-1

I am trying to get a full understanding of the meaning of DNS resolution process, through +trace option (in order to make the resolver simulate the NS default server role). I have taken the following output from a didactic example, then I added some lines that I found in a different context (I am sure that this is a possible scenario). These lines that I added are the last 2 of the output (regarding the NS of XXX.mit.edu and WWW.YYY.ZZZ).

dig www.mit.edu +trace

; <<>> DiG 9.2.4 <<>> www.mit.edu +trace

;; global options: printcmd

.       2788 IN NS b.root-servers.net.
.       2788 IN NS c.root-servers.net.

.       2788 IN NS d.root-servers.net.
.       2788 IN NS e.root-servers.net.
.       2788 IN NS f.root-servers.net.
.       2788 IN NS g.root-servers.net.
.       2788 IN NS h.root-servers.net.
.       2788 IN NS i.root-servers.net.
.       2788 IN NS j.root-servers.net.
.       2788 IN NS k.root-servers.net.
.       2788 IN NS l.root-servers.net.
.       2788 IN NS m.root-servers.net.
.       2788 IN NS a.root-servers.net.
;; Received 276 bytes from 193.204.161.133#53(193.204.161.133) in 1 ms

edu.        172800 IN NS A3.NSTLD.COM.
edu.        172800 IN NS C3.NSTLD.COM.
edu.        172800 IN NS D3.NSTLD.COM.
edu.        172800 IN NS E3.NSTLD.COM.
edu.        172800 IN NS G3.NSTLD.COM.
edu.        172800 IN NS H3.NSTLD.COM.
edu.        172800 IN NS L3.NSTLD.COM.
edu.        172800 IN NS M3.NSTLD.COM.
;; Received 302 bytes from 192.228.79.201#53(b.root-servers.net) in 194 ms

mit.edu.    172800 IN NS STRAWB.mit.edu.
mit.edu.    172800 IN NS BITSY.mit.edu.
mit.edu.    172800 IN NS W20NS.mit.edu.
;; Received 138 bytes from 192.5.6.32#53(A3.NSTLD.COM) in 182 ms

www.mit.edu.    60 IN A 18.7.22.83
mit.edu.    21600 IN NS BITSY.mit.edu.
mit.edu.    21600 IN NS STRAWB.mit.edu.
mit.edu.    21600 IN NS W20NS.mit.edu.
mit.edu.    21600 IN NS XXX.mit.edu
mit.edu.    21600 IN NS WWW.YYY.ZZZ
;; Received 154 bytes from 18.71.0.151#53(STRAWB.mit.edu) in 150 ms

I understood everything that happen before those lines: "." information are kept by root name servers. The list of root name servers is given by 193.204.161.133, which is my default name server. "edu" information are given by the name servers in the "second block" (XX.MSTLD.COM). And this is information is given by a root name server. "mit.edu" information are given by STRAWB, BITSY and W20NS (which are authority NS for mit.edu). This is also fine. So, in the "last block": what do the "XXX.mit.edu" and "WWW.YYY.ZZZ" mean? They are also autorithy NS for mit.edu, but why weren't they listed previously, along with the other 3 autorithy NS? It is like if only STRAWB.mit.edu knows that there are more NS containing information relating to mit.edu zone.. does it mean that they are auxiliary name servers, maybe for redundancy?

I hope my question was clear.

Mark
  • 405
  • 4
  • 10

1 Answers1

1

A dig trace is a list of all of the conversations that occurred in the process of resolving a domain name. The conversation runs something like this

  1. Initially a root name server's address is required to begin finding the address, these are usually taken from cache, since this request took 1ms we shall presume this was the case.
  2. Root name servers are queried for the .edu. name servers. The second set of results - the edu. answers are those.
  3. One of the .edu. servers are queried for the mit.edu. name servers. These results are the mit.edu. with STRAWB,BITSY and W20NS
  4. The final answer is recieved from 18.71.0.151#53(STRAWB.mit.edu) and is the top response www.mit.edu To answer the query this is the only record that is required.
  5. The records below the answer are additional records, they are basically the name server being helpful. It is giving you a list of all of the authorative nameservers for the domain to be put into cache so that the next time you need to look up an mit.edu domain you won't need to do the full look up. (and will have the complete set of name servers)

For more information, have a read of RFC 1035 DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION (search for 'additional')

Michael B
  • 11,887
  • 6
  • 38
  • 74
  • if XXX.mit.edu and WWW.YYY.ZZZ are authority name servers, why aren't they listed by A3.NSTLD.COM, along with STRAWB, BITSY and W20NS ? Why should they be considered additional? Since they contain information about the MX record (and they should, if they have information relating to mit.edu) that I have asked for, they should be authority nameservers for mid.edu. – Mark Jan 25 '16 at 13:31
  • 1
    @Mark It is simply because A3.NSTLD.COM doesn't know about the additional servers, they've not been registered as Name Servers with the .com. domain. STRAWB has five name servers registered, so that is what it forwards in its additional information. (there's no reason these need to have any correspondence to .com's records, it could send completely different answers) – Michael B Jan 25 '16 at 13:40