DNS NS Question
Kevin Darcy
kcd at daimlerchrysler.com
Tue Nov 15 23:23:48 UTC 2005
News wrote:
>Hi,
>
>I have a query on how DNS resolves in regards to name servers (NS) records
> can somebody please explain this to be by way of the following example:
>
>Ok so given the following setup of a domain:
>
>example.net. 172791 IN NS ns1.example.net.
>example.net. 172791 IN NS ns2.example.net.
>example.net. 172791 IN NS ns3.example.net.
>
>If I am trying to resolve host1.example.net for example.
>
>Does the DNS resolveer work like this.
>
>Try ns1.example.net if there is no host found then it tries
>ns2.example.net and so on. So it keeps working its way down until
>one of the NS servers says it can Resolve the query?
>
No, "no host found" implies that one of the nameservers actually gave a
response to the effect that the query matched no name (or no records,
which is subtly different) in the DNS database. Once a response is
received by one of the nameservers, it is taken as definitive, since all
of those nameservers are expected to have the same data (transient
replication delays notwithstanding). Failover from one nameserver to
another only occurs as long as there is no response.
>Or does it simply make a dns type query if it is not found then
>say that is not there Return host not found. So the multiple NS
>records just mean if it can make a tcp connection To the first
>it tries the next one.. This is what I am trying to understand how
>it works?
>
That's more like how it works, with some minor clarifications:
1) The queries are made using UDP datagrams rather than TCP connections,
unless the data is too big to fit in a UDP packet.
2) As far as nameserver selection goes, most iterative-resolver
implementations will pick nameservers based on its prediction(s) --
based on prior experience -- of which will respond faster than others.
So it's not a strict sequential order each time. If there is no data
with which to make a prediction, e.g. if the iterative-resolver just
came up and therefore has no relevant records cached, then generally
it'll proceed in a random order. In fact, there's no guarantee that the
delegation records (what you show above) will always be given out in the
same order. Implementations can choose to mix them up if they wish.
Perhaps what is confusing you is that most registrars ask for
delegations as "nameserver #1", "nameserver #2", etc. as if there were
some strict ordering sequence. That's just their way of keeping track of
delegation records in the registry database; within the DNS protocol
itself, that ordering doesn't matter.
- Kevin
More information about the bind-users
mailing list