iterative dns query vs. recursive dns query / root vs. authoriative vs. local dns(name) server

[eubnara]

DNS server 타입별 구분

https://serverfault.com/questions/2966/is-there-a-good-overview-of-the-dns-system/3052#3052
https://serverfault.com/questions/126777/root-local-and-authoritative-name-server
https://en.wikipedia.org/wiki/Name_server#Recursive_query
https://en.wikipedia.org/wiki/Name_server#cite_note-10
https://en.wikipedia.org/wiki/Public_recursive_name_server

크게 다음과 같이 분류한다.

• Root name server
• Authoritative name server
• Recursive name server

recursive name server 에 대해서는 여러곳에서 이름이 혼용되는 것 같다.
recursive query 를 받는 네임서버를 다음과 같이 부른다.

• (public) recursive name server
• recdns
• caching name server
• local name server

recursive query vs. iterative query

https://blog.daum.net/tlos6733/34

recursive query 는 보통 DNS client (사용자 장비) 와 recursive name server (혹은 local name server) 사이에서 이루어지고, recursive name server 와 다른 네임서버 사이에서 iterative query 가 이루어진다.

[eubnara]

referral

iterative query 를 할 때 나오는 형태로 보인다.
https://blog.daum.net/tlos6733/34 의 다음 그림 참고

알맞는 네임서버에 대한 referral 을 받으면 다시 그 네임서버로 재요청을 하게 된다.

참고: https://stackoverflow.com/questions/57828833/when-following-a-referral-for-an-a-record-in-an-dns-iterative-query-should-the

dig +trace
trace 옵션을 주면 iterative query 를 한다.

       +[no]trace
           Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When
           tracing is enabled, dig makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers,
           showing the answer from each server that was used to resolve the lookup.

           If @server is also specified, it affects only the initial query for the root zone name servers.

           +dnssec is also set when +trace is set to better emulate the default queries from a nameserver.

아래 예시를 보면 recursive name server 가 보통 요청하듯, client (내장비)에서 root 네임서버, authoriative 네임서버들에 iterative query 를 날린다.

❯ dig +trace www.ardainc.org

; <<>> DiG 9.16.1-Ubuntu <<>> +trace www.ardainc.org
;; global options: +cmd
.			63016	IN	NS	j.root-servers.net.
.			63016	IN	NS	e.root-servers.net.
.			63016	IN	NS	b.root-servers.net.
.			63016	IN	NS	a.root-servers.net.
.			63016	IN	NS	c.root-servers.net.
.			63016	IN	NS	f.root-servers.net.
.			63016	IN	NS	l.root-servers.net.
.			63016	IN	NS	i.root-servers.net.
.			63016	IN	NS	k.root-servers.net.
.			63016	IN	NS	m.root-servers.net.
.			63016	IN	NS	d.root-servers.net.
.			63016	IN	NS	g.root-servers.net.
.			63016	IN	NS	h.root-servers.net.
.			410686	IN	RRSIG	NS 8 0 518400 20220222220000 20220209210000 9799 . QX8zD+gky39dajWMP/5CFQ7lz81RplnNADudR8dWyTooeNspcCBEvQNM /qx5QJUS9l5yTN8Vc9naAptkz/ITUDX4AvC3Rzt23+7P75ZHN8o7CRDo ytr4r4lFumoReEa+TUDj1V/DG8by3z/yJNz2SAk2p+Elh33WjAXSmYT9 N4tqfP1wDRMJAFtTFFxf9xm4HM8Q8yXtR1LuGcWFgDpwYRPyC5MaWIrs po/kevo42KIeSrt5/M+nFwLdSkfswnbEqDOkUw8YKSbOhQeO85FVhlPG bqsos4ypSFoCnefFYgbXENuMYoWbqii6Un/HPCHIAF+f1lemvMR2pbgE RvPGDg==
;; Received 789 bytes from 10.22.64.6#53(10.22.64.6) in 12 ms

