:500:8c::53
b.iana-servers.net.     172800  IN      A       193.0.0.236
b.iana-servers.net.     172800  IN      AAAA    2001:610:240:2::c100:ec

This answer helps you further by saying "I don't know either, but go ask the owners of example.com". Asking them will finally get you a real answer you were looking for:

# dig @a.iana-servers.net. www.example.com a

;; ANSWER SECTION:
www.example.com.        172800  IN      A       192.0.32.10

And finally we have a server that is willing to give us the real answer.

Note, however, we asked each server in turn, starting from the root and going down. At each step someone either said "I have the answer" or "I don't have the answer, but I know who you should talk to next".

like image 89
Wes Hardaker Avatar answered Nov 30 '22 10:11

Wes Hardaker


Recursive servers (i.e. the ones serving end-user clients) perform iterative queries to authoritative servers.

In response to those iterative queries, each authoritative server in the chain down from the root will either return the answer if it's authoritative for that domain, or a referral to the next servers down the chain that might have the answer.

The root name servers do not offer fully recursive service, only referrals to the name servers run by each TLD.

like image 42
Alnitak Avatar answered Nov 30 '22 12:11

Alnitak