Reputation: 173
Iterative DNS lookup
I'm trying to implement a simple version of dig as a project with python. I want to implement the DNS lookup by iteration. I read the RFC document and I thought I should check if the AA(Authoritative Answer) bit in response and if it's not set to 1 I should send the same request to the IP provided in the given response until this bit is set. When I tried google.com and checked the response with wireshark it provided the correct IP but the AA bit was still 0 and when i kept sending requests it seemed like getting nowhere. Is this the correct way to do an iterative lookup? If so how to distinguish between authoritative and non-authoritative answers? Here's the result when asking 1.1.1.1 server for google.com:
Flags: 0x8080 Standard query response, No error
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0000 = Reply code: No error (0)
Upvotes: 0
Views: 1339
Answers (1)
Reputation: 30285
Here's the result when asking 1.1.1.1 server for google.com:
DNS queries don't always end with an authoritative answer. In fact, 1.1.1.1 is an iterative resolver, so it's his job to query the relevant servers (root ->.com -> google.com) and return a final answer which won't be authoritative since 1.1.1.1 is the one returning it. It will then cache the response and return it whenever someone asks him the same question.
If you want to create a dig-like tool and look for www.stackoverflow.com, you need to do what 1.1.1.1 does - start with a root (e.g. a.root-servers.net.), and ask it about .com. Then ask a .com server (e.g. a.gtld-servers.net) about stackoverflow.com. Finally, ask the server responsible for stackoverflow.com (e.g. ns-1033.awsdns-01.org) for the A/AAAA record for www.stackoverflow.com. The answer you get from it should be authoritative:
> dig www.stackoverflow.com @ns-1033.awsdns-01.org ──(Thu,Apr08)─┘
; <<>> DiG 9.16.1-Ubuntu <<>> www.stackoverflow.com @ns-1033.awsdns-01.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62794
;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.stackoverflow.com. IN A
;; ANSWER SECTION:
www.stackoverflow.com. 3600 IN CNAME stackoverflow.com.
stackoverflow.com. 3600 IN A 151.101.65.69
stackoverflow.com. 3600 IN A 151.101.1.69
stackoverflow.com. 3600 IN A 151.101.193.69
stackoverflow.com. 3600 IN A 151.101.129.69
;; AUTHORITY SECTION:
stackoverflow.com. 172800 IN NS ns-1033.awsdns-01.org.
stackoverflow.com. 172800 IN NS ns-358.awsdns-44.com.
stackoverflow.com. 172800 IN NS ns-cloud-e1.googledomains.com.
stackoverflow.com. 172800 IN NS ns-cloud-e2.googledomains.com.
Note the aa flag: flags: qr aa rd
Upvotes: 1
Related Questions
- How can I do DNS lookups in Python, including referring to /etc/hosts?
- DNS Packet IP Address Structure
- How do we do DNS query in Python
- Reading DNS packet in python
- Python Scapy a Recursive DNS Query
- Query reverse dns lookups with dnspython
- Human readable form of DNS lookup
- Batch/Bulk DNS lookup in python?
- Python lookup hostname from IP with 1 second timeout
- Code to do a direct DNS lookup