DNS: Recursion example

DNS: Recursion example

In this example, 128.104.254.254 or 144.92.254.254 is looking up the A record for "www.doit.wisc.edu". We will also assume that the dns server does not have any information cached. If there is valid cached information, the server simply serves the data out of the cache and the below steps are not performed. DNS recursion is an iterative process. The process is performed from 'right to left'. '.' is determined, then 'edu', then 'wisc.edu', then 'doit.wisc.edu', and finally 'www.doit.wisc.edu'.
  • '.' (the root zone) is determined in one of two ways. The BIND source code has a built in list of the root servers. root server IPs do change, however VERY infrequently. One can administer a local list of root server IPs to get around this issue.
    From named-r.conf 

    zone "." IN {
    type hint;
    file "/etc/root.hint";
    };

    [m7h@trigger etc]$ cat root.hint

    ; <<>> DiG 9.4.1-P1 <<>> ns . @a.root-servers.net
    ; (1 server found)
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60291
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
    ;; WARNING: recursion requested but not available

    ;; QUESTION SECTION:
    ;. IN NS

    ;; ANSWER SECTION:
    . 518400 IN NS I.ROOT-SERVERS.NET.
    . 518400 IN NS J.ROOT-SERVERS.NET.
    . 518400 IN NS K.ROOT-SERVERS.NET.
    . 518400 IN NS L.ROOT-SERVERS.NET.
    . 518400 IN NS M.ROOT-SERVERS.NET.
    . 518400 IN NS A.ROOT-SERVERS.NET.
    . 518400 IN NS B.ROOT-SERVERS.NET.
    . 518400 IN NS C.ROOT-SERVERS.NET.
    . 518400 IN NS D.ROOT-SERVERS.NET.
    . 518400 IN NS E.ROOT-SERVERS.NET.
    . 518400 IN NS F.ROOT-SERVERS.NET.
    . 518400 IN NS G.ROOT-SERVERS.NET.
    . 518400 IN NS H.ROOT-SERVERS.NET.

    ;; ADDITIONAL SECTION:
    A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
    B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
    C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
    D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90
    E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
    F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
    G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
    H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
    I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
    J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30
    K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
    L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42
    M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33

    ;; Query time: 48 msec
    ;; SERVER: 198.41.0.4#53(198.41.0.4)
    ;; WHEN: Sat Nov 3 14:03:19 2007
    ;; MSG SIZE rcvd: 436
  • 'edu.' is to be determined. This is done by querying a root server. I randomly chose one of the above IPs for this task.
    ; <<>> DiG 9.4.2-P2 <<>> @198.41.0.4 edu NS
    ; (1 server found)
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50549
    ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADDITIONAL: 8
    ;; WARNING: recursion requested but not available

    ;; QUESTION SECTION:
    ;edu. IN NS

    ;; AUTHORITY SECTION:
    edu. 172800 IN NS C.GTLD-SERVERS.NET.
    edu. 172800 IN NS A.GTLD-SERVERS.NET.
    edu. 172800 IN NS L.GTLD-SERVERS.NET.
    edu. 172800 IN NS D.GTLD-SERVERS.NET.
    edu. 172800 IN NS E.GTLD-SERVERS.NET.
    edu. 172800 IN NS F.GTLD-SERVERS.NET.
    edu. 172800 IN NS G.GTLD-SERVERS.NET.

    ;; ADDITIONAL SECTION:
    A.GTLD-SERVERS.NET. 172800 IN A 192.5.6.30
    A.GTLD-SERVERS.NET. 172800 IN AAAA 2001:503:a83e::2:30
    C.GTLD-SERVERS.NET. 172800 IN A 192.26.92.30
    D.GTLD-SERVERS.NET. 172800 IN A 192.31.80.30
    E.GTLD-SERVERS.NET. 172800 IN A 192.12.94.30
    F.GTLD-SERVERS.NET. 172800 IN A 192.35.51.30
    G.GTLD-SERVERS.NET. 172800 IN A 192.42.93.30
    L.GTLD-SERVERS.NET. 172800 IN A 192.41.162.30

    ;; Query time: 59 msec
    ;; SERVER: 198.41.0.4#53(198.41.0.4)
    ;; WHEN: Fri Jan 30 13:55:43 2009
    ;; MSG SIZE rcvd: 289

    During this process, the server is told that A-G.GTLD-SERVERS.NET are responsible for 'edu.' The local server performs queries to determine the A or AAAA records associated with those names and caches the information. '172800' seconds is the TTL [2 days]. For 2 days, this server will not ask again who is responsible for 'edu.' and instead will use the information that it received. This applies no matter what .edu domain is queried.

