dns.log questions.

[Benjamin]

I have a client machine pinging google.com through my win2k dns
server. it produces this log file.

why does it send and recieve from the root server after google's
nameserver responds?

also, what is the third field mean (remote IP)?

better yet, does anybody know where I can find a complete breakdown of
this file?

**********************************************
The DNS server has started.
Rcv 216.249.144.211 118b Q [0001 D NOERROR]
(6)google(3)com(0)
Snd 198.41.0.4 380c Q [0000 NOERROR] (0)
Snd 198.41.0.4 1812 Q [0000 NOERROR]
(6)google(3)com(0)
Rcv 198.41.0.4 1812 R Q [0080 NOERROR]
(6)google(3)com(0)
Snd 192.5.6.30 1812 Q [0000 NOERROR]
(6)google(3)com(0)
Rcv 192.5.6.30 1812 R Q [0080 NOERROR]
(6)google(3)com(0)
Snd 216.239.34.10 1812 Q [0000 NOERROR]
(6)google(3)com(0)
Rcv 216.239.34.10 1812 R Q [0084 A NOERROR]
(6)google(3)com(0)
Snd 216.249.144.211 118b R Q [0084 A NOERROR]
(6)google(3)com(0)
Snd 202.12.27.33 380c Q [0000 NOERROR] (0)
Rcv 202.12.27.33 380c R Q [0084 A NOERROR] (0)

 

[Michael Johnston [MSFT]]

Without seeing a complete log of this it's impossible to tell. I can only assume that the response from google may have included a CNAME or other alias type.
Since the return is another name, a second query had to be made to resolve the CNAME. This is only a guess since we cannot see what the actual queries
and responses were.

Thank you,
Mike Johnston
Microsoft Network Support

--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.