Webmasters Asked on November 3, 2021
My understanding is, if I browse to example.com, first my computer will ask the root nameservers about the .com TLD nameservers, and it will be given the IP address of the .com TLD nameservers. Once it has the .com TLD nameservers, then it asks one of those TLD servers about example.com, and it is given the (authoritative) nameservers of the example.com domain. Then my computer will query that example.com domain’s authoritative nameservers for any record it wants (A, MX, etc.), and it will get the IP address. Now it can finally start to communicate to the server it wanted to talk to.
This is all fine. But my problem is, I see many nameservers belong to the domain itself. For example, google.com’s name servers are ns1.google.com, ns2.google.com, etc. But it’s recursive: in order to find ns1.google.com, one needs to know the google.com nameserver IP address.
I know I’m clearly missing something or misunderstood something, but I don’t know what it is.
I think there's a more basic aspect of name resolution that's being missed here: Your computer doesn't need to know any DNS names in order to perform lookups. A computer's DNS servers are always defined by IP address.
In a consumer setting, that usually means the DNS server addresses are retrieved from a DHCP server along with the IP address, netmask, and default route. Servers will typically use more managed configurations, but the point is that any system that performs DNS lookups is making a request directly to an IP address (v4 or v6, or both, as both IPv4 and IPv6 DNS servers can answer queries with addresses from either family.)
When a DNS record request is passed to the "local" DNS server (which may not be so local, if it's google's 8.8.8.8
or the like), assuming it doesn't already have the response cached, it will do all of the recursive queries and etc. you describe in order to come up with an authoritative response to the request. But your ability to perform DNS queries is "bootstrapped" through direct IP addressing (no DNS records involved), precisely to avoid creating a circular dependency on itself.
As for how the servers know what IPs to contact, well to quote IANA on "Configuring the Root Servers":
Operators who manage a DNS recursive resolver typically need to configure a “root hints file”. This file contains the names and IP addresses of the root servers, so the software can bootstrap the DNS resolution process. For many pieces of software, this list comes built into the software.
Answered by FeRD on November 3, 2021
Your understanding is correct on the whole (as a minor point of clarification, it's not your computer that will recursively resolve DNS records, it's typically your ISP.)
The "missing piece" you're looking for is the glue record, which is a DNS record specifically designed to fix that circular reference.
Glue records are DNS records created at the domain’s registrar. The record provides a complete answer when the TLD nameserver returns a reference for an authoritative nameserver for a domain. For example, the domain name “example.net” has nameservers “ns1.example.net” “ns2.example.net”. To resolve the domain name, the DNS would query in order: root, TLD nameserver, and authoritative nameserver. However, by having the authoritative nameservers inside the domain itself, these nameservers cannot be found without outside assistance. This is called a ‘circular reference’. Creating a glue record, an A record served by the TLD nameserver, avoids circular references and allows for both DNS name resolution and listing the nameservers inside the domain itself.
So to look up the A
record of example.com
in your case, your DNS resolver will first go to the .com
nameserver, it will ask for the nameservers for example.com
, and it will receive not just ns1.example.com
and ns2.example.com
but ALSO the IP addresses of those nameservers so that your resolver knows which IP addresses to use to make further DNS queries on that domain.
Answered by Maximillian Laumeister on November 3, 2021
That is achieved through what it's called a "glue record".
The DNS server has both the NS and the corresponding A (and/or AAAA for IPv6) records for the NS entries and serve them "glued" to the NS response.
So even if you only ask for the NS records, the DNS would respond with both the NS servers and their IP addresses.
Answered by NuTTyX on November 3, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP