If I use nslookup to query a dns server and the dns server forwards the request to another server I always see the reply coming from the orginal dns server. How can I tell which server really answered the request?
-
The reason it forwards is because of recursion. If your dns server is not authoritative (ie- responsible) for the domain you're querying it'll start a recursive query beginning at the root level domain servers going down until it finds a dns server responsible for that domain. If/when it finds one that server will send the answer back. If you want to see the whole thing type in
set debugwithin nslookup.That said, dig is really a better tool to use now than nslookup.
From squillman -
Use the DIG utility with the +trace option to see which server answers the request.
Alternatively, you can use a "DNS Lookup" function of the DNS Made Easy site - then select the link for "DNS Transversal" to check responses in all DNS servers in the chain.
From Mike -
If the answer comes from the original DNS server that means that the original server performed recursion and answered the query on behalf of the client (whether you use forwarders or not).
With recursion, the DNS server performs all the work for the client and returns the answer to the client. With iteration, the server does not perform the work and tells the client to perform the work itself. So with recursion the DNS server will always be the one that answers and with iteration it will always be the authorative server for the DNS zone being queried that answers the client.
From joeqwerty
0 comments:
Post a Comment