DNS lookups with/without recursion in NSLOOKUP

domain-name-systemnetworkingnslookup

I am playing around with NSLOOKUP trying to learn about recursive DNS lookups. I am looking up a bogus host name and I seem to be getting the same results whether I enable or disable recursion.

With Recursion:

nslookup
Default Server:  UnKnown
Address:  ::1

> set recurse
> set debug
> nytimes
Server:  UnKnown
Address:  ::1

------------
Got answer:
HEADER:
    opcode = QUERY, id = 2, rcode = NXDOMAIN
    header flags:  response, auth. answer, want recursion, recursion avail.
    questions = 1,  answers = 0,  authority records = 1,  additional = 0

QUESTIONS:
    nytimes.intranet.contoso.com, type = A, class = IN
AUTHORITY RECORDS:
->  intranet.contoso.com
    ttl = 3600 (1 hour)
    primary name server = DNSSERVER.intranet.contoso.com
    responsible mail addr = hostmaster.intranet.contoso.com
    serial  = 10301
    refresh = 900 (15 mins)
    retry   = 600 (10 mins)
    expire  = 86400 (1 day)
    default TTL = 3600 (1 hour)

------------
------------
Got answer:
HEADER:
    opcode = QUERY, id = 3, rcode = NXDOMAIN
    header flags:  response, auth. answer, want recursion, recursion avail.
    questions = 1,  answers = 0,  authority records = 1,  additional = 0

QUESTIONS:
    nytimes.intranet.contoso.com, type = AAAA, class = IN
AUTHORITY RECORDS:
->  intranet.contoso.com
    ttl = 3600 (1 hour)
    primary name server = DNSSERVER.intranet.contoso.com
    responsible mail addr = hostmaster.intranet.contoso.com
    serial  = 10301
    refresh = 900 (15 mins)
    retry   = 600 (10 mins)
    expire  = 86400 (1 day)
    default TTL = 3600 (1 hour)

------------
------------
Got answer:
HEADER:
    opcode = QUERY, id = 4, rcode = NOERROR
    header flags:  response, want recursion, recursion avail.
    questions = 1,  answers = 1,  authority records = 0,  additional = 0

QUESTIONS:
    nytimes.contoso.com, type = A, class = IN
ANSWERS:
->  nytimes.contoso.com
    internet address = 74.125.226.195
    ttl = 1800 (30 mins)

------------
Non-authoritative answer:
------------
Got answer:
HEADER:
    opcode = QUERY, id = 5, rcode = NOERROR
    header flags:  response, want recursion, recursion avail.
    questions = 1,  answers = 0,  authority records = 1,  additional = 0

QUESTIONS:
    nytimes.contoso.com, type = AAAA, class = IN
AUTHORITY RECORDS:
->  contoso.com
    ttl = 900 (15 mins)
    primary name server = dns01.gpn.register.com
    responsible mail addr = partnersupport.register.com
    serial  = 2002050701
    refresh = 10800 (3 hours)
    retry   = 3600 (1 hour)
    expire  = 604800 (7 days)
    default TTL = 3600 (1 hour)

------------
Name:    nytimes.contoso.com
Address:  74.125.226.195

>

With NO Recursion:

nslookup
Default Server:  UnKnown
Address:  ::1

> set norecurse
> set debug
> nytimes
Server:  UnKnown
Address:  ::1

------------
Got answer:
HEADER:
    opcode = QUERY, id = 2, rcode = NXDOMAIN
    header flags:  response, auth. answer, recursion avail.
    questions = 1,  answers = 0,  authority records = 1,  additional = 0

QUESTIONS:
    nytimes.intranet.contoso.com, type = A, class = IN
AUTHORITY RECORDS:
->  intranet.contoso.com
    ttl = 3600 (1 hour)
    primary name server = DNSSERVER.intranet.contoso.com
    responsible mail addr = hostmaster.intranet.contoso.com
    serial  = 10301
    refresh = 900 (15 mins)
    retry   = 600 (10 mins)
    expire  = 86400 (1 day)
    default TTL = 3600 (1 hour)

------------
------------
Got answer:
HEADER:
    opcode = QUERY, id = 3, rcode = NXDOMAIN
    header flags:  response, auth. answer, recursion avail.
    questions = 1,  answers = 0,  authority records = 1,  additional = 0

QUESTIONS:
    nytimes.intranet.contoso.com, type = AAAA, class = IN
AUTHORITY RECORDS:
->  intranet.contoso.com
    ttl = 3600 (1 hour)
    primary name server = DNSSERVER.intranet.contoso.com
    responsible mail addr = hostmaster.intranet.contoso.com
    serial  = 10301
    refresh = 900 (15 mins)
    retry   = 600 (10 mins)
    expire  = 86400 (1 day)
    default TTL = 3600 (1 hour)

------------
------------
Got answer:
HEADER:
    opcode = QUERY, id = 4, rcode = NOERROR
    header flags:  response, recursion avail.
    questions = 1,  answers = 1,  authority records = 0,  additional = 0

QUESTIONS:
    nytimes.contoso.com, type = A, class = IN
ANSWERS:
->  nytimes.contoso.com
    internet address = 74.125.226.195
    ttl = 1526 (25 mins 26 secs)

------------
Non-authoritative answer:
------------
Got answer:
HEADER:
    opcode = QUERY, id = 5, rcode = NOERROR
    header flags:  response, recursion avail.
    questions = 1,  answers = 0,  authority records = 1,  additional = 0

QUESTIONS:
    nytimes.contoso.com, type = AAAA, class = IN
AUTHORITY RECORDS:
->  contoso.com
    ttl = 626 (10 mins 26 secs)
    primary name server = dns01.gpn.register.com
    responsible mail addr = partnersupport.register.com
    serial  = 2002050701
    refresh = 10800 (3 hours)
    retry   = 3600 (1 hour)
    expire  = 604800 (7 days)
    default TTL = 3600 (1 hour)

------------
Name:    nytimes.contoso.com
Address:  74.125.226.195

>

It looks like it is using recursion even when I set it to off. The funny thing is if I look up the bogus hostname specifying 4.2.2.2 as the DNS server then the recursion setting does take effect. Anyone know why this is happening?

BTW I sanitized the host names

Best Answer

The server returns authoritative responses for the domain when you have norecurse set, in addition to being willing to perform recursion for you. It won't matter whether the recursion flag is set or not.

Got answer: HEADER: header flags: response, auth. answer, recursion avail.

Related Topic