?
Solved

DNS Forwarders

Posted on 2005-03-18
3
Medium Priority
?
342 Views
Last Modified: 2012-06-21
I'm studying "DNS on Windows Server 2003" (O'Reilly 2004) to get a final grip on DNS.

As I understand it, now, a forwarding name server will use its forwarders first (given it can't resolve the query with cache or zone data), and if the forwarders are unreachable, the forwarding name server will go for the root hints. That's how I understand the following:

"...the [forwarding] name server sends the query to its configured forwarders and waits a short period for an answer before resuming normal operation and contacting the remote servers itself. What the name server is doing that's different is sending a recursive query to the forwarder, expecting it to find the answer. At all other times, the name server sends out nonrecursive queries to other name servers and deals with responses that refer only to other name servers." (p. 230)

There's the option to make the forwarding name server a "forward-only name server", by checking the "Do not use recursion for this domain" box in the Forwarders configuration tab (a check box with "confusing terminology", but never mind). The writers say:

"If you want to restrict your name servers even further -- stopping them from even trying to contact an off-site server if their forwarder is down or doesn't respond. You can do this by telling the server not to fall back to using the recursive resolution process if no forwarders respond: check the "Do not use recursion for this domain" box on the "Forwarders" configuration tab." (pp. 231-232)

My question concerns this sentence: "You can do this by telling the server not to *fall back to using the recursive resolution* process if no forwarders respond..."

Shouldn't it say: "... fall back to using the *nonrecursive* resolution." As I understand it, if the forwarders aren't responding, the forwarding name server will use the root hints, and the root hints query is by definition nonrecursive.

Am I right?


0
Comment
Question by:DiamondJoe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 7

Expert Comment

by:minmei
ID: 13573681
Good places to understand it...

http://media.pearsoncmg.com/aw/aw_kurose_network_2/applets/dns/dns.html

http://www.menandmice.com/online_docs_and_faq/glossary/glossarytoc.htm?recursive.query.htm

Recursive means I ask you, you go find out answer and tell me.

Opposite is iterative: I ask you, you tell me which name server I go to to find the answer myself.
0
 

Author Comment

by:DiamondJoe
ID: 13575269
Thanks for the links, the first one was great fun and also confirms my point. As far as I know, in the scenario above, where the forwarders aren't answering the forwarding name server, the forwarding name server would fall back to using the nonrecursive (or iterative) resolution using the root name server, not fall back to recursive resolution, as the writers states in the book I quoted.

I'm asking since this book is very highly respected and printed in numerous editions (with slightly different titles), wherefore I can't just ignore this strange statement as simply incorrect.
0
 
LVL 7

Accepted Solution

by:
minmei earned 750 total points
ID: 13575769
nslookup is a wonderful thing.

you can use it as a tool to check the answer.

Each nslookup request defaults to recursion. this means it will ask until it finds the answer, then deliver it back.

When you do a set norecurse, you see only the next authoritative nameserver. This is why it's called iterative. You can go to the roots, then get to the authoritative nameserver, then ask it for the answer, just like the dns server would.

Highly respected does _not_ mean error free.  Play with nslookup.  Find your forwarding server from your ISP, use it to run both recursive and non-recursive queries.

Here's the help on the win2k3 dns checkbox for "do not use recursion..."

Specify that the DNS server not attempt any _further_ recursion if the forwarders fail. If the forwarding servers fail to resolve, a failure message is returned.

Bad checkbox name. Bad explanation from the book. It just means it will stop if the forwarders fail. Has _nothing_ to do with recursive or iterative queries.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question