Why is my PC doing more than one DNS query for www.ietf.org? [closed]
I'm doing an exercise for a class where I have to flush the DNS cache and then visit www.ietf.org and capture the packets. I got this:
The selected query and response are the "main" ones. What about the others? Looks like a redirect. My guess is that the 2nd and 3rd queries also have to do with finding both the IPv4 and IPv6 addresses.
There are multiple queries because of using CNAME records, which is very often the case when using CDNs.
You can see it easily:
$ dig www.ietf.org +noall +ans
www.ietf.org. 16m2s IN CNAME www.ietf.org.cdn.cloudflare.net.
www.ietf.org.cdn.cloudflare.net. 5m IN A 104.16.45.99
www.ietf.org.cdn.cloudflare.net. 5m IN A 104.16.44.99
But that is because the recursive nameserver did iterate to give you the reply. If you do it step by step you can find what happens:
$ dig www.ietf.org +norecurse A
[..]
;; ANSWER SECTION:
www.ietf.org. 13m23s IN CNAME www.ietf.org.cdn.cloudflare.net.
and then:
$ dig www.ietf.org.cdn.cloudflare.net. A
[..]
;; ANSWER SECTION:
www.ietf.org.cdn.cloudflare.net. 5m IN A 104.16.44.99
www.ietf.org.cdn.cloudflare.net. 5m IN A 104.16.45.99
$ dig www.ietf.org.cdn.cloudflare.net. AAAA
[..]
;; ANSWER SECTION:
www.ietf.org.cdn.cloudflare.net. 5m IN AAAA 2606:4700::6810:2d63
www.ietf.org.cdn.cloudflare.net. 5m IN AAAA 2606:4700::6810:2c63
A smart applications nowadays is expected to use both AAAA and A record types to resolve names, and giving a slight preference to IPv6. This is for example explained in the "Happy Eyeballs" algorithm.
PS: there is no "redirect" in the DNS so please don't use that term in this context; redirections are an HTTP level matter, far over/after what happens at the DNS layer.