Hopefully you’ll never need to have this explained to you, but a forward lookup is a DNS query that translates a hostname into an IP address.  A forward lookup can return many different record types, not all of which are IP addresses.

In DNS terminology this is going to result in a response which is an A record, an AAAA record, a CNAME, or an NX response.  There are other types of records, but since there’s no documentation on this site that talks about them, we’re leaving them out.

An A record is an address record that specifies an IPv4 address, like 127.0.0.1.

An AAAA record is an address record that specifies an IPv6 address, like ::1/128.

An NX response is a negative lookup, which basically means “No, that name doesn’t exist.”  An NX record means that you’re out of luck, and there’s no point in asking anyone else about it.

A CNAME is a special kind of response that means in essence that the resource exists, but it’s called something else.  It points to another record, which then has to be looked up.  One very common example would be a lookup for foo.com that has a CNAME response that means “No, we call that www.foo.com“.  To turn that into an IP address, a follow-up query for www.foo.com will need to be made.  A CNAME is also special in that while most names can have both A and AAAA records (as well as NS records, SRV records, TXT records, and a few others we’re not mentioning)  associated with them, a CNAME is a singleton record which will always be the only response returned because both the name and the target of the CNAME are meant to be entirely the same.

There are two types of queries defined for DNS.  Recursive and (somewhat predictably) non-recursive queries which are called iterative queries.

An iterative query is a query which will return either the answer required, or a reference to another resource (usually another nameserver or some other specific item), and then it’s done.  Iterative queries are very simple, and what everything else is built upon.  See also http://www.zytrax.com/books/dns/ch2/index.html#iterative.  If your nameserver is responsible for being the source of information for a zone, it’s going to need to allow iterative queries from anyone who’s supposed to be able to access that.

A recursive query can be thought of as “plain old nameservice” where a server is given a query for the IP address associated with a name, or the name associated with an IP address.  A recursive query can actually involve quite a bit of work, so they should not be allowed for the general public.  See also http://www.zytrax.com/books/dns/ch2/index.html#recursive.  If you’re running a caching nameserver at home, you will need to allow the hosts on your local network (and no one else) to perform recursive queries.

An ACL is an Access Control List, which is to say a list of groups, users, networks, or “objects” which are allowed or denied depending on what it’s being used for.

It’s a very common acronym in information technology, so if you don’t know it already, please do try to remember it.

A rabbit hole is a website or series of links which distracts the reader into infinite digression.  The digression is a problem because it’s not exactly guaranteed that the reader will remember later what information or learning they were looking to gain in the first place.

…as is this web page.  You have been warned.  So let’s put a stop to it and turn back now.