DNS lookups with/without recursion in NSLOOKUP
The server returns authoritative responses for the domain when you have norecurse
set, in addition to being willing to perform recursion for you. It won't matter whether the recursion flag is set or not.
Got answer: HEADER: header flags: response, auth. answer, recursion avail.
Related videos on Youtube
Andrew B
Updated on September 18, 2022Comments
-
Andrew B almost 2 years
I am playing around with NSLOOKUP trying to learn about recursive DNS lookups. I am looking up a bogus host name and I seem to be getting the same results whether I enable or disable recursion.
With Recursion:
nslookup Default Server: UnKnown Address: ::1 > set recurse > set debug > nytimes Server: UnKnown Address: ::1 ------------ Got answer: HEADER: opcode = QUERY, id = 2, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: nytimes.intranet.contoso.com, type = A, class = IN AUTHORITY RECORDS: -> intranet.contoso.com ttl = 3600 (1 hour) primary name server = DNSSERVER.intranet.contoso.com responsible mail addr = hostmaster.intranet.contoso.com serial = 10301 refresh = 900 (15 mins) retry = 600 (10 mins) expire = 86400 (1 day) default TTL = 3600 (1 hour) ------------ ------------ Got answer: HEADER: opcode = QUERY, id = 3, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: nytimes.intranet.contoso.com, type = AAAA, class = IN AUTHORITY RECORDS: -> intranet.contoso.com ttl = 3600 (1 hour) primary name server = DNSSERVER.intranet.contoso.com responsible mail addr = hostmaster.intranet.contoso.com serial = 10301 refresh = 900 (15 mins) retry = 600 (10 mins) expire = 86400 (1 day) default TTL = 3600 (1 hour) ------------ ------------ Got answer: HEADER: opcode = QUERY, id = 4, rcode = NOERROR header flags: response, want recursion, recursion avail. questions = 1, answers = 1, authority records = 0, additional = 0 QUESTIONS: nytimes.contoso.com, type = A, class = IN ANSWERS: -> nytimes.contoso.com internet address = 74.125.226.195 ttl = 1800 (30 mins) ------------ Non-authoritative answer: ------------ Got answer: HEADER: opcode = QUERY, id = 5, rcode = NOERROR header flags: response, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: nytimes.contoso.com, type = AAAA, class = IN AUTHORITY RECORDS: -> contoso.com ttl = 900 (15 mins) primary name server = dns01.gpn.register.com responsible mail addr = partnersupport.register.com serial = 2002050701 refresh = 10800 (3 hours) retry = 3600 (1 hour) expire = 604800 (7 days) default TTL = 3600 (1 hour) ------------ Name: nytimes.contoso.com Address: 74.125.226.195 >
With NO Recursion:
nslookup Default Server: UnKnown Address: ::1 > set norecurse > set debug > nytimes Server: UnKnown Address: ::1 ------------ Got answer: HEADER: opcode = QUERY, id = 2, rcode = NXDOMAIN header flags: response, auth. answer, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: nytimes.intranet.contoso.com, type = A, class = IN AUTHORITY RECORDS: -> intranet.contoso.com ttl = 3600 (1 hour) primary name server = DNSSERVER.intranet.contoso.com responsible mail addr = hostmaster.intranet.contoso.com serial = 10301 refresh = 900 (15 mins) retry = 600 (10 mins) expire = 86400 (1 day) default TTL = 3600 (1 hour) ------------ ------------ Got answer: HEADER: opcode = QUERY, id = 3, rcode = NXDOMAIN header flags: response, auth. answer, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: nytimes.intranet.contoso.com, type = AAAA, class = IN AUTHORITY RECORDS: -> intranet.contoso.com ttl = 3600 (1 hour) primary name server = DNSSERVER.intranet.contoso.com responsible mail addr = hostmaster.intranet.contoso.com serial = 10301 refresh = 900 (15 mins) retry = 600 (10 mins) expire = 86400 (1 day) default TTL = 3600 (1 hour) ------------ ------------ Got answer: HEADER: opcode = QUERY, id = 4, rcode = NOERROR header flags: response, recursion avail. questions = 1, answers = 1, authority records = 0, additional = 0 QUESTIONS: nytimes.contoso.com, type = A, class = IN ANSWERS: -> nytimes.contoso.com internet address = 74.125.226.195 ttl = 1526 (25 mins 26 secs) ------------ Non-authoritative answer: ------------ Got answer: HEADER: opcode = QUERY, id = 5, rcode = NOERROR header flags: response, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: nytimes.contoso.com, type = AAAA, class = IN AUTHORITY RECORDS: -> contoso.com ttl = 626 (10 mins 26 secs) primary name server = dns01.gpn.register.com responsible mail addr = partnersupport.register.com serial = 2002050701 refresh = 10800 (3 hours) retry = 3600 (1 hour) expire = 604800 (7 days) default TTL = 3600 (1 hour) ------------ Name: nytimes.contoso.com Address: 74.125.226.195 >
It looks like it is using recursion even when I set it to off. The funny thing is if I look up the bogus hostname specifying 4.2.2.2 as the DNS server then the recursion setting does take effect. Anyone know why this is happening?
BTW I sanitized the host names