When a client computer (resolver) issues a query to its configured DNS server the query is, unless specifically configured otherwise (very rare), a recursive query. A recursive query essentially says, "Get me an answer or tell me I can't get there, but don't make me do any of the work." The DNS server then does one of two things:
1. If the DNS server is configured to use another DNS server as a forwarder, the first DNS server sends a query (generally recursive) to the forwarder DNS server. 2. If the DNS server is configured to perform its own name resolution, it performs iterative queries to locate the record in question, which essentially means that it "walks" the DNS namespace, querying servers from the root down as needed. (all of this assumes that the records aren't already cached). To give you as simple as possible an answer to your question, workstations do not perform their own resolution; they query their configured DNS server and the DNS server performs the necessary queries, then returns a response to the client. Hope this helps, Laura Robinson ----- Original Message ----- From: "Roy" <[EMAIL PROTECTED]> To: "Sanford Whiteman" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, October 15, 2001 1:44 AM Subject: Firewalling DNS > What exactly should the rules look like for a DNS server behind a firewall. > When a DNS lookup is done does the workstation doing the lookup every get a > direct response from some DNS server on the internet or does it always come > from the local DNS server. > I ask that because I've heard of high port numbered UDP packets coming back > from DNS and I noticed a lot of high udp packets coming back to > workstations from outside of my firewall. > > I'm running a pix 520. > > Thanks > > > Roy Harrison > The Research Libraries Group > ___________________________________ > If we don't change our basic perceptions > of life, as a species we will perish in > servitude to institutional greed. > Please read Vote or Die at > www.threeparty.org > > "A human being is part of a whole, called by us the "Universe," > a part limited in time and space. He experiences himself, > his thoughts and feelings, as something separated from the rest > -a kind of optical delusion of his consciousness. > This delusion is a kind of prison for us, restricting us to our > personal desires and to affection for a few persons nearest us. > Our task must be to free ourselves from this prison by widening our > circles of compassion to embrace all living creatures and the whole of > nature in its beauty. " > > - Albert Einstein (1879-1955) > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
