An iterative DNS query is a request for a domain name’s IP address sent to a name server (DNS resolver) that responds with the most relevant answer. This answer could be the IP address if it is stored in the DNS resolver’s cache. Otherwise, the DNS resolver responds with another name server’s details. As the term “iterative” suggests, this referral process continues until the requesting server receives the appropriate DNS response.
An iterative DNS query is also known as a “nonrecursive DNS query” since the name servers respond to the requesting server instead of querying another name server.
Read More about a “Iterative DNS Query”
To better understand what an iterative DNS query is and how it works, we need to become familiar with different terms connected to it and types of DNS servers since they are involved in the process. These are:
- DNS client: A machine in your local computer network that is responsible for sending DNS queries to a DNS server.
- DNS resolver: A server that receives queries from a DNS client. Learn more about it here.
- Root name server: Any of the 13 root servers worldwide that stores the details relevant to the top-level domain (TLD) of the queried domain (e.g., .com DNS zone, for example[.]com).
- TLD name server: DNS server that stores the IP address of the second-level domain name (example[.]com).
- Authoritative name server: The DNS server with the latest and most updated name resolution of a domain name, which can be the domain name administrator’s DNS server.
How Does an Iterative DNS Query Work?
Using an iterative DNS query is like looking for a friend at a crowded party. You ask Amanda if she has seen Jane, and she tells you to ask Carl. When you ask Carl, he tells you to ask Marion, and, finally, Marion tells you that Jane is sitting by the pool.
In the DNS, the iterative query typically follows these steps:
- You type “example[.]com” on your browser, telling your local DNS client to look for the domain name’s IP address.
- Your local DNS client asks the DNS resolver for the IP address of example[.]com.
- If the DNS resolver has the answer in its cache, it responds with the IP address. If it does not know the answer, it responds with the IP address of the root server.
- Your local DNS client then asks the root name server for the details of the domain name’s TLD name server.
- The root name server responds with the TLD server’s IP address.
- Your local DNS client asks the TLD server for the domain name’s IP address.
- The TLD name server responds with the corresponding IP address.
- Your local DNS client resolves the IP address, and your browser displays the website.
The chart below is a visual representation of how a typical iterative query works.
What Is the Difference between an Iterative and a Recursive DNS Query?
Aside from an iterative query, another type of DNS query is recursive. In an iterative DNS query, recall that the DNS resolver can respond with the IP address of either the queried domain name or an authoritative name server (root or TLD name server).
On the other hand, a recursive DNS query requires the DNS resolver to provide the queried domain name’s IP address or an error message.
To do that, the DNS resolver forwards the query to other name servers until it finds the authoritative name server holding the domain name’s IP address. The local DNS client isn’t tasked with querying other name servers. Instead, this job is given to the DNS resolver. In our visualization, the flow has changed compared to how an iterative DNS query works:
The primary difference between iterative and recursive DNS queries lies in two aspects—caching and security. We explain these briefly below.
- Caching: In iterative queries, the local DNS server can store several entries since it directly communicates with different DNS servers. But in recursive queries, only the domain names and their IP addresses are cached.
- Security: Recursive DNS queries are more vulnerable to denial-of-service (DoS), man-in-the-middle (MitM), and other similar attacks because they rely on forwarding requests to other DNS servers. If one of these servers is compromised, it could be used to send malicious responses.
The iterative DNS query process may seem long, but, in reality, it only takes a few seconds. If your Internet connection is fast, you won’t notice any delay at all.