How does iterative and recursive query works in DNS?
Hello, I would like to know how does iterative and recursive query works in DNS? If I have a linux (ubuntu) box and /etc/resolv.conf has three nameserver mentioned then which query does it use by default? iterative or recursive?
can we force a query using nslookup/host/dig to use only iterative or recursive to resolve a hostname? Thanks!
can we force a query using nslookup/host/dig to use only iterative or recursive to resolve a hostname? Thanks!
In short:
Recursive - Client sends request to a server, server deals with it
Iterative - Client is expected to do all the work
The catch is, a DNS server can be both a Server and a Client. It can be the Server for the Recursive part, waiting for queries from clients and expecting to fulfil them. And it can be the client, performing Iterative queries.
You can see an Iterative query in action using Dig with:
dig domain.example +trace
In this dig, as the client, is doing all the work, it's performing an Iterative query.
If you just run this:
dig domain.example @someserver
Then you'll send a DNS packet, which includes a request for recursion from the server and the sever, if it's allowed, will get on with it for you. You can say don't like this:
dig domain.example +norecurse @someserver
And in that case you'll get the best answer the server can give you (worst case, nothing or root hints; best case, a cached answer).
Finally, if a server is configured not to accept recursive queries it will always return the best answer it can (which depending on configuration, may include Query Refused).
Chris
Recursive - Client sends request to a server, server deals with it
Iterative - Client is expected to do all the work
The catch is, a DNS server can be both a Server and a Client. It can be the Server for the Recursive part, waiting for queries from clients and expecting to fulfil them. And it can be the client, performing Iterative queries.
You can see an Iterative query in action using Dig with:
dig domain.example +trace
In this dig, as the client, is doing all the work, it's performing an Iterative query.
If you just run this:
dig domain.example @someserver
Then you'll send a DNS packet, which includes a request for recursion from the server and the sever, if it's allowed, will get on with it for you. You can say don't like this:
dig domain.example +norecurse @someserver
And in that case you'll get the best answer the server can give you (worst case, nothing or root hints; best case, a cached answer).
Finally, if a server is configured not to accept recursive queries it will always return the best answer it can (which depending on configuration, may include Query Refused).
Chris
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
And just one more :)
The most succinct definition of recursion vs iteration is in RFC 1034:
http://www.ietf.org/rfc/rfc1034.txt
To quote:
Chris
The most succinct definition of recursion vs iteration is in RFC 1034:
http://www.ietf.org/rfc/rfc1034.txt
To quote:
- In any system that has a distributed database, a particular
name server may be presented with a query that can only be
answered by some other server. The two general approaches to
dealing with this problem are "recursive", in which the first
server pursues the query for the client at another server, and
"iterative", in which the server refers the client to another
server and lets the client pursue the query. Both approaches
have advantages and disadvantages, but the iterative approach
is preferred for the datagram style of access. The domain
system requires implementation of the iterative approach, but
allows the recursive approach as an option.
Chris
ASKER
can we force a query using nslookup/host/dig to use only iterative or recursive to resolve a hostname?
NsLookup can do a query without asking for recursion:
nslookup
set norecurse
domain.example
But it can't do iteration.
I think it's the same for host. -r makes it send a request without asking for recursion, but again it can't do iteration.
Thanks for the detailed information Chris, I just wanted to know when you say to set 'no recurse' on host/nslookup then it doesn't mean iteration?
I assumed opposite of recursion is iteration.
So if I just use the command "host google.com" then did it use iterative or recursive?
as per my understanding:
host google.com is iteration
host -r google.com is non-recursive (but not iteration?)
Please clarify if my understanding is right.. Thanks again for your help :-)
> So if I just use the command "host google.com" then did it use iterative or recursive?
Recursive (that's the default in almost all cases).
> host -r google.com is non-recursive (but not iteration?)
It can be the starting point for an iterative query process. However, since it can't complete and get to an answer it's difficult to refer to it as an iterative query. Does that make sense?
Chris
Recursive (that's the default in almost all cases).
> host -r google.com is non-recursive (but not iteration?)
It can be the starting point for an iterative query process. However, since it can't complete and get to an answer it's difficult to refer to it as an iterative query. Does that make sense?
Chris
dig www.domain.com @A.B.C.D