The distributed DNS database is bound together into a single unit by the process of recursive queries.
Whenever a name server receives a query it cannot directly answer (for example, if the query pertains to a zone for which the server is neither authoritative nor secondary), it generates a query of a name server higher in the DNS hierarchy.
Suppose that a user at the UNIX machine student.acmetraining.com clicks on a link in his or her Web browser pointing at the machine www.company.com.
The following SlideShow shows what happens.
A recursive DNS query happens when the DNS server you asked for the address of, say,
www.dispersednet.com does not know the answer itself, so it has to check with another server.
Normally this is actually how DNS works. The DNS server of your ISP does not have the entire internet's domain records permanently memorized.
Now bear in mind that there are actually two types of name servers queried here:
- authoritative DNS servers (the so called "root" servers that told your ISP's DNS server where to find the DNS server, and authoritative DNS server) and
- recursing or forwarding DNS servers (your ISP's DNS server).
Normally, the former type is not supposed to respond to recursive queries, especially not from outside their own domain.
Smaller ISPs sometimes save on costs by having their primary authoritative name server
be the same server as their primary forwarding nameserver, but that is somewhat unsafe policy.
Particularly if you do not configure your server to refuse recursive queries from outside your own IP range.