When a name server receives a DNS query that it cannot resolve from its own records (cache or zone files), it sends the query up the DNS hierarchy to find an authoritative answer. This process is called DNS recursion, and it involves the following steps:
- Client query: A client (e.g., a user's computer or device) sends a DNS query to its configured DNS resolver (usually provided by the ISP or a third-party DNS service).
- Local DNS resolver: The local DNS resolver checks its cache for any previously resolved records that match the query. If a matching record is found and is still valid (not expired), the resolver returns the record to the client. If the record is not found or has expired, the resolver proceeds to the next step.
- Root server query: The local DNS resolver sends a query to one of the 13 root servers. Root servers maintain information about the top-level domain (TLD) name servers and respond with a referral to the TLD name server responsible for the requested domain.
- TLD server query: The local DNS resolver sends a query to the TLD name server (e.g., .com, .org, .net, etc.) it received from the root server. The TLD server then responds with a referral to the authoritative name server for the requested domain.
- Authoritative name server query: The local DNS resolver sends a query to the authoritative name server received from the TLD server. The authoritative name server is responsible for maintaining the DNS records for the specific domain in question.
- Response from the authoritative name server: The authoritative name server looks up the requested record in its zone files and returns the record to the local DNS resolver.
- Local DNS resolver caches the response: The local DNS resolver caches the received record with its Time-to-Live (TTL) value. The TTL determines how long the record will be valid in the cache before it expires and needs to be queried again.
- Local DNS resolver sends the response to the client: The local DNS resolver sends the resolved DNS record back to the client that initiated the query.
- Client uses the resolved record: The client uses the received DNS record (e.g., an IP address) to access the requested resource, such as a website or an email server.
This whole process is often optimized by caching responses at different levels (client, local resolver, etc.) to reduce the load on the DNS infrastructure and decrease query resolution times.
The distributed DNS database is bound together into a single unit by the process of recursive queries.
Whenever a name server receives a query it cannot directly answer (for example, if the query pertains to a zone for which the server is neither authoritative nor secondary), it generates a query of a name server higher in the DNS hierarchy. Suppose that a user at the UNIX machine student.acmetraining.com clicks on a link in his or her Web browser pointing at the machine www.company.com.
The following SlideShow shows what happens.
A recursive DNS query happens when the DNS server you asked for the address of, say,
www.dispersednet.com does not know the answer itself, so it has to check with another server.
Normally this is actually how DNS works. The DNS server of your ISP does not have the entire internet's domain records permanently memorized.
Now bear in mind that there are actually two types of name servers queried here:
- authoritative DNS servers (the so called "root" servers that told your ISP's DNS server where to find the DNS server, and authoritative DNS server) and
- recursing or forwarding DNS servers (your ISP's DNS server).
Normally, the former type is not supposed to respond to recursive queries, especially not from outside their own domain.
Smaller ISPs sometimes save on costs by having their primary authoritative name server
be the same server as their primary forwarding nameserver, but that is somewhat unsafe policy.
Particularly if you do not configure your server to refuse recursive queries from outside your own IP range.