  • The process continues with 'wisc.edu'. This is done by querying a 'edu.' server. I randomly chose one of the above IPs for this task.
    [m7h@trigger etc]$ dig @192.5.6.30 wisc.edu NS

    ; <<>> DiG 9.4.2-P2 <<>> @192.5.6.30 wisc.edu NS
    ; (1 server found)
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49134
    ;; flags: qr rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
    ;; WARNING: recursion requested but not available

    ;; QUESTION SECTION:
    ;wisc.edu. IN NS

    ;; ANSWER SECTION:
    wisc.edu. 172800 IN NS cs.wisc.edu.
    wisc.edu. 172800 IN NS dns.cs.wisc.edu.
    wisc.edu. 172800 IN NS dns2.cs.wisc.edu.
    wisc.edu. 172800 IN NS dns2.itd.umich.edu.

    ;; ADDITIONAL SECTION:
    cs.wisc.edu. 172800 IN A 128.105.2.6
    dns.cs.wisc.edu. 172800 IN A 128.105.2.10
    dns2.cs.wisc.edu. 172800 IN A 128.105.6.12
    dns2.itd.umich.edu. 172800 IN A 141.211.125.15

    ;; Query time: 78 msec
    ;; SERVER: 192.5.6.30#53(192.5.6.30)
    ;; WHEN: Fri Jan 30 13:58:56 2009
    ;; MSG SIZE rcvd: 173

    During this process, the server is told the authoratative servers for 'wisc.edu.'. Per the KB article on glue records, glue records for cs.wisc.edu, dns.cs.wisc.edu and dns2.cs.wisc.edu are returned. '172800' seconds is the TTL [2 days]. For 2 days, this server will not ask again who is responsible for 'wisc.edu.' and instead will use the information that it received. This applies no matter what wisc.edu domain is queried.

  • The process continues with 'doit.wisc.edu'. This is done by querying a 'wisc.edu.' server. I randomly chose one of the above IPs for this task.
    [m7h@trigger etc]$ dig @128.105.2.6 doit.wisc.edu NS

    ; <<>> DiG 9.4.2-P2 <<>> @128.105.2.6 doit.wisc.edu NS
    ; (1 server found)
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 542
    ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3
    ;; WARNING: recursion requested but not available

    ;; QUESTION SECTION:
    ;doit.wisc.edu. IN NS

    ;; AUTHORITY SECTION:
    doit.wisc.edu. 86400 IN NS adns2.doit.wisc.edu.
    doit.wisc.edu. 86400 IN NS adns3.doit.wisc.edu.
    doit.wisc.edu. 86400 IN NS adns1.doit.wisc.edu.

    ;; ADDITIONAL SECTION:
    adns1.doit.wisc.edu. 86400 IN A 144.92.9.21
    adns2.doit.wisc.edu. 86400 IN A 144.92.20.99
    adns3.doit.wisc.edu. 86400 IN A 144.92.104.21

    ;; Query time: 1 msec
    ;; SERVER: 128.105.2.6#53(128.105.2.6)
    ;; WHEN: Fri Jan 30 14:00:30 2009
    ;; MSG SIZE rcvd: 139

    During this process, the server is told the authoratative servers for 'doit.wisc.edu.'. Per the KB article on glue records, glue records for adns1,2,3.doit.wisc.edu are returned. '86400' seconds is the TTL [1 day]. For 1 day, this server will not ask again who is responsible for 'doit.wisc.edu.' and instead will use the information that it received. This applies no matter what doit.wisc.edu domain is queried.

  • Finally, www.doit.wisc.edu is resolved. This is done by querying adns1, adns2, or adns3.
    [m7h@trigger etc]$ dig @144.92.9.21 www.doit.wisc.edu A

    ; <<>> DiG 9.4.2-P2 <<>> @144.92.9.21 www.doit.wisc.edu A
    ; (1 server found)
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33549
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
    ;; WARNING: recursion requested but not available

    ;; QUESTION SECTION:
    ;www.doit.wisc.edu. IN A

    ;; ANSWER SECTION:
    www.doit.wisc.edu. 14400 IN A 128.104.80.40

    ;; AUTHORITY SECTION:
    doit.wisc.edu. 14400 IN NS adns3.doit.wisc.edu.
    doit.wisc.edu. 14400 IN NS adns2.doit.wisc.edu.
    doit.wisc.edu. 14400 IN NS adns1.doit.wisc.edu.

    ;; ADDITIONAL SECTION:
    adns1.doit.wisc.edu. 14400 IN A 144.92.9.21
    adns2.doit.wisc.edu. 14400 IN A 144.92.20.99
    adns3.doit.wisc.edu. 14400 IN A 144.92.104.21

    ;; Query time: 0 msec
    ;; SERVER: 144.92.9.21#53(144.92.9.21)
    ;; WHEN: Fri Jan 30 14:02:57 2009
    ;; MSG SIZE rcvd: 159
    The IP of www.doit.wisc.edu is known and is cached for 4 hours [14400 seconds].

root.hints

One well known location of the most recent root IPs is here:

wget ftp://ftp.rs.internic.net/domain/db.cache




Keywords:DNS: Recursion example   Doc ID:8960
Owner:Michael H.Group:Network Services
Created:2009-01-29 19:00 CDTUpdated:2015-11-19 16:30 CDT
Sites:Network Services, Systems & Network Control Center, University of Wisconsin System Network, WiscNet
Feedback:  0   0