The Recursive DNS server is one of the main elements in the Domain Name System (DNS). Let’s explain a little bit more about it.
Recursive DNS server explained.
The Recursive DNS server is responsible for searching for required information. The goal is to respond to the queries which are sent by users. Recursion in computing is associating with a method to resolve an issue. It involves a solution or a program that will continue to repeat itself till it reaches its goal.
Picture it like that. It is operating between the authoritative servers and the end-users.
Every time someone makes a request for a domain name, this DNS server searches for its IP address. When the it receives the accurate IP address, it returns it to the device or browser that initiated the request. The device takes the data, and it connects to the specific IP address. And the domain finally can load.
Performing the lookup
There are two different ways for the recursive DNS server to perform its lookup.
The first one is definitely easier and faster. It is to receive the information from the cache. These type of servers store their cache for a determined period of time. The administrators make the decision of how long the server should hold the data. Through the time-to-live (TTL) value, they are able to set more or less time. And that decision is usually based on their strategy.
So, when the recursive DNS server obtains a query, it can check first its cache memory. If the IP address for the particular domain name, which is requested, is still stored. The TTL of the cache should not be expired yet, and the data to be available. In this case, the response is faster because the recursive DNS server doesn’t need to search in other servers.
The second way of performing a lookup takes a little longer time. It happens when the cache TTL is expired. The IP address is not held there anymore, and the recursive DNS server takes the long path. It has to search for an authoritative server, which is capable of giving the required information.
So, the main purpose of this DNS server is just to look for information, and it saves it for some time.
Recursive DNS server in DNS cache poisoning attacks
When a recursive DNS server searches for an IP address from another DNS server, the attacker stops the request. Instead of the real information, the attacker will give a fake answer. This answer usually is an IP address for a malicious website. And like that, the DNS cache poisoning attack is successful.
The problem is not only that the recursive server gave the user this fake IP address. Moreover, the server will store the answer on its cache. This fact leads to a huge problem. Every user who wants to access the same domain will receive the fake IP address, and it will connect with the malicious site. Imagine a case when that domain is very popular. Such an attack is going to affect a lot of visitors.