Resolvers are the
In Windows Server 2003, the resolver is a set of library routines, linked into programs such as
, and a system service called the DNS Client, which is responsible for caching records that applications have requested. The resolver relies almost entirely upon the name servers it queries. It has the smarts to put together a query, to send it and wait for an answer, and to resend the query if it isn't
Because the namespace is structured as an inverted tree, a name server needs only the domain
2.6.1 Root Name Servers
The root name servers know where the authoritative name servers for each of the top-level zones are. (In fact, some of the root name servers are authoritative for some of the generic top-level zones.) Given a query about any domain name, the root name servers can at least provide the names and addresses of the name servers that are authoritative for the top-level zone the domain name ends in. In
The root name servers are clearly important to resolution. Because they're so important, DNS provides mechanisms—such as caching, which we'll discuss a little later—to help offload the root name servers. But in the absence of other information, resolution has to start at the root name servers. This makes the root name servers crucial to the operation of DNS; if all the Internet root name servers were unreachable for an extended period, all resolution on the Internet would fail. To protect against this, the Internet has 13 root name servers (as of this writing) spread across different
Being the focal point for so many queries keeps the roots busy; even with 13, the traffic to each root name server is very high. A recent informal poll of root name server administrators showed each root receiving thousands of queries per second.
Despite the load placed on root name servers, resolution on the Internet works quite well. Figure 2-12 shows the resolution process for the address of a real host in a real domain, including how the process corresponds to traversing the domain namespace tree.
Figure 2-12. Resolution of girigiri.gbrmpa.gov.au on the Internet
The local name server queries a root name server for the address of girigiri.gbrmpa.gov.au and is referred to the au name servers. The local name server asks an au name server the same question, and is referred to the gov.au name servers. The gov.au name server refers the local name server to the gbrmpa.gov.au name servers. Finally, the local name server asks a gbrmpa.gov.au name server for the address and gets the answer.
You may have noticed a big difference in the amount of work done by the name servers in the previous example. Four of the name servers simply returned the best answer they already had—mostly referrals to other name servers—to the queries they received. They didn't have to send their own queries to find the data
Why couldn't the local name server simply have referred the resolver to another name server? Because a stub resolver wouldn't have had the intelligence to follow a referral. And how did the name server know not to answer with a referral? Because the resolver issued a recursive query.
Queries come in two flavors,
, also called
. Recursive queries place most of the
Iteration , or iterative resolution , on the other hand, refers to the resolution process used by a name server when it receives iterative queries.
In recursion, a resolver sends a recursive query to a name server for information about a particular domain name. The queried name server is then obliged to respond with the requested data or with an error
If the queried name server isn't authoritative for the data requested, it will have to query other name servers to find the answer. It could send recursive queries to those name servers, thereby obliging them to find the answer and return it (and passing the buck), or it could send iterative queries and possibly be referred to other name servers "closer" to the domain name it's seeking. Current
A name server that receives a recursive query that it can't answer itself will query the "closest known" name servers. The closest known name servers are the servers authoritative for the zone
Using the closest known name servers ensures that the resolution process is as short as possible. A
name server receiving a recursive query for the address of
shouldn't have to
The name server that receives the recursive query always sends the same query that the resolver sent it; for example, for the address of
. It never sends explicit queries for the name servers for
, though this information is also stored in the namespace. Sending explicit queries could cause problems: there may be no
name servers (that is,
may be part of the
zone). Also, it's always possible that an
name server would know
's address. An explicit query for the
name servers would
Iterative resolution doesn't require nearly as much work on the part of the queried name server. In iterative resolution, a name server simply gives the best answer
back to the querier. No additional querying is required. The queried name server consults its local data (including its cache, which we'll talk about shortly), looking for the data requested. If it doesn't find the answer there, it finds the names and addresses of the name servers closest to the domain name in the query in its local data and returns that as a referral to help the querier continue the resolution process. Note that the referral includes
of the name servers listed in the local data; it's up to the querier to choose which one to query
2.6.4 Choosing Between Authoritative Name Servers
Some of the card-carrying Mensa
The Microsoft DNS Server uses
(RTT) to choose between name servers authoritative for the same zone. Roundtrip time is a measurement of how long a remote name server takes to respond to queries. Each time a Microsoft DNS Server sends a query to a remote name server, it starts an internal stopwatch. When it receives a response, it stops the stopwatch and makes a note of how long that remote name server took to respond. When the name server must choose which of a
Before a Microsoft DNS Server has queried a name server, it ranks it according to how many octets its IP address has in common with the local host's. This is designed to favor remote name servers on the same or nearby networks.
On the whole, this simple but elegant algorithm allows Microsoft DNS Servers to "lock on" to the closest name servers quickly and without the overhead of an out-of-
2.6.5 The Whole Enchilada
What this amounts to is a resolution process that, taken as a whole, looks like Figure 2-13.
Figure 2-13. The resolution process
A resolver queries a local name server, which then sends iterative queries to a number of other name servers in pursuit of an answer for the resolver. Each name server it queries refers it to another name server that is authoritative for a zone further down in the namespace and closer to the domain name sought. Finally, the local name server queries the authoritative name server, which returns an answer. All the while, the local name server uses each response it receives—whether a referral or the answer—to update the RTT of the responding name server, which will help it decide which name servers to query to resolve domain names in the future.
2.6.6 Mapping Addresses to Names
One major piece of functionality missing from the resolution process as explained so far is how addresses get mapped back to domain names. Address-to-name mapping is used to produce output that is easier for
Actually, there's a better solution that's both clever and effective. Because it's easy to find data once you're given the domain name that indexes that data, why not create a part of the domain namespace that uses addresses as labels? In the Internet's domain namespace, this portion of the namespace is the in-addr.arpa domain.
Nodes in the
domain are labeled after the numbers in the dotted-octet representation of IP addresses. (
Figure 2-14. The in-addr.arpa domain
Note that when read in a domain name, the IP address appears backward because the name is read from leaf to root. For example, if winnie.corp.hp.com 's IP address is 220.127.116.11, the corresponding node in the in-addr.arpa domain is 18.104.22.168.in-addr.arpa , which maps back to the domain name winnie.corp.hp.com .
IP addresses could have been represented the
Figure 2-15. Hierarchical names and addresses
Making the first octets in the IP address appear highest in the tree gives administrators the ability to delegate authority for
zones along network lines. For example, the
zone, which contains the reverse-mapping information for all hosts whose IP addresses start with 15, can be delegated to the administrators of network 15/8. This would be