An Example Query

next up prev

This is an outline of how a typical series of requests might occur in a BIND environment. You're at You want to log in to You run this command:


What happens? First, blah sends a query to one of its local name servers, say, The query asks for A (address) records for the name, and it asks the name server to consult other name servers, if necessary, to find the requested records.

The name server notices that it isn't in charge of the name, and moreover, it doesn't have the requested information in its cache. But the request came from a customer's machine, and it requested that other servers be consulted, so that's what will happen. This process is called recursion. might start with the root servers, but more likely, it will already have records in its cache that tell where the name servers for the .edu domain are. So next, one of the .edu servers will be consulted with a new query coming from, asking for the same information as the original query, but without requesting recursion. The .edu server will respond with a referral: "I don't know, but here are the name servers for the domain. Try asking them." adds these name server records to its cache, for a limited time, to speed up future queries. will select one of the servers - say, - and send it another query. will notice that it is in charge of the name, so it can return an authoritative answer - either the requsted information, or an indication that that information does not exist. consults the data it's been provided with, and it sees that has no address record, but it it has a CNAME (canonical name) record - i.e., it's an alias for another name: This name has an address record. Both the CNAME record and the address record are returned to, which adds them to its cache and returns them back to you at

Now you have the address of the host you want to connect to, so you make the connection. But sshd on is configured to accept connections only from certain hosts. It can extract your address - say, - from the connection itself, but it needs to map this back to a hostname to decide whether to accept or drop the connection. It does this by looking up PTR (pointer) records for the name

This query proceeds much like the last one. asks, say, to recursively find the PTR record. contacts one of the root servers, say, (The addresses of the root servers might be known, or some other nearby name server might be consulted to find them.) returns a referral to a name server for, which returns a referral to a name server for, which, say, is your ISP's server, since it owns all 1.2.*.* addresses. That server returns a PTR record containing, and sshd uses this to decide whether to let you in.

(If sshd is being paranoid, it may also double-check this name by looking up the address for If none of the addresses belonging to that name match the address you're connecting from, you won't be let in. This is done to thwart an attack where the attacker controls the domain for the address ey is connecting from ( in the example above, if you were the attacker) - ey could serve a trusted name for her own address. But presumably, ey won't be in control of the domain for the trusted name, so the addresses won't match.)