Solved

DNS forwarder question

Posted on 2008-06-25
4
273 Views
Last Modified: 2010-04-07
If you configure a DNS server to use a forwarder, would a wireshark capture show DNS traffic between just you and the forwarder or does the forwarder return the IP of  the authoritative DNS server and would your DNS server go there to finally resolve the name to IP?

I'm trying to figure out if my forwarder is working correctly.


0
Comment
Question by:jjc_mn
  • 2
4 Comments
 
LVL 14

Expert Comment

by:cuziyq
ID: 21869924
Your DNS server would forward the request and the request would be sent back to your DNS server.  The client making the request would be unaware that the request had been forwarded.
0
 
LVL 19

Expert Comment

by:feptias
ID: 21872572
You are describing the difference between iterative and recursive DNS. On the Windows DNS server, on the "Forwarders" tab, there is tick box option "Do not use recursion for this domain". When the option is ticked, it means you want your DNS server to only query the forwarder (i.e. your DNS server should not go elsewhere to finally resolve the name).
0
 

Author Comment

by:jjc_mn
ID: 21872784
Actually I'm on Lunix not Windows but that should  not matter.

Also I'm disregarding traffic between my DNS server and the client that makes the request. I'm only looking at server to server traffic.

You said :  "your DNS server should not go elsewhere to finally resolve the name". From my wireshark trace it looks like it asks the forwarder and the forwarder comes back and gives it the DNS SOA and then my server goes to the SOA to resolve.

So that behavior is not correct?
0
 
LVL 19

Accepted Solution

by:
feptias earned 500 total points
ID: 21872886
You are possibly mis-interpreting what I meant to say!
In effect, what I said was: "When that option is ticked your DNS server should not go elsewhere..."

When the option is *not* ticked, then your DNS server is very likely to start interrogating other DNS servers. That process is called recursion. I have never investigated the process down to the level of running a packet trace, but SOA records contain information about the primary DNS server for the domain so it makes some sense.

I don't know what the equivalent is of that tick box option in Linux, but no doubt there is an equivalent in the config settings. I believe it is called "slaving" when one DNS server devolves all responsibility for name resolution to the forwarder.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Macbook Sierra OS OpenVPN issue 13 82
DNS - two primary zones, secondary zone on same server, two DNS servers, subnets 12 77
Guest VLAN not syncing email 13 37
DNS and NSLOOKUP 21 75
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Resolve DNS query failed errors for Exchange
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question