cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
834
Views
0
Helpful
1
Replies

Packet Capture of iterative query

Pratyush Sinha
Level 1
Level 1

Here is the query. 

I have a Windows  server 2012 at 10.10.1.200. The gateway is 10.10.1.1 . I am using 10.10.1.200 as the DNS server. I have configured DNS server on 10.10.1.200. In the DNS server settings I have not mentioned any forwarder.

Now from the browser of 10.10.1.200 I try to go to a domain that does not exist (Please check packet  25 and 26.).  Ideally it should go from 10.10.1.200 to root server and from root server I should get the name server of the .com server. Now the next query should go from 10.10.1.200 to the .com server and from the .com server i should get a reply that the domain does not exist. (I think that is how iterative query works.)

However I am getting the reply directly for root server that the domain does not exist. 

Can some one please check the packet capture (packet 25 and 26 ) and let me know why I am not getting a referral from the root server. 

Also can someone please send me sample wireshark capture of iterative query explaining how the packet flows if the domain does not exist.I have checked wireshark's website and it is not there. 

 

1 Reply 1

Hi Pratyush,

Your DNS server seems already aware of what server to query for .com because it does not query a root DNS server but a .com TLD DNS right away.

192.54.112.30 is h.gtld-servers.net

I'm thinking your DNS server remembers from a previous query who's in charge of .com and queries that server directly.

Only on the very first query for .com does the root server gets hit and replies with .com TLD servers.

Hope this helps!

JF

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: