HEADDER
Many people wonder what actually happens when a DNS server
does its thing. I will try to dispel any myths here and go
through the process from beginning to end. There will be 2
scenarios here. One has a DNS forwarder in it and the other
does not. There isn't a big difference in what happens, but
there is a difference.
Reverse-Lookup is another story. See How Reverse-Lookup Works.
Please note: There is a little more than this going on, but
this is the basic process and is technically correct for what
it covers.
The players:
The user with the PC and the web browser, known as the "Client".
The DNS server they have in their DNS setting in Dial-up networking,
or network TCP/IP configuration. Know as the "ISP's DNS
server". This may be your DNS server if clients query
you, as in a corporate network.
Network Solutions' (Internic) Root servers, know as "Root
server". Note: Network Solutions coordinates with the
NICs of all top-level domains in the world to update the root
servers. The Root servers are worldwide and do not care what
the top level domains is. They have it.
The destination domain's DNS server, known as the "Destination
DNS".
First, without the forwarder:
The Client types in a web address or clicks on a link. Some
".com" address.
His PC's TCP/IP stack sends a DNS query to the first DNS server
listed in his configuration, the ISP's DNS server.
The ISP's DNS server looks in its cache to see if it has the
IP address (this is likely for names like www.Yahoo.com or
www.Microsoft.com).
If it has the address in its cache, it sends it back to the
requesting Client. All done!
If not, then it looks at all of the domains it host DNS for,
primary or secondary.
If it has the address from those, it sends it back to the
client. All done!
If not, it sends the query to A.Root-Servers.Net, or other
Root DNS server if that one is not available. (This depends
on the order of records in the DNS server's cache file. Most
of the time it starts with "A")
The Root DNS server looks into its records for the zone "com".
It finds the record for the destination zone.
It send the NS records for that destination zone (primary
secondary, and more if available) back to the requesting DNS
server, your ISP's DNS server.
The ISP's DNS server now has the address of the DNS server
for the destination domain it has a query pending for.
The ISP's DNS server sends its query, for "www.somedomain.com",
to that destination DNS server.
Note: If the primary DNS server is down, the DNS server should
attempt the secondary. This may not be the case with MS DNS
on NT 4.0. It has been my experience that it will not look
for the secondary DNS server and will fail the query.
The DNS server for the destination domain "somedomain.com"
says, "Hey, that's me! I'm authoritative for that domain.
I've got that record for 'www'!" (In the case of the
secondary, it says, "Well I'm not authoritative, but
I know the address because I have it in my zone files. Here
it is.") This also counts for situations where the name
is www.other.somedomain.com or www.long.name.other.somedomain.com.
The root servers only care about the second level domains,
anything further is handled by the DNS server for the second-level
domain.
The somedomain.com DNS server sends back the IP address of
the IP address for the "www" host to your ISP's
DNS server.
Your ISP's DNS server now caches that IP address it just got
back since it is logical to assume that it may need it again.
Your ISP's DNS server then sends the IP address back to the
Client PC. All done!
Please note: With both of the examples shown here, the "com"
top-level domain is used. That domain, the "net",
"org", "mil", "edu", "int",
"us", and "gov" domains are covered by
the Root servers. In cases where the Root server does not
keep the address for a domain, such as Canada, "ca",
or Germany, "de", the Root server knows where the
top-level name servers are for that domain and will answer
the query as such. Then the DNS server who receives the query,
such as the ISP DNS server, or your DNS server, will then
send the same query to the Root DNS server for that top-level
domain and get an answer back from that DNS server. This adds
an extra step that does not apply to the "com" domain.
Now with the forwarder:
The Client types in a web address or clicks on a link. Some
".com" address.
His PC's TCP/IP stack sends a DNS query to the first DNS server
listed in his configuration, the ISP's DNS server.
Well, in this case, the ISP's DNS server is a forwarder.
The forwarder DNS server looks in its cache to see if it has
the IP address (this is likely for names like www.Yahoo.com
or www.Microsoft.com).
If it has the address in its cache, it send it back to the
requesting Client. All done!
If not, the forwarder send the query along to the DNS server
in its forwarder list and asks it to complete the query. Refer
to the "forwarded" DNS server as the ISP's DNS server
from here on.
The ISP's DNS server looks in its cache to see if it has the
IP address (this is likely for names like www.Yahoo.com or
www.Microsoft.com).
If it has the address in its cache, it send it back to the
requesting Client. All done!
If not, then it looks at all of the domains it hosts DNS for,
primary or secondary.
If it has the address from those, it sends it back to the
client. All done!
If not, it sends the query to A.Root-Servers.Net, or other
Root DNS server if that one is not available. (This depends
on the order of records in the DNS server's cache file. Most
of the time it start with "A")
The Root DNS server looks into its records for the zone "com".
It finds the record for the destination zone.
It send the NS records for that destination zone (primary,
secondary, and more if available) back to the requesting DNS
server, your ISP's DNS server.
The ISP's DNS server now has the address of the DNS server
for the destination domain it has a query pending for.
The ISP's DNS server sends its query, for "www.somedomain.com",
to that destination DNS server.
Note: If the primary DNS server is down, the DNS server should
attempt the secondary. This may not be the case with MS DNS
on NT 4.0. It has been my experience that it will not look
for the secondary DNS server and will fail the query.
The DNS server for the destination domain "somedomain.com"
says, "Hey, that's me! I'm authoritative for that destination
domain. I've got that record for 'www'!" (In the case
of the secondary, it says, "Well I'm not authoritative,
but I know the address because I have it in my zone files.
Here it is.") This also counts for situations where the
name is www.another.somedomain.com or www.long.name.another.somedomain.com.
The root servers only care about the second level domains,
anything further is handled by the DNS server for the second-level
domain.
The somedomain.com destination DNS server sends back the IP
address of the IP address for the "www" host to
your ISP's DNS server.
Your ISP's DNS server now caches that IP address it just got
back since it is logical to assume that it may need it again.
Your ISP's DNS server then sends the IP address back to the
forwarder DNS server, who then caches it.
The forwarder DNS server then sends the IP address back to
the Client PC. All done!
Slave Servers:
In the case of a slave server, the same thing happens as the
first scenario, except the slave server does not look at its
own primary and secondary zone files, because it has none.
It can only forward queries and cache them. It is not authoritative
for any zone.
Email:
With email, the same type of thing happens except the answer
the DNS server gets back is a list of names and costs. The
DNS server then resolves the names to IP addresses using the
above methods, then sends this information (IP addresses and
costs) back to the mail server who sends the mail to the first
server it can reach, by order of ascending cost.
More on Root Servers:
The Root servers are the top DNS servers in the world. While
your DNS server may be authoritative for yourdomain.com.,
the Root servers are authoritative for ".". which
is the absolute top of the DNS hierarchy. (Yes that's a dot
".") In cases where the Root server is not authoritative
for a domain, such as Canada, "ca", or Germany,
"de", the Root server knows where the top-level
name servers are for that domain and will answer the query
as such. Then the DNS server who receives the query, such
as the ISP's DNS server, or your DNS server, will then send
the same query to the DNS server for that top-level domain
and get an answer back from that DNS server. This adds an
extra step that does not apply to the "com" domain.
More info.
For more information or to post questions or comments about
the use of our products please visit our Online Support
Forum..