Tracert dns behaviour explanation

0

I'm trying to understand how tracert works. While sniffing packets with Wireshark I noticed that sometimes tracert decides to not resolve the host name.
Here are some examples:
tracert http://www.google.com ----> 0 packets
tracert guuugle -----------------------> 0 packets
tracert w.guugle ----------------------> DNS query

I mean why in the first two examples I don't see any packets? How can it know that those hosts don't exist? (DNS are flushed)

Andrea

Posted 2017-05-20T09:34:32.570

Reputation: 23

Answers

0

The system will not resolve http://www.google.com because it knows that's not a valid hostname. It's an URL, and it has a hostname in it, but it's not a hostname itself. The OS knows this because neither the : nor / are allowed in hostnames (that's why URLs use them as separators!).

In your second example, the name doesn't have any dots in it, so many systems consider it a local name and try other (non-DNS) methods of resolving it first. Although that's not a strict rule – some other systems do attempt to resolve single-component names via DNS as well (although often they append the "local domain" at the end).

user1686

Posted 2017-05-20T09:34:32.570

Reputation: 283 655

Asked: 2017-05-20T09:34:32.570

Viewed: 75 times

Active: 2017-05-20T11:24:07.043