Options

DNS and root name servers

e24ohme24ohm Member Posts: 151
in Network+
Folks:
I am trying to understand DNS servers and Root Servers. I have found this page that shows the ‘Letter’ value of the Root Server, along with the IP address; however, when I try to change nslookup to use the A.Root.Server, 198.41.0.4 my lookups do not work. I use the DNS IP address of my ISP and the lookups work.

What are Root Servers for and how does this work with DNS servers? I am totally confused, and don’t understand what the difference is.

Thank you.
Utini!
· Share on FacebookShare on Twitter

Comments

  • Options
    dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Domain Name System - Wikipedia, the free encyclopedia

    Look at that section and the image on the right. The root servers are only going to tell you where the authoritative servers for the .com, .net, .org, etc. TLDs are. They won't resolve the entire FQDN for you.
    · Share on FacebookShare on Twitter
  • Options
    e24ohme24ohm Member Posts: 151
    dynamik wrote: »
    Domain Name System - Wikipedia, the free encyclopedia

    Look at that section and the image on the right. The root servers are only going to tell you where the authoritative servers for the .com, .net, .org, etc. TLDs are. They won't resolve the entire FQDN for you.

    For example: I have a Windows 2003 Server that i have applied my ISP DNS server address in the "Forwarders" tab section; however, do i need to add the addresses of the #.root-servers.net. in the "Root Hint" tab section?
    Utini!
    · Share on FacebookShare on Twitter
  • Options
    DarrilDarril Member Posts: 1,588
    e24ohm wrote: »
    For example: I have a Windows 2003 Server that i have applied my ISP DNS server address in the "Forwarders" tab section; however, do i need to add the addresses of the #.root-servers.net. in the "Root Hint" tab section?

    Not quite.

    If you look at the diagram that Dynamik pointed you to, your ISP DNS server would be the DNS Recursor. Your DNS server would be to the left of that DNS server. (It's not in the drawing but imagine a box named iterative DNS.)

    The DNS Recursor is using recursive queries. It queries the root server for the address of the top level domain, then it queries the top level domain for the address of second level domain, and so on until it gets the actual IP address of the requested host.

    However, when you configure a forwarder on your DNS server it uses iterative queries instead of recursive queries. It makes one single request to the DNS recursor and expects one single answer back. In other words, your DNS server only queries the ISP DNS server. It never queries the root servers.

    When you use a forwarder, the root hints aren't used or needed.

    Do you want to use the root hints? Remove the forwarder. Your DNS server will then act as a recursive DNS server.

    You mention using NSLookup. I sincerely doubt you'll be able to get any response from root servers using NSLookup. NSLookup is used internally on networks you manage. However, it makes sense that the root DNS servers are locked down so they would not respond to NSLookup queries. This is to reduce Denial of Service (DoS) attacks.

    It's an interesting conversation but I doubt you'll see anything of this depth on the Network+ exam. Maybe the 70-291 for MCSE 2003 or even the 70-643 exam for the MCITP cert on Server 2008, but not Network+.

    HTH,

    Darril Gibson
    Author: CompTIA Security+: Get Certified Get Ahead
    ISBN-10: 1439236364
    Security+ Blog
    Darril Gibson
    CompTIA A+, Network+, Security+ Blogs
    Daily Network+ and Security+ Test Taking Tips on Twitter
    · Share on FacebookShare on Twitter
Sign In or Register to comment.