Saturday, December 2, 2017

domain name system - Who actually "recurses" in a recursive DNS lookup?



I'm trying to understand the difference between iterative and recursive DNS lookups. Fundamentally, I think of iterative as being like calling a department store looking for a product, and when they don't have it, they give you the number of another one of their branches to call and then you call the other branch yourself. Versus recursive, which is like calling the department store, and when they don't have what you're after, they call the other branch on your behalf looking for the product. Thing is, I'm getting conflicting views about this when it comes to DNS. When I think of recursive, I think of something that looks like this:
alt text



But while reading articles on the web, and even doing a Google image search for DNS recursive, I see far more examples that look like this:
alt text



To me, this second example looks more iterative than it does recursive, because each of the "other DNS servers" is telling the "preferred DNS server" the address of the next machine to lookup, rather than looking it up on behalf of the preferred DNS server. The only recursive element I see is that the preferred DNS server does lookups on behalf of the DNS client, but from here on, it sure looks iterative though.




So I guess my question is, does "recursive" DNS lookup really only mean recursive in the sense of the preferred DNS server doing something on the client's behalf, but really iterative from here on in? The majority of results I'm seeing in Google image search are leading me to believe this, which then begs the question, is the first image in this post just plain wrong?


Answer



Your last paragraph is correct.



The "Recursion Desired" (RD) flag sent by the client in the DNS request header (see RFC 1035) asks the server "please give me the complete answer to this question".



That server than iteratively asks the chain of name servers for the correct answer. Those queries shouldn't themselves have the RD bit set.



Ultimately the recursive server's response will have the "Recursion Available" (RA) flag set, indicating that the answer was indeed fully answered. Conversely an authoritative server will not set the RA flag.




IMHO, it's a poor choice of terminology.



For what it's worth, that first diagram you've found is fundamentally incorrect. The root servers do not perform queries to any other server, they only issue referrals to other servers.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...