Recursive DNS vs Iterative DNS queries

---

Can someone describe to me what is the difference between Recursive DNS vs Iterative DNS queries and how it works ?

Thanks, Dan

@Daniel-Thomas ,

The way I remember the difference is the phrase "Recursive queries require an answer".

From Microsoft...

A recursive query indicates that the client wants a definitive answer to its query. The response to the recursive query must be a valid address or a message indicating that the address cannot be found.

The takeaway from that definition is that the answer cannot be a referral to another DNS server. Give me your best answer, but I need an answer.

Again, from Microsoft...

An iterative query indicates that the server will accept a referral to another server in place of a definitive answer to the query.

The takeaway from this definition is the thought that if you don't know the answer, could you point me to someone who might know the answer.

Clients typically send recursive queries to their configured DNS server. Think of it like this...if you open your browser and type in www.itpro.tv, you need the IP address for ITProTV's web server. A referral to someone else to ask won't do you any good. So by sending a recursive query, you are telling the DNS server you need an answer, do whatever you can to find the answer and let me know.

DNS servers typically send iterative queries to each other. Lets continue with the previous example. You've opened your browser and typed in www.itpro.tv. Your computer has sent a recursive query to your DNS server listed in your TCPIP configuration, probably your ISPs DNS server. Your ISPs DNS server is not authoritative for the ITProTV namespace, and doesn't know the IP address for www.itpro.tv. Since you sent a recursive query, the ISP DNS server will try to find an answer for you. It will do so by sending an iterative query to the root DNS server. The root is not authoritative for ITProTV, and since the query was iterative, the root will respond with a referral to the .tv DNS server. This process of iterative queries will continue between DNS servers until your ISPs DNS server finds the authoritative DNS server for ITProTV, ITProTVs DNS server is authoritative, and will respond with the requested IP address instead of another referral. Your ISPs DNS server finally has the answer you asked with the original recursive query, and will send the IP address to the client, and your browser will connect to www.itpro.tv.

This is the basic process, but there are many factors that can affect this behavior, If a DNS server is configured to forward unknown queries, then it sends a recursive query to the other DNS server, not iterative. Caching will also affect this process.

In the end, remember that recursive queries require an answer. When you send a recursive query, you are passing the work of looking up the IP address to someone else, and waiting for an answer. Iterative queries can accept an answer or a referral to someone else. You are not passing the work, instead you are asking "Do you know the answer, if not, do you know someone else I can ask?"

Here is a link for some additional reading...
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/reviewing-dns-concepts