Sunday, October 23, 2016

domain name system - Trying to grasp the logic behind a complete DNS resolution and respective sequence of actions



Say we have a domain "example.org" and it has an authoritative name server with name "ns1.example.org" with a glued IP as delegated by domain registrars (delegative?) name servers.





  • Someone types example.org into their browser:



    Request is passed onto the ISP's DNS server. When the ISP's caching
    name server(s)/local cache does not find a match for the domain
    "example.org" and its respective (Copy of SOA record? or (WebServer
    IP?, Authoritative Name Sever IP?, Both ?)) the ISP's DNS then
    attempts to resolve the Authoritative name server IP(s) for the
    "example.org" domain by quering the WHOIS database with the domain

    name "example.org"? Or does it pass the request to the root ".org"
    server which then queries the whois database for the Authoritative
    Name Sever IP(s) using the domain name "example.org" to find a
    matching glue record?



    The WHOIS database is part of the Internet central directory,
    I take it the main root servers are what
    is refered to as the "Internet central directory" ?



    The root .org servers will contain the glue records for "example"

    domain and request for "example.org" will be finally forwarded to the
    Authoritative Name server. Where the A\AAA records will map the
    domain name "example.org" to an address for a resource such as
    WebServer etc.




Also is there such thing as a delegated NS name record that is not glued to an IP address
for the authoritative DNS server which hosts and publishes its zone file? Because I read in a book about a circular dependecy/catch-22 problem when NS name is a sub-domain of the domain being resolved and straight away thought aren't all delegated NS names tied to an IP address so why would it occur?


Answer



Glue records are in-zone A records for the NS records of the zone.
Hence, they are only required when the NS records lie in-zone.
If the NS record points to an out-of-zone hostname, no glue is permitted, since the NS record points to a hostname not under the purview of that zone.




Always start with the fundamental fact that a zone is an area of administrative responsibility - all records in a zone fall under that zone's responsibility.



That said, your web request example goes as follows:




  • the browser asks the local DNS resolver for the A record for example.org

  • the local resolver checks if it already knows it

  • if not, it forwards the query to its configured nameserver.

  • that nameserver will check if it has the record, and if it allows recursive queries, will retrieve the records if it doesn't have them, starting at the global root.




WHOIS is not a part of DNS; no whois queries are ever done for name resolution.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...