How DNS Query Works in Windows 2000
- Part 1: The Local Resolver
- Part 2: Querying a DNS Server
- Alternate Query Responses
- How Iteration Works
- How Caching Works
This article gives a "behind-the-scenes" look at the complete DNS query process in Windows 2000.
When a DNS client needs to look up a name used in a program, it queries DNS servers to resolve the name. Each query message the client sends contains the following three pieces of information, specifying a question for the server to answer:
-
A specified DNS domain name stated as a fully qualified domain name (FQDN)
-
A specified query type, which can either specify a resource record by type or a specialized type of query operation
-
A specified class for the DNS domain name. For Windows DNS servers, it should always be specified as the Internet (IN) class.
For example, the name specified could be the FQDN for a computer, such as "host-a.example.microsoft.com.", and the query type could be specified to look for an address (A) resource record by that name. Think of a DNS query as a client asking a server a two-part question, such as "Do you have any A resource records for a computer named hostname.example.microsoft.com.?" When the client receives an answer from the server, it reads and interprets the answered A resource record, learning the IP address for the computer it asked for by name.
DNS queries resolve in a number of different ways. A client can sometimes answer a query locally by using cached information obtained from a previous query. The DNS server can use its own cache of resource record information to answer a query. A DNS server can also query or contact other DNS servers on behalf of the requesting client to fully resolve the name, and can then send an answer back to the client. This process is known as recursion.
In addition, the client itself can attempt to contact additional DNS servers to resolve a name. When a client does so, it uses separate and additional queries based on referral answers from servers. This process is known as iteration.
In general, the DNS query process occurs in two parts:
-
A name query begins at a client computer and is passed to a resolver, the DNS client service, for resolution.
-
When the query cannot be resolved locally, DNS servers can be queried as needed to resolve the name.
Both of these processes are explained in more detail in the following sections.
Part 1: The Local Resolver
Figure 1 shows an overview of the complete DNS query process.
The complete DNS query process.
As shown in the initial steps of the query process, a DNS domain name is used in a program on the local computer. The request is then passed to the DNS client service for resolution using locally cached information. If the queried name can be resolved, the query is answered and the process is completed.
The local resolver cache can include name information obtained from two possible sources:
-
If a Hosts file is configured locally, any host name-to-address mappings from that file are preloaded into the cache when the DNS client service is started.
-
Resource records obtained in answered responses from previous DNS queries are added to the cache and kept for a period of time.
If the query does not match an entry in the cache, the resolution process continues with the client querying a DNS server to resolve the name.