Help Required to understand DNS WorkFlow with Source and Destination IP

Joomla 81 Reputation points
2019-11-06T11:31:22.153+00:00

Hi,

I need to understand the recursive DNS flow to understand what actually source and destination IP addresses travel over the internet while sending DNS queries to know the response.

Lets say small topology is:-

Client(192.168.10.10)---Primary DNS Server(192.168.20.2)----FW NAT Address (20.20.20.20)----Internet---Root Server (30.30.30.30)

Now Client wants to know the IP address of example.com and sends query to Primary DNS server. Where Primary DNS server does not know the answer and forward that query further with the help of Firewall NAT address to the internet. So what would traffic flow. The very first flow I know is as below:-

Client IP Port DNS IP Port
192.168.10.10--32456---Destination(192.168.20.2)--53

What would be thereafter.

Its like

192.168.20.2--53----->20.20.20.20--34567

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
36,968 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Philippe Levesque 5,706 Reputation points MVP
    2019-11-06T17:53:49.013+00:00

    Hi

    For your question;

    what actually source and destination IP addresses travel over the internet while sending DNS queries to know the response

    In your case as you have a firewall that do NAT'ing;

    The only IP that get on the internet is 20.20.20.20 <---> 30.30.30.30. The NAT'ing hide the sender.

    Your router will remember in it's NAT'ing cache the communication, and will answer 192.168.20.2 after it receive an answer from 30.30.30.30.

    So in your flow there is actually 3 distinct conversation;

    192.168.10.10 <--> 192.168.20.2
    192.168.20.2 <--> (Internal IP of your router)
    20.20.20.20 <--> 30.30.30.30

    Thanks