I am playing around with NSLOOKUP trying to learn about recursive DNS lookups. I am looking up a bogus host name and I seem to be getting the same results whether I enable or disable recursion.
With Recursion:
nslookup
Default Server: UnKnown
Address: ::1
> set recurse
> set debug
> nytimes
Server: UnKnown
Address: ::1
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
nytimes.intranet.contoso.com, type = A, class = IN
AUTHORITY RECORDS:
-> intranet.contoso.com
ttl = 3600 (1 hour)
primary name server = DNSSERVER.intranet.contoso.com
responsible mail addr = hostmaster.intranet.contoso.com
serial = 10301
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
nytimes.intranet.contoso.com, type = AAAA, class = IN
AUTHORITY RECORDS:
-> intranet.contoso.com
ttl = 3600 (1 hour)
primary name server = DNSSERVER.intranet.contoso.com
responsible mail addr = hostmaster.intranet.contoso.com
serial = 10301
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 4, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
nytimes.contoso.com, type = A, class = IN
ANSWERS:
-> nytimes.contoso.com
internet address = 74.125.226.195
ttl = 1800 (30 mins)
------------
Non-authoritative answer:
------------
Got answer:
HEADER:
opcode = QUERY, id = 5, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
nytimes.contoso.com, type = AAAA, class = IN
AUTHORITY RECORDS:
-> contoso.com
ttl = 900 (15 mins)
primary name server = dns01.gpn.register.com
responsible mail addr = partnersupport.register.com
serial = 2002050701
refresh = 10800 (3 hours)
retry = 3600 (1 hour)
expire = 604800 (7 days)
default TTL = 3600 (1 hour)
------------
Name: nytimes.contoso.com
Address: 74.125.226.195
>
With NO Recursion:
nslookup
Default Server: UnKnown
Address: ::1
> set norecurse
> set debug
> nytimes
Server: UnKnown
Address: ::1
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, auth. answer, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
nytimes.intranet.contoso.com, type = A, class = IN
AUTHORITY RECORDS:
-> intranet.contoso.com
ttl = 3600 (1 hour)
primary name server = DNSSERVER.intranet.contoso.com
responsible mail addr = hostmaster.intranet.contoso.com
serial = 10301
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, auth. answer, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
nytimes.intranet.contoso.com, type = AAAA, class = IN
AUTHORITY RECORDS:
-> intranet.contoso.com
ttl = 3600 (1 hour)
primary name server = DNSSERVER.intranet.contoso.com
responsible mail addr = hostmaster.intranet.contoso.com
serial = 10301
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 4, rcode = NOERROR
header flags: response, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
nytimes.contoso.com, type = A, class = IN
ANSWERS:
-> nytimes.contoso.com
internet address = 74.125.226.195
ttl = 1526 (25 mins 26 secs)
------------
Non-authoritative answer:
------------
Got answer:
HEADER:
opcode = QUERY, id = 5, rcode = NOERROR
header flags: response, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
nytimes.contoso.com, type = AAAA, class = IN
AUTHORITY RECORDS:
-> contoso.com
ttl = 626 (10 mins 26 secs)
primary name server = dns01.gpn.register.com
responsible mail addr = partnersupport.register.com
serial = 2002050701
refresh = 10800 (3 hours)
retry = 3600 (1 hour)
expire = 604800 (7 days)
default TTL = 3600 (1 hour)
------------
Name: nytimes.contoso.com
Address: 74.125.226.195
>
It looks like it is using recursion even when I set it to off. The funny thing is if I look up the bogus hostname specifying 4.2.2.2 as the DNS server then the recursion setting does take effect. Anyone know why this is happening?
BTW I sanitized the host names
Best Answer
The server returns authoritative responses for the domain when you have
norecurse
set, in addition to being willing to perform recursion for you. It won't matter whether the recursion flag is set or not.