question

AnkushKumar-8134 avatar image
0 Votes"
AnkushKumar-8134 asked ·

Help Required to understand DNS WorkFlow with Source and Destination IP

Hi,

I need to understand the recursive DNS flow to understand what actually source and destination IP addresses travel over the internet while sending DNS queries to know the response.

Lets say small topology is:-

Client(192.168.10.10)---Primary DNS Server(192.168.20.2)----FW NAT Address (20.20.20.20)----Internet---Root Server (30.30.30.30)

Now Client wants to know the IP address of example.com and sends query to Primary DNS server. Where Primary DNS server does not know the answer and forward that query further with the help of Firewall NAT address to the internet. So what would traffic flow. The very first flow I know is as below:-

Client IP Port DNS IP Port
192.168.10.10--32456---Destination(192.168.20.2)--53

What would be thereafter.

Its like

192.168.20.2--53----->20.20.20.20--34567

not-supported
· 1
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AnkushKumar-8134 avatar image AnkushKumar-8134 ·


Thanks for reply.

Now if root server forwards that request to another server example for 40.40.40.40 and then 40.40.40.40 responds then how the packet flow will be:-

40.40.40.40------>30.30.30.30----->20.20.20.20----Router Internal Address------>192.168.20.2---->192.168.10.2 ???

And what kind of entries DNS server store to know actually to whom they need to reply back? Because UDP is stateless protocol how DNS servers trace back to original client?

Thanks.

0 Votes 0 ·

1 Answer

yagmoth555 avatar image
0 Votes"
yagmoth555 answered ·

Hi

For your question;

what actually source and destination IP addresses travel over the internet while sending DNS queries to know the response

In your case as you have a firewall that do NAT'ing;

The only IP that get on the internet is 20.20.20.20 <---> 30.30.30.30. The NAT'ing hide the sender.

Your router will remember in it's NAT'ing cache the communication, and will answer 192.168.20.2 after it receive an answer from 30.30.30.30.

So in your flow there is actually 3 distinct conversation;

192.168.10.10 <--> 192.168.20.2
192.168.20.2 <--> (Internal IP of your router)
20.20.20.20 <--> 30.30.30.30


Thanks

· 1 ·
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AnkushKumar-8134 avatar image AnkushKumar-8134 ·


Thanks for reply.

Now if root server forwards that request to another server example for 40.40.40.40 and then 40.40.40.40 responds then how the packet flow will be:-

40.40.40.40------>30.30.30.30----->20.20.20.20----Router Internal Address------>192.168.20.2---->192.168.10.2 ???

And what kind of entries DNS server store to know actually to whom they need to reply back? Because UDP is stateless protocol how DNS servers trace back to original client?

Thanks.

0 Votes 0 ·