DNS Query

Slides

DNS Resolver

Any DNS server is a DNS resolver. They can respond to either iterative or recursive DNS queries. Not all DNS servers will accept recursive queries. An iterative query asks if the server has local information, while a recursive query asks the server to look into it and provide the answer.

Root Nameserver

There are 13 root nameservers in the world, that each DNS resolver knows about. These are iterative DNS servers that will respond to DNS queries with referrals to the corresponding Top-Level-Domain (TLD) nameservers.

Top-Level Domain (TLD) Nameserver

A nameserver for one of the top-level domains such as .com, .org, .net, etc. It will respond to queries with a referral to the Authoritative Nameserver of a given subdomain. E.g., www.example.com. will be redirect to the nameserver for example.com..

Authoritative Nameserver

A nameserver that is responsible for for a given domain. It may return a response itself for a given query or refer to another nameserver for a subdomain.

Forward DNS Lookup

During a foward lookup you resolve a FQDN to its corresponding IP address. The following illustrates what happens when trying to resolve www.google.com to its IP address.

  1. The FQDN is www.google.com.

  2. A client contacts the local DNS server and ask for a name resolution of www.google.com.

  3. If the result isn’t cached, the local DNS server will do the resolution for you if it is set up to be recursive.

  4. A recursive DNS server will contact one of the root nameservers.

  5. This will return the authorative DNS server for the .com top-level domain.

  6. The local DNS server will then contact this .com DNS server and ask again to resolve www.google.com.

  7. That DNS server will tell it to contact the DNS server for google.com instead

  8. Finally, asking the google.com nameserver will return the necessary IP

  9. The local DNS server will then send the response of this iterative process to the client who made the original request and cache it

Reverse DNS lookup

A reverse DNS lookup is used to the determine the FQDN of an IP address. For this a domain name is generated based on the IP. The domain name that is resolved is the IP decimal numbers from right to left, separated by a dot, followed by the in-addr.arpa. domain.

\[\text{192.168.16.1} \rightarrow \text{1.16.168.192.in-addr.arpa}\]

This domain is then resolved the same way as a foward query. The only difference is that instead of the IP address (A) record it returns the pointer (PTR) record.