Root servers as preferred dns servers...

rjbarlow

Hello,

today I was trying to get working my PC to contact directly some root servers (taken from the cache.dns file) as preferred DNS servers for name resolutions.

What I wanted to do, was simply bypass the isp dns server and expected an iterative resolution for my FQDN issued (web sites), but it does not work instead.



Who knows why?

I think the root servers are in some way discarding my data.

Mishra

Are you trying to get your DNS client to talk directly to the root DNS servers or are you trying to get your DNS server to talk?

And how exactly are you trying to do this?

rjbarlow

Mishra wrote:

Are you trying to get your DNS client to talk directly to the root DNS servers

This, yes.

And how exactly are you trying to do this?

I put simply the ip addresses of some root servers as preferred dns servers in the TCP/IP properties of my network adapter, computer with Windows XP (PC1 in the scheme).

That seemed to me interesting as well, therefore I posted it.

Mishra

Yeah you need to be pointing to a DNS server because your DNS client cannot perform the recursive/iterative requests for you. Basically the client isn't built to handle recursion and the root servers don't do it either.

This is why you have DNS servers in the first place. The root servers reject any requests like 'I need to get www.google.com. can you get it?'. If the root servers were to process these requests they would break due to everyone using them.

Hope that makes sense.

rjbarlow

Yeah man, make sense. I expected something like my resolver got referrals by the root servers and he continued the resolution (iteratively), but obviously is not so.

Tnx dude.

sprkymrk

Mishra wrote:

Yeah you need to be pointing to a DNS server because your DNS client cannot perform the recursive/iterative requests for you. Basically the client isn't built to handle recursion and the root servers don't do it either.

That's not true Mishra, if I understand what you're saying. If a client requests a recursive query from a DNS server, it's entirely possible that the DNS server might have recursive queries disabled. In this case the server responds with either the address the client needs (if the zone is handled by that server or if it has the information cached) or else it will respond with a referral of NS and A resource records for other DNS servers that are closer to the name queried by the client. In the case of a referral, the client will then use iterative queries to other DNS servers to resolve the name.

Mishra wrote:

This is why you have DNS servers in the first place. The root servers reject any requests like 'I need to get www.google.com. can you get it?'. If the root servers were to process these requests they would break due to everyone using them.

Hope that makes sense.

Again, I don't think that's correct. How does the root server know if it's a query from a client or another DNS server? We're not talking zone transfers, just a query. It will answer, but probably with recursion disabled. This makes other DNS servers do the work once the root server gives it the referral.

My guess as to why it doesn't work is that the ISP might be blocking it on residential lines to keep people from setting up their own rogue DNS servers.

rjbarlow

Wow, what an answer sprkymrk.
I would say that I beat always in particular questions, I know, so I can only thank Mishra for his answer.
Anyway I don't know the DNS protocol so well for excluding Mishra is right. In fact the DNS server might add a flag that indicates the query is from one other DNS server and the root server might discard data not coming from other dns servers... So, I can only thank both of You for Your very good answers.


Cheers

rjbarlow

Mishra

I'm referring to starting your Windows XP DNS request/query straight at a root server only. I thought I was explaining it wrongly.

I've never been able to use the root server as my preferred server in Windows. I'm not sure why nor can I find why this is true but I assumed it was because the root servers only take simple iterative requests from other DNS servers or already talked to DNS clients. Meaning I would assume because this has never worked for me it's because the DNS client starts out its query differently at the very beginning (meaning when it initially asks it's first dns server).

Has anyone ever been able to use a DNS root zones as your preferred server?

astorrs

No and I wouldn't expect to be able to, in the past those servers took 100's of millions of requests a day and something like 75% of them were garbage, they have probably implemented some changes to mitigate the traffic - but I can't find any details on the how after an exhaustive search.