Getty Images
Recursive vs. iterative DNS queries: What's the difference?
Name resolution translates human-readable hostnames to IP addresses for device configuration. DNS uses recursive or iterative methods to translate names into IP addresses.
Name resolution is essential to networking.
It relates hostnames with the IP addresses required for TCP/IP connectivity. The process typically relies on DNS. This service receives queries from devices that need name or IP address information about specific identities. It provides the information or informs the query source that the identity doesn't exist.
Name resolution queries occur in the background, separate from most users and applications. However, they perform a critical function essential to network configuration and troubleshooting.
Name resolution overview
To reference a network node, such as a printer, file server or website, users typically type in an easy-to-remember name. The data packets that establish connectivity between the local and remote systems must identify each device's IP address instead, however. IP addresses are difficult for people to remember, but TCP/IP doesn't recognize names as network identifiers.
This is where DNS comes in. DNS maintains a hierarchical structure of database entries that relate names and IP addresses. When a user enters a hostname on a client device, the device sends a name resolution request to the DNS server to learn the IP address associated with the name.
This name resolution request, known as a DNS query, translates the hostname into an IP address that devices can recognize. The device that initiates the query is the resolver. Some clients, such as a web browser, might have multiple resolvers at different stages of the process.
Two types of DNS queries exist, each with slightly different functions:
- Recursive. The resolver accepts the complete answer and doesn't accept referrals to another DNS server.
- Iterative. The resolver accepts the complete answer or a referral to another DNS server.
Network administrators typically can't choose between iterative and recursive queries. The difference lies with the type and scope of name resolution necessary to satisfy the client device's connection request.
What are recursive DNS queries?
A Windows workstation -- the resolver -- generates a recursive DNS query to translate a website name to an IP address. The query requires either a complete answer or a definitive message that the requested resource doesn't exist. It sends this query to its DNS server and expects the server to reply with either the IP address or a message that indicates the server can't find the resource.
For example, troubleshooters often test a system's network configuration with the ping utility. To do this, network administrators type in the following command:
ping server42
It might make sense to send ping echo requests to server42. However, strict rules govern IP packet headers and require a source and destination IP address for successful connectivity. This network command doesn't provide an IP address; it provides a hostname. In this case, the hostname is server42.
The computer creates a name resolution query using the server42 argument. It sends the query to its specified DNS server, essentially saying, "My user typed in server42. What is the IP address for that name?"
The DNS server stores resource records from which it can answer queries. The test computer and server42 are on the same internal network in this example. The DNS server has a resource record for server42 and relates it to the corresponding IP address.
In this example, the IP address is 192.168.2.22. The DNS server replies with the following: "The name server42 is related to IP address 192.168.2.22." The client computer then sends the ping packets to that destination IP address, which satisfies the TCP/IP addressing requirements.
This process is usually simple for internal resources because the workstation, DNS server and target resource are all on the same network. Network administrators sometimes manually create resource records or register them dynamically by network devices.
What are iterative DNS queries?
Iterative queries represent a more complex scenario that involves several DNS servers, the DNS naming hierarchy and multiple queries. It's common for internet-based name resolution to occur when a client device inside a network needs the IP address for a website or similar resource outside the network.
The client device initiates a recursive query to its DNS server. That server must return a definitive answer to the client. However, the DNS server, which now acts as a resolver, begins a series of iterative queries to other internet DNS servers. It accepts either the final answer or provides a referral to another DNS server that might have the final answer.
DNS servers don't know the IP address since the destination website is probably outside a company's network. It must query additional DNS servers to satisfy the client computer's request.
Suppose someone types www.techtarget.com into a web browser. The computer has the same problem as before: It has a name, but it needs an IP address to connect to the web server. That DNS server sends iterative queries through a hierarchical structure. The iterative queries begin with the internet root and gradually focus down to the specific website.
Examples of iterative queries include the following:
- Iterative query to the internet root layer. "What is the IP address of www.techtarget.com?" The answer is: "Go check with com."
- Iterative query to the com layer. "What is the IP address of www.techtarget?" The answer is: "Go check with techtarget."
- Iterative query to the techtarget layer. "What is the IP address for www?" The answer is the corresponding IP address.
The DNS server then returns that IP address to the client device as a definitive answer. It uses a series of iterative queries to discover the necessary information from a hierarchy of other name resolution servers. Caching and mirroring help make this process quick.
Troubleshooting DNS queries
Troubleshooting DNS problems involves understanding these queries so network administrators can identify where the process failed. DNS servers outside the network are beyond the network team's control.
Firewalls are another consideration. DNS generally uses User Datagram Protocol (UDP) port 53 for queries but switches to TCP port 53 if the query is too large. Historically, network administrators used TCP port 53 for zone transfers, and UDP port 53 supported smaller queries for efficiency. Depending on the network's configuration, network administrators might need to manage one or both ports on the firewalls.
Client devices cache name resolution information to avoid repeating queries for frequently accessed resources. Network administrators can work with this cache easily on Windows computers by using the ipconfig command and three different switches:
- ipconfig /displaydns. Shows recently translated names and IP addresses.
- ipconfig /flushdns. Clears the cache, which forces new DNS queries instead of cached information.
- ipconfig /registerdns. Creates a new resource record for the client on the DNS server. This is common after the client acquires a new IP address from DHCP.
Wrap-up
DNS is a critical function in almost every network. It's important for administrators to understand the differences between iterative and recursive queries so they can understand what happens in the background of their networks. This knowledge enables them to troubleshoot efficiently and provide better security.
DNS bridges the gap between the hostnames people remember easily and the IP addresses computers need to connect to each other. Client devices automatically query designated DNS servers to translate names to IP addresses. The two query types provide quick, reliable name resolution.
Damon Garn owns Cogspinner Coaction and provides freelance IT writing and editing services. He has written multiple CompTIA study guides, including the Linux+, Cloud Essentials+ and Server+ guides, and contributes extensively to TechTarget Editorial, The New Stack and CompTIA Blogs.
