Re: Recursion?
- From: "Kevin D. Goodknecht Sr. [MVP]" <admin@xxxxxxxxxxxxxx>
- Date: Sat, 21 Oct 2006 01:59:48 -0500
Charles Elliott wrote:
Hello:
I use Server 2003's DNS to service about 8 computers on a home
network. I have an application (DIMES) that constantly uses Tracert
to determine the distance from one of my computers to various other
computers. It is constantly trying to translate names to dotted IP
addresses, particularly for routers. For some reason many routers
have DNS entries that go from IP addresses to names, but not vice
versa. Therefore, my DNS first asks my ISPs name servers to resolve
the names, which they cannot do. Then it tacks on my domain name
(XXXX.us) and again asks my ISP's name servers to resolve the name,
which of course they cannot do, then it asks the name server of the
US root to resolve the name, then it gives up. So instead of
"saving" tons of traffic to my ISP by having my own DNS server, I am
creating tons of traffic. Without totally disabling recursion, how
can I get my DNS to stop tacking on my domain name and asking all the
other DNS servers to resolve it? It is never going to be successful.
Below is an example in Ethereal format. matt.celliott.us is the DNS
server, and router.celliott.us is a proxy for the ISP's DNS server;
the expanded full packet on the last line indicates that my ISP's DNS
server got its information from the US root name server. In this
example, note that the DNS server actually already knows the IP
address of gbr1-p20.wswdc.ip.att.net before it asked for it. Why
did it not cache it (so it could use it when it found the name could
not be resolved)?
Charles Elliott
No. Time Source Destination
Protocol Info
704 154.132841 matt.celliott.us home4.bellatlantic.net DNS
Standard query PTR 178.11.122.12.in-addr.arpa
706 156.132657 matt.celliott.us router.celliott.us
DNS Standard query PTR 178.11.122.12.in-addr.arpa
707 156.169268 router.celliott.us matt.celliott.us
DNS Standard query response PTR gbr1-p20.wswdc.ip.att.net
708 156.169537 matt.celliott.us router.celliott.us
DNS Standard query A gbr1-p20.wswdc.ip.att.net
709 156.177332 home4.bellatlantic.net matt.celliott.us DNS
Standard query response PTR gbr1-p20.wswdc.ip.att.net
710 156.206219 router.celliott.us matt.celliott.us
DNS Standard query response, No such name
711 156.206272 matt.celliott.us router.celliott.us
DNS Standard query A gbr1-p20.wswdc.ip.att.net.celliott.us
712 156.294050 router.celliott.us matt.celliott.us
DNS Standard query response
713 156.294110 matt.celliott.us router.celliott.us
DNS Standard query A gbr1-p20.wswdc.ip.att.net.celliott.us
714 156.321434 router.celliott.us matt.celliott.us
DNS Standard query response
This is not your DNS server doing this, it is your DNS client service
appending the name from the DNS suffix search list to every non-fully
qualified domain name. A non-fully qualified domain name is any the DNS
client service is asked to resolve that does NOT have a trailing ".".
Do you have Active Directory?
If you do all internal clients would use the internal DNS server which
should have a zone name celliot.us which would prevent DNS from forwarding
these queries.
The DNS suffix search list is intended to simplify resolving local host
names by appending the suffix for the domain that the machines would have
their records registered in.
In this case, you would have a zone named celliot.us that would have A
records for each host on the network, then when they try to resolve the name
matt, the DNS client would append celliot.us, and send the name
matt.celliot.us to your DNS to find the A record for matt.celliot.us and
return its IP address.
The DNS client also appends the DNS suffix search list to all multi-label
DNS names that are not fully qualified because they are not appended with
the trailing ".". That is the reason even gbr1-p20.wswdc.ip.att.net is not
fully qualified and is appended with celliott.us, making the name sent to
DNS gbr1-p20.wswdc.ip.att.net.celliott.us. If your DNS had a zone for
celliot.us, when gbr1-p20.wswdc.ip.att.net.celliott.us is sent to it DNS
would return NXDOMAIN, to which the DNS client tries again with only
gbr1-p20.wswdc.ip.att.net. Which would be forwarded.
Make sure all internal clients use only the internal DNS that has the domain
listed in the DNS suffix search list. Then, DNS would not forward the
queries that end with celliot.us.
The same is held true for PTR lookups, you should have a reverse lookup zone
for the local subnet and it would not forward these either.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
.
- References:
- Recursion?
- From: Charles Elliott
- Recursion?
- Prev by Date: Re: Registering Solaris 10 DHCP Client in Windows Server DNS
- Next by Date: Re: Registering Solaris 10 DHCP Client in Windows Server DNS
- Previous by thread: Recursion?
- Next by thread: Re: migration
- Index(es):
Relevant Pages
|
