Understanding DNS Recursion

How recursive DNS queries work.

The basic concept of DNS name resolution is fairly simple. Every Web site is assigned a unique IP address. In order to access a website, a client needs to know what the site’s IP address is. Of course users don’t usually enter an IP address into their Web browser, but rather enter the site’s domain name instead. In order to access the requested website, the Web browser must be able to convert the site’s domain name into the corresponding IP address. This is where DNS comes into play. The client computer is configured with the address of a preferred DNS server. The requested URL is forwarded to the DNS server, and the DNS server returns the IP address for the requested website. The client is then able to access the requested site.

As you can see, the name resolution process is pretty cut and dry. However, there are countless websites in the world, and new sites are being created every day. It is impossible for your DNS server to know the IP address of every single website. When a DNS server does not know the address for a requested site, it uses one of two methods to determine the site’s IP address.

The preferred name resolution method is called recursion. Generally speaking, recursion refers to the process of having the DNS server itself to make queries to other DNS servers on behalf of the client who made the original request. In essence, the DNS server becomes a DNS client. Some administrators prefer to disable recursion for performance reasons. If recursion is disabled, then the DNS server uses a process called iteration to resolve the name request.

Root Hints

If the DNS server does not know the address of the requested site, then it will forward the request to another DNS server. In order to do so, the DNS server must know of the IP address of another DNS server that it can forward the request to. This is the job of root hints. Root hints provided a list of IP addresses of DNS servers that are considered to be authoritative at the root level of the DNS hierarchy.

The good news is that root hints are preconfigured on Windows Server 2003 DNS servers. The root hints are stored in a file named CACHE.DNS that is located in the \Windows\System32\Dns folder. If you would like to see what the root hints file looks like, you can open it in Notepad. As you can see in Figure A, the root hints file is really nothing more than just a text file that pairs root DNS servers with their IP addresses.


Figure A: The root hints file matches root level DNS servers with their IP addresses

Now that I have talked about what the root hints are and what they do, let’s take a look at the recursion process in action. The diagram shown in Figure B illustrates the example that I am about to walk you through.


Figure B: This is how DNS recursion works

The process begins when the user enters a URL into their Web browser. For the purpose of this example, let’s assume that the user has entered www.contoso.com as the URL. Upon doing so, the request to resolve the Contoso.com domain into an IP address is passed to the workstation’s preferred DNS server. Often times the preferred DNS server will have already cached the requested record, but for the sake of this example, let’s assume that the preferred DNS server has no information related to CONTOSO.COM.

Assuming that DNS recursion is enabled, the DNS server begins acting as a DNS client and launches a series or iterative queries against other DNS servers. I will discuss the difference between iterative and recursive queries later on, but for now just realize that the process as a whole is considered to be recursive because the client only makes one request to the preferred DNS server.

At any rate, the workstation’s preferred DNS server doesn’t know the IP address of the www.contoso.com Web site, and it doesn’t know the IP address of a DNS server that is authoritative for the Contoso.com domain (and would therefore know the IP address of the www.contoso.com Web site). What the DNS server does know is the IP address to a root level DNS server (thanks to the root hints file). Therefore, the preferred DNS server forwards the request to the root DNS server.

The root DNS server doesn’t have a clue as to the IP address of the www.contoso.com Web server. What it does know is the IP address of a DNS server that is responsible for the .COM domain. The root DNS server returns the IP address of the DNS server responsible for the .COM domain to the preferred DNS server. The preferred DNS server then sends the client’s request to the .COM DNS server. The .COM DNS server doesn’t know the IP address of the www.contoso.com Web site, but it does know the IP address of the DNS server that is authoritative for the Contoso.com domain. The .com domain server returns the IP address of the DNS server that is authoritative for the Contoso.com domain. The client’s preferred DNS server then sends the request to the Contoso.com DNS server, which in turn returns the IP address for the requested Web site. This address is then returned to the client who requested it.

There are two things worth noting in this example. First, as I explained earlier, the client only made a single DNS query. It was completely unaware of the DNS server’s iterative queries on its behalf. Second, the DNS server that is authoritative for the CONTOSO.COM domain would not necessarily be owned by Contoso. Typically, this DNS server would be owned by a Web hosting company and would be authoritative for any sites hosted by the company. That’s why the preferred DNS server can’t skip a step and just give the client the address for the DNS server that is authoritative for the domain; at least not in this case.

If a DNS server is configured to not support recursive queries, then clients will perform iterative queries by default.

If you are interested in obtaining the best performance, then you should configure your DNS server to allow recursive queries. The reason is because if clients are forced to use iterative queries, then they could potentially issue three or four queries to the DNS server for every name resolution request. The DNS server will have to perform all these queries whether recursive or iterative queries are being used, but when recursion is used, most of the name resolution requests are handled by your DNS server and are kept off of your network. This reduces the amount of traffic flowing across the network, thereby improving performance.

Conclusion

In this article, I have explained how recursive DNS queries work. Most DNS servers support both recursive and iterative queries from clients. Configuring your DNS server to support recursive queries will generally provide better performance because doing so will reduce the number of queries that network clients have to make.