-2

Let's say, my domain's nameservers are registered like this:

ns1.domain.com.
ns2.domain.com.
ns3.domain.com.

The physical location for each of the server are as follows:

ns1.domain.com. - in Tokyo
ns2.domain.com. - in San Francisco
ns3.domain.com. - in Europe
  • Does DNS lookup queries all nameservers at once?
  • When a user access the website, will it query only 1 server, or all of the servers (and accept the response from the one which replies the fastest)? (IF it queries only 1 server, how does it choose?)
  • When a user, say, living in California, access the website using a web browser for the first time, which nameserver does it query? Will it somehow know ns2 is the nearest server and will query that server first before the others, or only that server?
  • Assume ns1 (located in Tokyo) has the cheapest, slowest and most limited hardware, and this is under heavy load or suffering DoS/DDoS attack, AND ns2 and ns3 are powerful machines and working well. When this situation happens, how will it affect my DNS response for my website?

(I'm using PowerDNS on FreeBSD, but I think this is a more like a generic DNS question irregardless of operating system or DNS software.)

ikevin8me
  • 137
  • 1
  • 6
  • 2
    There is a fairly good answer here: https://serverfault.com/questions/355414/how-is-dns-lookup-order-determined . Note that some implementations do not cache NS records, however for other records that are cached the query may not even reach your name servers. – Greg Askew Mar 31 '19 at 13:56

2 Answers2

2

When a user accesses a website the browser does not query the authoritative nameservers directly, it (typically indirectly, via the OS resolver library) sends a query requesting recursion (RD flag set) to the configured (often populated via DHCP) resolver nameserver which does the whole lookup process (with caching) on behalf of its client and returns the finished answer.

So, regarding your questions, most of them seem more centered around the behavior of this resolver server rather then anything normally found on the client machine. As for the answer, many of them are implementation specific; the specific strategies are generally not mandated in the standards.

  1. It's not the norm to reach out to multiple authoritative servers opportunistically. It's more common that clients are opportunistic wrt communication with multiple configured resolver servers.
  2. The choice of authoritative server is arbitrary per the spec. There are often implementation specific strategies at play, for instance a resolver server may, to varying extent, track which authoritative servers are good/bad based on previous experience.
  3. The browser queries the configured resolver (often provided by ISP), this server may very well already have the whole answer cached from other users looking up the same thing, otherwise it could have some part of the path leading to the answer cached. In a completely cold cache scenario it's probably an entirely arbitrary pick.
  4. In a completely cold-cache situation there's effectively a 33% risk for a delayed response. Once "your" resolver server has seen that this authoritative server is unresponsive it will probably know to (for a limited time) give up on that server, not letting it affect further queries. Taking caching into account it's in most cases unlikely to be a user that sees the "cold-cache, no prior knowledge, bad luck arbitrarily picking the "wrong" server"-induced extra delay.
Håkan Lindqvist
  • 33,741
  • 5
  • 65
  • 90
0

When the client asks to resolve your domain name, the tld servers will give the list of all your name servers to the client and the client will choose one randomly. So it could choose ns1 the first it queries, ns3 the 2nd time, ns1 the third time, ns2 the fourth time etc.

Some services like cloudflare can be declared as your only name server, which in turn will intelligently route the queries either by geographic location or by load balancing on your true real name servers, or their own (they can also provide name resolution). In fact, nearly 40% of all DNS traffic is routed through cloudflare dns infrastructure.

ychaouche
  • 252
  • 3
  • 15