The distributed DNS database is bound together into a single unit by the process of recursive queries.
Whenever a name server receives a query it cannot directly answer (for example, if the query pertains to a zone for which the server is neither authoritative nor secondary), it generates a query of a name server higher in the DNS hierarchy.
Suppose that a user at the UNIX machine student.acmetraining.com clicks on a link in his or her Web browser pointing at the machine www.company.com.
The following SlideShow shows what happens.
1)The browser makes a system call to the resolver library asking for the IP address of the machine www.company.com
2)The resolver library looks up the address of the DNS server in /etc/resolv.conf. Suppose this server is dns.acmetraining.com.
3)The name server at dns.acmetraining.com is not authoritative for the company.com zone. It therefore generates a query directed at a randomly chosen root server
4)The root server replies with the IP address of the authoritative name server for company.com.
5)The name server dns.acmetraining.com now generates a query of the name server at company.com.
6)The server at dns.company.com replies with the IP address of www.company.com. The name server at dns.acmetraining.com caches this response for a while
7)The name server at dns.acmetraining.com sends the IP address of www.company.com back to the machine student.acmetraining.com, where the resolver library is listening for it.
8)The resolver library passes the IP address back to the browser process.
9)The browser process opens a TCP connection to port 80 on www.company.com, using the IP address it obtains from the resolver library.
A recursive DNS query happens when the DNS server you asked for the address of, say,
www.distributednetworks.com does not know the answer itself, so it has to check with another server.
Normally this is actually how DNS works. The DNS server of your ISP does not have the entire internet's domain records permanently memorized.
Now bear in mind that there are actually two types of name servers queried here:
- authoritative DNS servers (the so called "root" servers that told your ISP's DNS server where to find the DNS server, and authoritative DNS server) and
- recursing or forwarding DNS servers (your ISP's DNS server).
Normally, the former type is not supposed to respond to recursive queries, especially not from outside their own domain.
Smaller ISPs sometimes save on costs by having their primary authoritative name server
be the same server as their primary forwarding nameserver, but that is somewhat unsafe policy.
Particularly if you do not configure your server to refuse recursive queries from outside your own IP range.