2

Say we have a domain "example.org" and it has an authoritative name server with name "ns1.example.org" with a glued IP as delegated by domain registrars (delegative?) name servers.

  • Someone types example.org into their browser:

    Request is passed onto the ISP's DNS server. When the ISP's caching name server(s)/local cache does not find a match for the domain "example.org" and its respective (Copy of SOA record? or (WebServer IP?, Authoritative Name Sever IP?, Both ?)) the ISP's DNS then attempts to resolve the Authoritative name server IP(s) for the "example.org" domain by quering the WHOIS database with the domain name "example.org"? Or does it pass the request to the root ".org" server which then queries the whois database for the Authoritative Name Sever IP(s) using the domain name "example.org" to find a matching glue record?

    The WHOIS database is part of the Internet central directory, I take it the main root servers are what is refered to as the "Internet central directory" ?

    The root .org servers will contain the glue records for "example" domain and request for "example.org" will be finally forwarded to the Authoritative Name server. Where the A\AAA records will map the domain name "example.org" to an address for a resource such as WebServer etc.

Also is there such thing as a delegated NS name record that is not glued to an IP address for the authoritative DNS server which hosts and publishes its zone file? Because I read in a book about a circular dependecy/catch-22 problem when NS name is a sub-domain of the domain being resolved and straight away thought aren't all delegated NS names tied to an IP address so why would it occur?

LaserBeak
  • 197
  • 2
  • 9

2 Answers2

2

Glue records are in-zone A records for the NS records of the zone.
Hence, they are only required when the NS records lie in-zone.
If the NS record points to an out-of-zone hostname, no glue is permitted, since the NS record points to a hostname not under the purview of that zone.

Always start with the fundamental fact that a zone is an area of administrative responsibility - all records in a zone fall under that zone's responsibility.

That said, your web request example goes as follows:

  • the browser asks the local DNS resolver for the A record for example.org
  • the local resolver checks if it already knows it
  • if not, it forwards the query to its configured nameserver.
  • that nameserver will check if it has the record, and if it allows recursive queries, will retrieve the records if it doesn't have them, starting at the global root.

WHOIS is not a part of DNS; no whois queries are ever done for name resolution.

adaptr
  • 16,576
  • 23
  • 34
1

Resolution is always left-ward. The trace of a resolution of www.example.org. (type A)

  1. client queries assiomatic root nameservers (ns for ".") "what is A for www.example.org?"
  2. root nameservers say "I don't know (empty Answer section of response packet), but for org. you gotta ask org-nameservers (Authority section of response packet)"
  3. client issues the same query to one of org-nameservers: "what is A for www.example.org?"
  4. org-nameserver says "I don't know, but for example.org you gotta ask example-org-nameserver"
  5. and so on until a nameserver actually answers (give a non-empty Answer section of response packet).

Notice:

  • the client always repeats the "final" query every time, even to the roots.
  • glue is included by any nameserver when the nameserver responds some names, and at the same time it knows their translation.
  • when an Answer part is included, there could still be an Authority
michele
  • 585
  • 3
  • 7