Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I havent found out any straight-to-the-point answear yet on the net about how often a root dns server is queried hence i thought i should ask here.
When i use "dig +trace" i notice that my queries allways start from the root "." servers. However, is this also happening with, lets say, a recursive (resolver) dns server?
For example, lets assume that i use at home google's dns servers (8.8.8.8). Is google dns server will indeed first head to the root "." dns server when i query for example.net?
You probably haven't found a straightforward answer because there isn't one. DNS resolution tends to happen up to the root only if all DNS servers you have queried (recursively or directly) don't have knowledge of the host you're querying for. It varies based on DNS server configuration on how to cache responses. It also varies on clients how long they cache responses (referred to as time to live or TTL). So the answer is a big depends and is more useful to get the answer from real-time monitoring on the actual root DNS servers. Probably not an answer you were looking for but the best I can give with my knowledge.
To begin with as sag47 said "DNS resolution tends to happen up to the root only if all DNS servers you have queried (recursively or directly) don't have knowledge of the host you're querying for."
Let me try to make it easy with the help of an example:
You have a dns server which hosts example.com and is authoritative dns for example.com zone. Let us assume your dns server IP to be 192.168.1.1. You have also set this DNS to forward any query which it couldn't resolve to 8.8.8.8 which is google's public dns server.
Now when your clients within your network will query for anything which is under example.com it will not go outside it will just contact your DNS server. Now someone on your network tries to resolve www.yahoo.com or www.hotmail.com then the flow will be as follows:
Quote:
client --> your DNS server (have answer reply else forward) --> google DNS server (have answer reply else forward) --> .com DNS server (have answer reply else forward) -- root DNS server (search and reply)
Wherever I have put "have answer" by that I mean DNS server have the answer in cache and they will respond with non-authoritative answer for the query.
Edit: At the end I have put root DNS server as search and reply because if root doesn't have the answer then probably the domain you are looking for either doesn't exist or not updated / sync yet in root DNS server database.
Last edited by T3RM1NVT0R; 03-08-2015 at 10:39 PM.
To begin with as sag47 said "DNS resolution tends to happen up to the root only if all DNS servers you have queried (recursively or directly) don't have knowledge of the host you're querying for."
Let me try to make it easy with the help of an example:
You have a dns server which hosts example.com and is authoritative dns for example.com zone. Let us assume your dns server IP to be 192.168.1.1. You have also set this DNS to forward any query which it couldn't resolve to 8.8.8.8 which is google's public dns server.
Now when your clients within your network will query for anything which is under example.com it will not go outside it will just contact your DNS server. Now someone on your network tries to resolve www.yahoo.com or www.hotmail.com then the flow will be as follows:
Wherever I have put "have answer" by that I mean DNS server have the answer in cache and they will respond with non-authoritative answer for the query.
Edit: At the end I have put root DNS server as search and reply because if root doesn't have the answer then probably the domain you are looking for either doesn't exist or not updated / sync yet in root DNS server database.
Regarding your example i would like a clarification here. Shouldnt the flow of the query be:
Code:
client --> your DNS server --> google DNS server --> -- root DNS server --> .com DNS server
Instead of
Code:
client --> your DNS server --> google DNS server --> .com DNS server -- root DNS server
I mean the DNS has a tree hierarchy which means when a resolver dont have an answear for a dns resolve it will go staigh to the "." root server and proceed way down the tree.
client --> your DNS server --> google DNS server --> -- root DNS server --> .com DNS server
There are no stats to prove how frequently root DNS server is queried but assuming every day thousands of sites go online (which will obviously not be in the cache of any other DNS server) we can consider that root DNS server is queried quite frequently.
So far what i understood is that indeed root servers are queried quite frequently and thats happening when the information is not cached on a DNS server (resolver).
I think my question is answeared but let me note here that i WAS NOT looking for an excact number but actually how often the root server gets involved on a resolve.
client --> your DNS server --> google DNS server --> -- root DNS server --> .com DNS server
The Google DNS server would query the root server only if the Google server did not have a cached address for a .com DNS server. The TTLs for those .com servers are quite long (several days), so the Google server isn't going to be bothering the root servers for that information very often.
And, the root servers don't have a massive file of information about the whole internet. Their function is to publish reliably one fairly small file (the names and addresses of the Top Level Domain nameservers) to the entire internet. If a root server gets a request for "some.random.domain.com", it will tell you where to find the .com servers and that is all.
You are right that root server will only be queried if your DNS or the next forwarder (which is in example is google DNS server) doesn't have the answer handy in the cache.
But looking at live stats http://www.internetlivestats.com/ and also assuming that every DNS will not have every website cached chances are quite high that root servers are nudged quite frequently :-)
@tripialos,
You're welcome and thanks for marking the thread as solved :-)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.