0

I have a DNS server and a host in a lab environment. When my host queries for the IP of an web-address, like www.[somewedishwebsite].se (Swedish domain), it first queries my DNS server with IPv4 & IPv6 requests (which does not contain the IP-address or hostname of the website). Then it queries the root dns servers (non-authoritively through the DNS server), "l.root-rootservers.net etc".

According to Wireshark the authoritative nameservers that provided the IP address for the query IS the root-servers, but why would it be that way? Surely the root-servers do not contain records for www.[someswedishwebsite].se ? What are the root-servers actually doing in this case?

Here is an image to illustrate what I am talking about

enter image description here

Improve this question
2
  • There's no way we could know without knowing the name of the site or seeing the traffic. (A guess -- the web server is one of the name servers for the site. In telling you what and where the name servers are, the roots have told you what and where the web server is.)
    – David Schwartz
    Commented Dec 28, 2015 at 11:47
  • It doesn't matter the site, lets say aftonbladet.se a swedish newspaper, if i use the command "dig www.aftonbladet.se"on my debian host the authority section still shows the root servers.
    – NinjaAnte
    Commented Dec 28, 2015 at 11:53

2 Answers 2

Reset to default
1

That makes perfect sense.

When your machine asks its DNS server where "www.website.se" is, your DNS server will forward a request onto anywhere it may be able to get a response.

Since your DNS server doesnt have a relevant zone or record, it will first look at its forwarders and conditional forwarders. If there isn't a forwarding record setup for a relevant zone or domain, DNS will start looking to its "root hints" for a reply.

Root Servers may well not have the answer directly, but a root server may have a zone record for "SE", which has a zone for "website", which in turn has a record for "www". Since the root hints asked on your behalf, they will be given a reply by a DNS server with an appropriate record and they will then relay that record onto you. Its a case of chinese whispers.

Improve this answer
0
-1

A root server did not supply that response. Your local nameserver did (2001:db8:acad:1::6).

The only thing that can be determined from that packet dump is the answer was previously cached and returned locally.

The root servers listed as authoritative is a red herring... it's dependent on the DNS software running, it's configuration (almost certainly global-forwarding somewhere else, like upstream ISP DNS servers), and the state of the cache at the moment the captured query was done.

If you want to understand how DNS resolution works, see How does dig +trace actually work?

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .