Karthik Suresh

DNS Circular Detection And Looping

Blog Post created by Karthik Suresh Employee on Aug 11, 2016

DNS – Circular Dependencies & Looping

 

DNS has been one of the most important application in Internet. As we know DNS helps resolve your domain or hostname to its corresponding IP address. The time taken for a DNS resolution is very less compared to that of a HTTP round trip time. Having said that does not mean that DNS resolution is always fast and reliable.

While we analyze the possible factors that could degrade the performance of DNS resolution, few of them are similar to that of HTTP like availability, load balancing, cache, etc. But there are 2 things that could degrade the performance of DNS resolution due to inappropriate configuration of your name servers, they are Circular Dependencies and DNS looping.

Name servers as we all know is responsible for handing out the NS record, in simple terms it points the DNS resolver to the Authoritative server who can hand out the IP address for the host name. Circular Dependencies and DNS looping could occur due to inappropriate configuration of your name servers.

 

Circular Dependencies:

As the name suggests, Circular Dependencies occurs when the resolver is switching back and forth between the resolvers and the TLDs before it could point to the authoritative server or time out.

Let us take a domain example.com whose name servers are configured to be ns1.example.com and ns2.example.com.

These name servers should be present in the zone file of .com servers along with its IP address. This IP address acts as the glue record while serving the NS record to the resolver. Assuming that there is no glue record:

The .com server will hand out a NS record (ns1.example.com) without its IP address. DNS resolver now has to resolve for the IP address of ns1.example.com before it can query it.

The authoritative server for ns1.example.com would be example.com again. This puts the DNS resolver in a circular Dependencies in the TLD trying to resolve example.com and its name server ns1.example.com until it times out.

 

 

DNS Looping:

DNS looping occurs when the name servers belong to a different TLD than that of the hostname.

Let’s assume the host name that we are resolving to be example.com and its name servers to be ns1.example.net and ns2.example.net.

The host name is registered in .com domain while the name servers are registered in .net domain. In this case the .net name servers will be authoritative for NS record of ns1.example.net.

When the resolver queries the .com domain for example.com it hands out the NS records ns1.example.net and ns2.example.net without a glue record. The resolver has to now again begin from the root and query .net TLD for ns1.example.net to determine its IP address. This can get more complex with multiple levels NS records or CNames if they are registered on different TLDs.

 

How does this impact the performance?

Both circular decencies and looping occur due to the absence of glue record. This cause the resolver to resolve the IP address of the nameserver (ns1.example.net/ns1.example.com) while the resolution for the hostname example.com is put on a wait. Until the resolver has successfully resolved the IP address of the name server it will not be able to resume the resolution for example.com. This could cause significant performance degradation in the DNS resolution process.

Both these processes sound like a major performance degrader theoretically. I was more interested in verifying them practically. So I had a registered a domain in one of the popular domain registrars. To verify them practically I had changed the nameserver records in their control panel. Though the changes were temporarily applied, I then received an email from the registrar saying that my nameservers were invalid and they have been reset to default ones (registrars own nameservers).

I later verified this in a few more registrars and found that they all verify the name servers and the presence of glue records in the zone files of TLDs.

 

Conclusion:

The possibilities of DNS Circular dependencies and looping might be very rare in internet. But to avoid circular dependencies and looping both nameservers and hostname should belong to the same TLD and also we must provide the IP address of the name servers which acts as a glue record. These 2 steps could avoid the DNS resolver from resolving for the IP address of your nameservers and hence will not add to the degradation of performance of your DNS resolution process.

Outcomes