I learned something about DNS this weekend. For some reason I was labouring under the impression that your machine, not the DNS servers dig the recursive lookup for you. What I mean by this is that I thought a DNS lookup went something like this:
- Request for lookup of 'domain.com'.
- Request sent to configured DNS server (non-authoritative for 'domain.com').
- Response received including details of nameserver (NS) authoritative for 'domain.com'.
- Request sent to 'domain.com' NS for lookup of 'domain.com'
- Authoritative response received
That is sort of how it works, I just had the agent initiating the subsequent requests mixed up. This belief was fine back in the day when most DNS servers were running open, caching, recursive DNS servers. Now-a-days that is bad, so just sticking my nearest DNS server into /etc/resolv.conf was only resolving addresses it was authoritative for.
After struggling for a few hours to solve this, I phoned Russell, because he knows this stuff. He pointed out that it is the DNS servers that do the recursion not your machine. So, you have to point your machine at a recursive DNS server that will talk to your IP. Being a smart guy, he happened to know one I could use, off-by-heart. FREAK!
I put this here in the hopes that the next geek who googles for it won't waste as much time as I did. I thought as a moderately capable geek I would just know stuff like this, it's always interesting to see where the holes in your knowledge are.