1
I would like to ask if it is possible to configure a client on Windows or Linux to make iterative queries instead of recursive.
I only found articles about turning off recursive on DNS server.
Thank you
user3249
Posted 2013-11-28T10:12:35.963
Reputation: 11
3
I have no idea what an iterative DNS query might be.
A query sent to a DNS server may set the "recursion requested" flag. In Humanspeak, that's like saying "what's the address of [thing], and if you don't know, please look it up for me". The server may deny that, and just return the equivalent of "I don't know, and didn't ask", or it may reply with "I asked around, and it's [this]" or "I asked around, and was told it's [this]", or "I know this one, it's [this], and I'm actually an authority for that address."
A non-recursive query is just "what's the address of [thing], but if you don't know, just say so". The server may already know the answer from a previous recursive query anyway and return it, or it may not, but either way it will not in turn query anything.
Assuming that a server, let's call him S, honours the recursion request, it will take the name - say, "www.example.com" - and start with the right-most component for which it has information.
This may be nothing at all, in which case S sends the query to the root servers, a list of which it has either cached or was given as a hard-coded or pre-configured list. One of the root servers will receive the request for "www.example.com, recursion requested"; root servers do not recurse, but they will return the next best thing they know: the name servers for ".com" along with their addresses.
Try running dig www.google.com @c.root-servers.net
S then asks one of those for "www.example.com, recursion requested". They will also not recurse, but return the next best thing: the nameservers for "example.com", along with their addresses (again skipping where they get that - look up "glue records").
Try running dig www.google.com @k.gtld-servers.net
S then asks one of those for "www.example.com, recursion requested". They do not need to recurse, because they know the answer, so they'll send it back along with the flag "authoritative answer".
Try running dig www.google.com @ns3.google.com (note the "aa" flag; here's a list of reply flags).
S will then send the final answer back to the client, without the "aa" flag because S isn't authoritative, i.e. it had to ask.
In some respect, a "recursive" query is dealt with "iteratively" by S. If the client wanted to do that directly, it would need to have a preconfigured list of root servers (which it could update by asking those) and it should cache the results for other local programs to re-use. Which basically means you'd be running a recursing, caching-only (because it's not authoritative for anything) nameserver on the local host.
So... can you clarify your question? What do you think you want to do?
Gabe
Posted 2013-11-28T10:12:35.963
Reputation: 1 837
1
When you send a DNS request to a server, you can tune to iterative mode. On this request, it will ignore the setting of the DNS server.
Example, you can try it under dig or nslookup
dig +norecurse netpas.co
If the DNS server cached the record, you will get the A record. Or, the suggestion for which DNS server you need to try next.
Romain Xie
Posted 2013-11-28T10:12:35.963
Reputation: 31