Sometimes, I need to use "dig trace" command. I have known that it trace the DNS hop by hop. In this post, I will see the Packet level with this command.
1. First Packet of dig trace.
The first packet is look like.
There are 3 properties.
1. "Recursion Desired" is not set (I have alread posted about recursion and iterative flags.)
2. The request is not for A record. it is NS.
3. This request is for "root" domain such "dot ."
By 2 property. the DNS response NS answer. After then, the client start to send A and AAAA request to the same DNS.
In this case, Client send A and AAAA for m.root-servers.net. The DNS does not response. After 5 second, it will retry.
In the result, I can see "couldn't get address for m.root-server.net" (Anyway this is not normal case)
The below is normal case. It request A and AAAA requests to all of targets which the response of the first NS request.
There is the things important to see. In wireshark, I estimate the time from request and response.
The client choose the fastest one. In this sample, it will be "198.97.190.53".
2. Second Reqeust for target domain
I think this is first step for the domain what I lookup. I have known that "198.97.190.53" is the namesever for next step. Therefore, I send the A record request to this DNS server.
Please not that "This is A record request with no-recursion". The below is the response packet.
There is no answer field in this response. Also, this server does not recursion available and is not Authoritative.
The DNS response with "Authoritative nameserver" list to client. The client must request other DNS server to find out.
Client send the nameserver (8.8.8.8) to find out A record for this nameserver list received. This is almost same with first one.
During these step, the client also choose the fastest one. At this time, it is "210.101.60.1"
With this value, the client try again.
However, there is no answer filed at this time. There are "authoritative nameservers list" again. Client will repeate above step.
3. Finally Request for A record.
The client send the A record request without recursion to 211.188.180.21 name server. It response like below.
At this time, there is "answer filed". Becuse of this, dig trace will be stoped. However, this is not A record. It is CNAME record with "authoritative nameservers" for this CNAME.
(Please note that "Authoritative is set" even if the A record is not responsed.) This measn that CNAME is valuable like A record.
Client must repeat this CNAME domain request again. It is the same above step.
[ Reference ]
[ 1 ] createnetech.tistory.com/60
'System Basic Engineering > OpenSource' 카테고리의 다른 글
| How to verify the DNS response come from cached information? (dig norecurse) (0) | 2020.09.23 |
|---|---|
| What is difference recursion and iterative request in DNS packet? (1) | 2020.09.23 |
| How to upgrade DNSSEC for bind9? (0) | 2019.09.16 |
| How to configure DNS bind9 configuration in Ubuntu (0) | 2019.09.12 |
| How to install self-signed certification on Windows 2012 R2 for RDP? (0) | 2018.12.14 |