When I send DNS request, I will get some response. At this time, I had some question if this answer come from cached information or not. Someone think like me.

 

When the DNS server can recurse (RA is set)

1. Even if the query is recursive or not, the DNS which recived refer to local cache to find out the A record.

2. If the DNS is not authoritative, it will be return cached.

 

Please Look at these Packets.

There are 2 answers. One is CNAME which has 300 TTL time, other is A which 30 TTL time. I try again. And then

Now, I can see CNAME which has 300 TTL time and A which 29 TTL time. 

In my test environment, I have DNS and GSLB. It has the role each like below. I dig to Authoritative DNS.

Thus, 

1. Authoritative DNS return the TTL time for CNAME. This is the configuration value. 

- In the response packet, Authoritative flag is set.

2. Authoritative DNS recurse to GSLB and cache the answer and return to client. So this TTL time will be counted down.

- In the response packet, Recursion Available is set. (The DNS can recurse)

 

The best way to find out the answer come from cached is watching "TTL time will be counted down or not".

 

This is the other case, I will try dig to "8.8.8.8" which is google DNS server. Even if there are lots of DNS server behind 8.8.8.8.

In this result above, Recursion Available is set, so the DNS is expected to cache answer. However, this is not Authoritative. Therefore, the CNAME and A should be counted down.

 

So far, I send recursive query. However, I want to see the same result with iterative query. In this post, I explained how to generate iterative query. I will use "dig +norecurse". Please note below

 

1. "dig with norecurse" show the result by DNS properies.

- Some DNS show the next query information, even if it has cached record.

- Some DNS show the cached answer.

- Some DNS show "server failed" result

 

Because of this, I did not recommend to use "dig with norecurse". Anyway, I will show when it works. I used same DNS server target.

When dig with no-recurse works, It show CNAME with counted TTL time down and A with counted TTL time down. With result, this DNS server has cached record value.

 

I have already told that different type of result can be shown with "norecurse" option. I will send query "www.google.com" to different DNS servers.

 

At first, Cached A record information is returned from DNS server. At this time, I can expect this DNS server has the cache. Please look at the next case,

There is no Answer field. There are next DNS server information to query. This is the reason why I do not recommend this norecursion option. Sometime, I can see the server fail like below.

This is my result. It is OK to use "norecurse" option for checking the cached return. However, it can can show different result what I do not expect. 

 

1. See the response packet field : RA is set

2. See the TTL time count down.

 

This is the prove to cached.

 

 

Reference

[ 1 ] superuser.com/questions/523917/dns-queries-returning-no-answer-section

[ 2 ] superuser.com/questions/681680/dns-making-iterative-requests/681710

[ 3 ] www.slashroot.in/difference-between-iterative-and-recursive-dns-query

[ 4 ] www.ateamsystems.com/tech-blog/using-dig-to-find-domain-dns-ttl/

Sometimes, I need to use "dig trace" command. I have known that it trace the DNS hop by hop. In this post, I will see the Packet level with this command.

 

1. First Packet of dig trace.

 

The first packet is look like. 

There are 3 properties. 

 

1. "Recursion Desired" is not set (I have alread posted about recursion and iterative flags.)

2. The request is not for A record. it is NS.

3. This request is for "root" domain such "dot ."

 

By 2 property. the DNS response NS answer. After then, the client start to send A and AAAA request to the same DNS.

In this case, Client send A and AAAA for m.root-servers.net. The DNS does not response. After 5 second, it will retry.

In the result, I can see "couldn't get address for m.root-server.net" (Anyway this is not normal case)

The below is normal case. It request A and AAAA requests to all of targets which the response of the first NS request.

There is the things important to see. In wireshark, I estimate the time from request and response. 

The client choose the fastest one. In this sample, it will be "198.97.190.53". 

 

2. Second Reqeust for target domain

 

I think this is first step for the domain what I lookup. I have known that "198.97.190.53" is the namesever for next step. Therefore, I send the A record request to this DNS server.

Please not that "This is A record request with no-recursion". The below is the response packet.

There is no answer field in this response. Also, this server does not recursion available and is not Authoritative.

The DNS response with "Authoritative nameserver" list to client. The client must request other DNS server to find out.

Client send the nameserver (8.8.8.8) to find out A record for this nameserver list received. This is almost same with first one.

During these step, the client also choose the fastest one. At this time, it is "210.101.60.1"

With this value, the client try again.

However, there is no answer filed at this time. There are "authoritative nameservers list" again. Client will repeate above step.

 

3. Finally Request for A record.

 

The client send the A record request without recursion to 211.188.180.21 name server. It response like below.

At this time, there is "answer filed". Becuse of this, dig trace will be stoped. However, this is not A record. It is CNAME record with "authoritative nameservers" for this CNAME.

(Please note that "Authoritative is set" even if the A record is not responsed.) This measn that CNAME is valuable like A record.

Client must repeat this CNAME domain request again. It is the same above step.

 

[ Reference ]

 

[ 1 ] createnetech.tistory.com/60

 

 

In the past, I posted "how to configure bind9". During writing, I did not understand fully the concept of the recursion, even if there are simple explain like others.

I will see the some packet in this post. It is much easier.

 

1. General DNS Standard Query (Default Reqeust)

 

Normally, the servers are set the "/etc/resolv.conf" file to customize DNS server. In my case, I set "8.8.8.8" as the resolver.

It is everything which I can do simply. And then I use without any recognization. This is the Request Packet

In DNS packet, there is flags field. "Recursion Desired is set". This is what I want to find. Because of this, the DNS server (the request packeted is received) will try to recurse. 

In the received packet, there are lot of informations. I can estimate DNS properites such as "Authoritative" and "Recursion option".

This is the Default Reqeust Packet. Therefore, the DNS will do recursion and caching.

 

2. No Recursion DNS Reqeust (Iterative Request)

 

At this time, I want to send "no recursion DNS request". I mean iterative request. The simple way is to use "dig" command with "norecursion". Please look the manual page.

I will try "dig +norecurse" like below.

That is so strange. There is no answer for A record. "This imply that there is no cached A record for this domain", Becuase this DNS server does not do recursion. If the DNS has the cached A record. It looks like below.

In this case, the DNS has the cached A record. It returned the response. Look at the packet.

With "norecursion", "Recursion desired flag" is not set. This is the important factor to understand. 

In the response, the flags values are same as the above. Please look at the Answer. This means that "DNS server (8.8.8.8) give me 2 types of answers, first is CNAME and second is A record for the CNAME". This A record is cached value. Because This DNS server can recursion by the flag.

 

Reference 

[ 1 ] help.fasthosts.co.uk/app/answers/detail/a_id/1276/~/what-is-recursive-dns-and-why-is-it-not-recommended%3F

 

+ Recent posts