You need to sign up to get access!

Sign up to get full access to this course.

Sign up to access this lesson

Click here to sign up and get access to this lesson!

Saving Progress...

In this Video: 

  • We will demonstrate the difference between recursive and iterative queries. 
  • Discuss the reasons why you may want to disable recursive queries. 
  • Discuss the effects of disabling recursion. 
  • Demonstrate how to disable recursive queries 

What is a Recursive Query? 

  • A recursive query is one where the DNS server will take responsibility for a full answer (name resolution) to a query or give an error.  
  • A server that sends a recursive query will contact other servers to attempt to resolve that query.

What is an Iterative Query? 

  • An iterative query is a query in which the DNS server responds with the best information (a referral) that it has either from its zone files or its cache.  
  • A server that sends an iterative query does not attempt to contact other DNS servers for an answer to obtain a result.

Here is an example of a recursive and an iterative query. 

  • A DNS resolver (R) is indicated from the PC. The user has typed in the host name gopro.com into their computers browser. The browser checks the local cache (1) to see if the IP address of gopro.com is in the computer’s memory, it is not. The resolver sends a recursive query (2) for the IP address of gopro.com to the ISP’s DNS server. ISP DNS server looks up the address of gopro.com in its cache, and does not find it. If it would have found it, it would have returned the query back to the PC and the transaction would have been complete.
  • The ISP’s DNS resolver (R) sends an iterative query (3) to the root hints servers. Every DNS server has a root hints file. This file contains the host names and IP addresses of the root servers on the internet.
  • An iterative query is different than a recursive query. An iterative query works like this. If the DNS server does not know the answer, but has information that will help resolve the query it will respond back with this information. The root hints server knows nothing about gopro.com, but it does know about the next level in the DNS hierarchy the .coms, or TLD (Top Level Domains),  so the root server sends a referral back to the ISP’s resolver pointing to .com.  
  • Now that the ISP’s resolver knows about .com. The ISP DNS resolver sends a new iterative query (4) to the .com asking what is the IP address of gopro.com. The .com servers won’t have the address for gopro.com but will know the authoritative name servers for gopro.com.  
  • Using this information, the ISP DNS server will send a final iterative query (5) to the DNS authoritative name servers at gopro.com and obtain the IP address for gopro.com.  
  • The PC’s browser receives it’s answer to its recursive query and places the information into its cache and initiates an HTTP session to the IP address of gopro.com

The whole process took four queries: 

  • – A recursive query from the desktop PC (resolver) to the ISP.
  • – A iterative query from the ISP to the root hints servers.
  • – A iterative query from the ISP to the .com servers
  • – A iterative query from the ISP to authority DNS servers at gopro.com

This may seem like a lot of queries for one address but once the process has been completed each step of the process is now stored in the server’s cache. If the PC user typed microsoft.com into his browser to his local DNS server, the .com would already be stored in his ISP’s local cache. The ISP does not need to contact a Root Hints server again. This time the ISP DNS server would contact the .com server to obtain the authoritative servers for microsoft.com.

Sign up to access the rest of this lesson

You must either log in or sign up to access this lesson.

CURRICULUM

Course Introduction

• 10min

0 / 2 lessons complete

DNS Basics

• 56min

0 / 8 lessons complete

DNS Resource Records

• 45min

0 / 5 lessons complete

DNS Zones

• 4hr 11min

0 / 12 lessons complete

DNS Delegation

• 50min

0 / 4 lessons complete

DNS Security Techniques

• 36min

0 / 5 lessons complete

Advanced DNS Topics

• 22min

0 / 5 lessons complete

DNS Security (DNSSEC)

• 1hr 16min

0 / 6 lessons complete

DNS Policies

• 55min

0 / 6 lessons complete

PowerShell for DNS

• 1hr 27min

0 / 6 lessons complete

Troubleshooting DNS Issues - Troubleshooting Tools

• 1hr 39min

0 / 8 lessons complete