article Nominated Discussion: Basic Question about DNS Query in General Articles

article Nominated Discussion: Basic Question about DNS Query in General Articles https://live.paloaltonetworks.com/t5/general-articles/nominated-discussion-basic-question-about-dns-query/ta-p/563423 <DIV class="lia-message-template-content-zone"> <P data-unlink="true"><SPAN>This Nominated Discussion Article is based on the post "</SPAN><STRONG>Basic Question about DNS Query </STRONG><SPAN>" by <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/197203">@perumalj</a> and answered by <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/7608">@reaper</a> .</SPAN></P> <P> </P> <BLOCKQUOTE> <P>Scenario : In an organization, a client machine doesn't know IP address of example.com. So it sends DNS query to its local DNS server. Even the local DNS server doesn't know about example.com. Hence, the local DNS server sends DNS query to DNS forwarder. DNS forwarder too doesn't have information about example.com. </P> <P> </P> <P>However , DNS forwarder is able to do external DNS lookup. Hence, It contacts root DNS server at first. </P> <P>secondly , It contacts TLD server and later Name server of example.com to get the IP address. </P> <P> </P> <P>I hope this is how DNS query works for external websites. Please correct me if I am wrong</P> <P> </P> <P>Question 1: I would like to know if IP address of example.com and IP address of its name server will be same or different. </P> <P>Question 2 : I would also like to know When DNS forwarder contacts name server of example.com asking for IP address of example.com, it will send normal DNS query as how client machine has sent DNS query for example.com to its local DNS server or it will be different </P> <P> </P> <P> </P> </BLOCKQUOTE> <P>Response:</P> <P> </P> <BLOCKQUOTE> <P>Question 1: I would like to know if IP address of example.com and IP address of its name server will be same or different. </P> <P><FONT color="#333399">- the IP of the nameserver (NS) will most likely be different from the A record pointing to example.com (it's not impossible, just not very common to have the nameserver as the target for an A record). Typically an organization will have an NS record for example.com that points to the dedicated DNS server, and an A record that points to the web frontend, here's an example</FONT></P> <P class="p1"> </P> <P class="p1"><FONT color="#333399"><SPAN class="s1">% dig any example.com </SPAN></FONT></P> <P class="p1"><FONT color="#333399"><SPAN class="s1">;; Truncated, retrying in TCP mode.</SPAN></FONT></P> <P class="p2"> </P> <P class="p1"><FONT color="#333399"><SPAN class="s1">; <<>> DiG 9.10.6 <<>> any example.com</SPAN></FONT></P> <P class="p1"><FONT color="#333399"><SPAN class="s1">;; global options: +cmd</SPAN></FONT></P> <P class="p1"><FONT color="#333399"><SPAN class="s1">;; Got answer:</SPAN></FONT></P> <P class="p1"><FONT color="#333399"><SPAN class="s1">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40873</SPAN></FONT></P> <P class="p1"><FONT color="#333399"><SPAN class="s1">;; flags: qr rd ra ad; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 1</SPAN></FONT></P> <P class="p2"> </P> <P class="p1"><FONT color="#333399"><SPAN class="s1">;; OPT PSEUDOSECTION:</SPAN></FONT></P> <P class="p1"><FONT color="#333399"><SPAN class="s1">; EDNS: version: 0, flags:; udp: 512</SPAN></FONT></P> <P class="p1"><FONT color="#333399"><SPAN class="s1">;; QUESTION SECTION:</SPAN></FONT></P> <P class="p1"><FONT color="#333399"><SPAN class="s1">;example.com. IN ANY</SPAN></FONT></P> <P class="p2"> </P> <P class="p1"><FONT color="#333399"><SPAN class="s1">;; ANSWER SECTION:</SPAN></FONT></P> <P class="p1"><FONT color="#333399"><SPAN class="s1">example.com. 7405 IN <STRONG>NS</STRONG> b.iana-servers.net   <- this tells everyone which DNS server is responsible for this record</SPAN></FONT></P> <P class="p1"><FONT color="#333399"><SPAN class="s1">example.com. 9667 IN <STRONG>A</STRONG> 93.184.216.34   <- this tells every webbrowser which webserver to connect to</SPAN></FONT></P> <P> </P> <P>Question 2 : I would also like to know When DNS forwarder contacts name server of example.com asking for IP address of example.com, it will send normal DNS query as how client machine has sent DNS query for example.com to its local DNS server or it will be different </P> <P><FONT color="#333399">- eventually, yes. the final forwarded will go through the hierarchy of dns (root, TLD, and so on) to find out who is the final responsible for a record, until it reaches the 'owner' of a record and then queries it for the A record (as a normal query)</FONT></P> <P> </P> <P> </P> <P> </P> <P><FONT color="#333399">hope this helps</FONT></P> </BLOCKQUOTE> <P> </P> </DIV> Fri, 27 Oct 2023 23:50:03 GMT JayGolf 2023-10-27T23:50:03Z Nominated Discussion: Basic Question about DNS Query https://live.paloaltonetworks.com/t5/general-articles/nominated-discussion-basic-question-about-dns-query/ta-p/563423 <P>This Nominated Discussion Article is based on the post "Basic Question about DNS Query".</P> Fri, 27 Oct 2023 23:50:03 GMT https://live.paloaltonetworks.com/t5/general-articles/nominated-discussion-basic-question-about-dns-query/ta-p/563423 JayGolf 2023-10-27T23:50:03Z