In the past, I posted "how to configure bind9". During writing, I did not understand fully the concept of the recursion, even if there are simple explain like others.
I will see the some packet in this post. It is much easier.
1. General DNS Standard Query (Default Reqeust)
Normally, the servers are set the "/etc/resolv.conf" file to customize DNS server. In my case, I set "8.8.8.8" as the resolver.
It is everything which I can do simply. And then I use without any recognization. This is the Request Packet
In DNS packet, there is flags field. "Recursion Desired is set". This is what I want to find. Because of this, the DNS server (the request packeted is received) will try to recurse.
In the received packet, there are lot of informations. I can estimate DNS properites such as "Authoritative" and "Recursion option".
This is the Default Reqeust Packet. Therefore, the DNS will do recursion and caching.
2. No Recursion DNS Reqeust (Iterative Request)
At this time, I want to send "no recursion DNS request". I mean iterative request. The simple way is to use "dig" command with "norecursion". Please look the manual page.
I will try "dig +norecurse" like below.
That is so strange. There is no answer for A record. "This imply that there is no cached A record for this domain", Becuase this DNS server does not do recursion. If the DNS has the cached A record. It looks like below.
In this case, the DNS has the cached A record. It returned the response. Look at the packet.
With "norecursion", "Recursion desired flag" is not set. This is the important factor to understand.
In the response, the flags values are same as the above. Please look at the Answer. This means that "DNS server (8.8.8.8) give me 2 types of answers, first is CNAME and second is A record for the CNAME". This A record is cached value. Because This DNS server can recursion by the flag.
Reference
'System Basic Engineering > OpenSource' 카테고리의 다른 글
| How to verify the DNS response come from cached information? (dig norecurse) (0) | 2020.09.23 |
|---|---|
| Simple Packet analysis about "DIG trace"command. (0) | 2020.09.23 |
| How to upgrade DNSSEC for bind9? (0) | 2019.09.16 |
| How to configure DNS bind9 configuration in Ubuntu (0) | 2019.09.12 |
| How to install self-signed certification on Windows 2012 R2 for RDP? (0) | 2018.12.14 |