Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How does iterative and recursive query works in DNS?

Posted on 2011-09-21
6
Medium Priority
?
1,704 Views
Last Modified: 2012-05-12
Hello, I would like to know how does iterative and recursive query works in DNS? If I have a linux (ubuntu) box and /etc/resolv.conf has three nameserver mentioned then which query does it use by default? iterative or recursive?

can we force a query using nslookup/host/dig to use only iterative or recursive to resolve a hostname? Thanks!
0
Comment
Question by:beer9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 29

Expert Comment

by:Jan Springer
ID: 36575640
recursion is the action of going up to tree (and possbily to the root) to find an authoritative server for a FQDN in question.

dig www.domain.com @A.B.C.D
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 36575785
In short:

Recursive - Client sends request to a server, server deals with it
Iterative - Client is expected to do all the work

The catch is, a DNS server can be both a Server and a Client. It can be the Server for the Recursive part, waiting for queries from clients and expecting to fulfil them. And it can be the client, performing Iterative queries.

You can see an Iterative query in action using Dig with:

dig domain.example +trace

In this dig, as the client, is doing all the work, it's performing an Iterative query.

If you just run this:

dig domain.example @someserver

Then you'll send a DNS packet, which includes a request for recursion from the server and the sever, if it's allowed, will get on with it for you. You can say don't like this:

dig domain.example +norecurse @someserver

And in that case you'll get the best answer the server can give you (worst case, nothing or root hints; best case, a cached answer).

Finally, if a server is configured not to accept recursive queries it will always return the best answer it can (which depending on configuration, may include Query Refused).

Chris
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 36575817
Forgot to address this bit:

> has three nameserver mentioned then which query does it use by default?

Recursive.

You'll find most client-side resolvers (not debugging tools) are stub-resolvers. They can't perform full Iterative queries, they can only hope a DNS server can help out.

And...

> can we force a query using nslookup/host/dig to use only iterative or recursive to resolve a hostname?

NsLookup can do a query without asking for recursion:

nslookup
set norecurse
domain.example

But it can't do iteration.

I think it's the same for host. -r makes it send a request without asking for recursion, but again it can't do iteration.

Chris
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 71

Expert Comment

by:Chris Dent
ID: 36575836
And just one more :)

The most succinct definition of recursion vs iteration is in RFC 1034:

http://www.ietf.org/rfc/rfc1034.txt

To quote:

  - In any system that has a distributed database, a particular
     name server may be presented with a query that can only be
     answered by some other server.  The two general approaches to
     dealing with this problem are "recursive", in which the first
     server pursues the query for the client at another server, and
     "iterative", in which the server refers the client to another
     server and lets the client pursue the query.  Both approaches
     have advantages and disadvantages, but the iterative approach
     is preferred for the datagram style of access.  The domain
     system requires implementation of the iterative approach, but
     allows the recursive approach as an option.

Chris
0
 

Author Comment

by:beer9
ID: 36576360
can we force a query using nslookup/host/dig to use only iterative or recursive to resolve a hostname?

NsLookup can do a query without asking for recursion:

nslookup
set norecurse
domain.example

But it can't do iteration.

I think it's the same for host. -r makes it send a request without asking for recursion, but again it can't do iteration.

Thanks for the detailed information Chris, I just wanted to know when you say to set 'no recurse' on host/nslookup then it doesn't mean iteration?

I assumed opposite of recursion is iteration.

So if I just use the command "host google.com" then did it use iterative or recursive?

as per my understanding:

host google.com is iteration
host -r google.com is non-recursive (but not iteration?)

Please clarify if my understanding is right.. Thanks again for your help :-)
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 36576523
> So if I just use the command "host google.com" then did it use iterative or recursive?

Recursive (that's the default in almost all cases).

> host -r google.com is non-recursive (but not iteration?)

It can be the starting point for an iterative query process. However, since it can't complete and get to an answer it's difficult to refer to it as an iterative query. Does that make sense?

Chris
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question