What is Recursive DNS (RDNS)?

Recursive DNS (RDNS)?

Introduction

The Domain Name System (DNS) helps computers to map a human-readable domain name to an IP address. To get the IP address, there are two types of DNS requests that computers can make: recursive DNS requests and iterative DNS requests. Let’s start with iterative DNS requests.

Iterative DNS requests

When your machine makes an iterative DNS request to a Resolving Name Server, that server will first look into its cache to see if it can return the IP address. Maybe another machine has already made the same request earlier, so the Resolving Name Server already has a copy of the IP address in its cache.

If the IP address is not in the cache, the Resolving Name Server responds to your machine’s iterative DNS request saying, “Sorry, I cannot find the IP address in my storage, but here is the address to the Root Name Server who can help you with the request.” Your machine will now send a request to the Root Name Server through the Resolving Name Server to get the IP address of the TLD Name Server. Next, your machine will send a request to the TLD Name Server through the Resolving Name Server to get the IP address of the Authoritative Name Server. Your machine finally talks to the Authoritative Name Server through the Resolving Name Server to get the IP address associated with the domain name.

The key thing to note for iterative DNS requests is that the Resolving Name Server passes on your machine’s requests at every step. Every request must originate from your machine. In other words, the Resolving Name Server can only act with your machine’s explicit instruction each and every time.

Recursive DNS requests

In a recursive DNS (RDNS) query to a Resolving Name Server, just like in the iterative DNS request, that server will first look into its cache to see if it can provide an answer. If the Resolving Name Server does not have an answer, instead of telling your machine which server it should go to next to get an answer, the Resolving Name Server will make queries to other DNS servers on your machine’s behalf until it finally gets the IP address to pass on to your machine.

The key difference between what the recursive DNS query and the iterative DNS query is that in the recursive DNS query, the Resolving Name Server does not need your machine’s explicit request each and every time. Instead, your machine authorizes it to make all further necessary DNS queries with the first request.

How Recursive DNS requests are helpful

Recursive DNS requests are very helpful because it shortens the amount of time needed to resolve a domain name’s IP address. Your machine authorizes the Resolving Name Server to make requests on its behalf, and the Resolving Name Server does not have to seek your machine’s authorization each and every time. Furthermore, a Resolving Name Server’s cache can resolve a domain name’s IP address very quickly if the information is already stored in it.

When Recursive DNS requests go wrong

Recursive DNS requests are helpful, but some people have found ways to exploit them. For example, attackers can fool DNS servers into thinking that a recursive DNS request from their machine is coming from yours by spoofing or faking your machine’s IP address when making the request. The attackers can command tens of thousands of computers to make such recursive fake DNS requests, and all the responses will go to your machine instead of theirs. The sheer volume of responses your machine receives will cause it to crash or become unresponsive.

Another exploit is when recursive DNS requests are intercepted by attackers who then return the IP address of a malicious website instead of the actual IP address of a domain name. If the malicious IP address enters a popular Resolving Name Server’s cache, the cache is said to be “poisoned”. Every query to resolve that domain name would be responded with the IP address of the malicious website and easily thousands of machines could be affected.