What is an authoritative DNS server? What is a recursive DNS server?
A DNS name server is anything serving DNS responses to DNS requests. But there are two kinds of name servers out there: authoritative name servers and recursive name servers. Authoritative name servers don’t need to consult any higher authority to serve their responses; they are the ultimate authority on the domains they are serving responses about. Conversely, recursive name servers serve their responses by consulting higher authorities; the recursive name servers are useful because they cache those responses and reduce the load on authoritative servers. The recursive name servers are a sort of global CDN for the DNS.
Name servers can be authoritative and recursive, but they broadly fall into those two categories. For examples:
- Your WiFi router (e.g. at
192.168.1.254) runs a name server. It is recursive, and you can often configure it via some web interface. My “PlusNet” router uses some PlusNet-operated name server at
- Google operates a name server at
184.108.40.206. It is (entirely?) recursive.
- Amazon Route53 operates name servers at many IPs, e.g.
220.127.116.11. It is an authoritative name server; not recursive.
- NASA operates one of the 13 root name servers at
18.104.22.168. It is an authoritative name server, not recursive.
A way to check whether a name server is authoritative is to query it for a common domain, e.g.
$ dig @22.214.171.124 google.com. ; <<>> DiG 9.8.3-P1 <<>> @126.96.36.199 google.com. ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20137 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 14 ;; WARNING: recursion requested but not available ... ...
dig says “recursion requested but not available”.
The server at
188.8.131.52 is therefore an authoritative name server only.
More by Jim
- Your syntax highlighter is wrong
- Granddad died today
- The Three Ts of Time, Thought and Typing: measuring cost on the web
- I hate telephones
- The sorry state of OpenSSL usability
- The dots do matter: how to scam a Gmail user
- My parents are Flat-Earthers
- How Hacker News stays interesting
- Project C-43: the lost origins of asymmetric crypto
- The hacker hype cycle
- The inception bar: a new phishing method
- Time is running out to catch COVID-19
- A probabilistic pub quiz for nerds
- Smear phishing: a new Android vulnerability
Tagged . All content copyright James Fisher 2017. This post is not associated with my employer. Found an error? Edit this page.