Geek Answers Handbook

Accepted Queries for the Root DNS Server

I have not found the answer to this question anywhere, and I am a bit confused. I want to know if root DNS servers are querying iteratively or recursively? As for my understanding of the subject, they can be requested recursively, as they are the “last resort” to change the name, so they should respond to the IP address / error message. I'm right? Please make it clear to me. Thanks.

+4
source share
2 answers

Recursive servers (i.e. serving end-user clients) perform iterative queries on authoritative servers.

In response to these iterative requests, each authoritative server in the chain down from the root will either return a response if it is authoritative for this domain , or a referral to the following servers down the chain may have an answer.

Root name servers do not offer a fully recursive service, only referrals to name servers run by each TLD.

+4
source

Requests to any DNS server, regardless of whether they are the root server or not, receive a response with information that the server is allowed to issue names that they know something about. This means that if you request a server for a name that he does not know about, but he knows who owns part of it, he will direct you to the next place to ask.

Suppose you need to find out where www.example.com . If you are using the dig utility from the bind package, you can ask root for an answer and see what it tells you:

 # dig @b.root-servers.net. www.example.com a ;; QUESTION SECTION: ;www.example.com. IN A ;; AUTHORITY SECTION: com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. ; [...11 more authority servers for .com not shown...] ;; ADDITIONAL SECTION: h.gtld-servers.net. 172800 IN A 192.54.112.30 d.gtld-servers.net. 172800 IN A 192.31.80.30 ; [...11 more IP addresses for .com not shown...]

The effect of the above answer is the root server telling you: “I don’t know where www.exmaple.com is located. You will need to ask .com the following, which is in the following address list.

And so you have to go to ask the .com server the same question:

  # dig @h.gtld-servers.net. www.example.com a ;; QUESTION SECTION: ;www.example.com. IN A ;; AUTHORITY SECTION: example.com. 172800 IN NS a.iana-servers.net. example.com. 172800 IN NS b.iana-servers.net. ;; ADDITIONAL SECTION: a.iana-servers.net. 172800 IN A 199.43.132.53 a.iana-servers.net. 172800 IN AAAA 2001:500:8c::53 b.iana-servers.net. 172800 IN A 193.0.0.236 b.iana-servers.net. 172800 IN AAAA 2001:610:240:2::c100:ec

This answer will help you by saying, “I don’t know either, but ask the owners of example.com.” Ask them, finally, get the real answer you were looking for:

 # dig @a.iana-servers.net. www.example.com a ;; ANSWER SECTION: www.example.com. 172800 IN A 192.0.32.10

And finally, we have a server that is ready to give us a real Answer.

Note, however, that we asked each server in turn, starting from the root and going down. At every step, someone said, “I have an answer” or “I have no answer, but I know who you should talk to.”

+16
source

More articles:


All Articles