org.			172800	IN	NS	a0.org.afilias-nst.info.
org.			172800	IN	NS	a2.org.afilias-nst.info.
org.			172800	IN	NS	b0.org.afilias-nst.org.
org.			172800	IN	NS	b2.org.afilias-nst.org.
org.			172800	IN	NS	c0.org.afilias-nst.info.
org.			172800	IN	NS	d0.org.afilias-nst.org.
org.			86400	IN	DS	26974 8 2 4FEDE294C53F438A158C41D39489CD78A86BEB0D8A0AEAFF14745C0D 16E1DE32
org.			86400	IN	RRSIG	DS 8 1 86400 20220224050000 20220211040000 9799 . iXPg1mtFh+FNy822mvFQVoHWERemFpLuwY1grFRvfk0/pl8cs4L2QlbO 5vshl5DcN3ntyGwWR+BRxlTZx53tVNqttQo2+8cGBsP+LKkoxxtCrO4r S/Nw5hv++VQ4z8TWgk2v1aQaQQqoyi4diIQNgHCnlb0l7D62zrQjjeVH E+EOSUyXo+XzUvbj9umINSm8Axt0reEn1hMEU52itoOZeON5OCOhE60H cwCEXq8n6/a3y+7UhRnEkWD+2Djd68RAg6g8437euhHk4PhPLhlGRHvn pD5qvG2Ll1zbu2BG+Us8x9tV6ll5nnZUWJVsH1SlZCdom7Zl2is0wChM WG/7Sg==
;; Received 781 bytes from 199.7.91.13#53(d.root-servers.net) in 204 ms

ardainc.org.		86400	IN	NS	ns55.domaincontrol.com.
ardainc.org.		86400	IN	NS	ns56.domaincontrol.com.
1i870vj5h429vj9pci7ar6e9gki74tr7.org. 86400 IN NSEC3 1 1 10 332539EE7F95C32A 1I87R64GAJU4O91MHKBU7I9EKBS7K8UT NS SOA RRSIG DNSKEY NSEC3PARAM
1i870vj5h429vj9pci7ar6e9gki74tr7.org. 86400 IN RRSIG NSEC3 8 2 86400 20220304092848 20220211082848 7986 org. UuI6RHeACZJvtTwtqAE41nc0AzSoFG0awzr4u9K8vB3Sp5yN57iJtI79 hsGIRV5luwh3Q1f5fdf+n1l8tKoz2Rz39kdpR1PGWBTul4ft6C8kTGY7 phu/xrN0Tx3B8JQKYc3JRC50YTP/dj5RZ4AFyXJTiV1yIfahlP4/+6xi pJk=
ospm35jqgjpd7n6ufcukdhd1t8q1tkga.org. 86400 IN NSEC3 1 1 10 332539EE7F95C32A OSPVC0247VHAAUNNPQMKA3DH7D6HI20J NS DS RRSIG
ospm35jqgjpd7n6ufcukdhd1t8q1tkga.org. 86400 IN RRSIG NSEC3 8 2 86400 20220302152327 20220209142327 7986 org. MGGYUnK7WbjoMl3j9Lt/2PN3bw2JUamkpwzMZ0Ao7OUgjy2b6vfKOLnp saLZjXe0sCqR1APoskbSo0cXhv8sKMMFiF0+X1yisuJb/LVfms5soQFr fVz6XscqdTL2Ib9k5j4HfKpvJUMQb6HvjlmcfZ7BBypfYy9FE+f+4qC/ Zbc=
;; Received 603 bytes from 199.249.112.1#53(a2.org.afilias-nst.info) in 308 ms

www.ardainc.org.	3600	IN	CNAME	ardainc.org.
ardainc.org.		3600	IN	A	52.5.5.85
ardainc.org.		3600	IN	NS	ns56.domaincontrol.com.
ardainc.org.		3600	IN	NS	ns55.domaincontrol.com.
;; Received 129 bytes from 97.74.107.28#53(ns55.domaincontrol.com) in 204 ms