Home / Industry

What's in a Name Server?

With the domain name space continuing to expand and new service providers entering the market, there has been a lot of discussion about the different types of DNS services available today. While on the surface, many of these DNS services sound similar, in reality, the technology and name servers behind these services are vastly different in terms of functions, scale and complexity. One of the most important differentiators is whether the name server in question is authoritative or recursive.

How DNS Resolution Works

The Internet is made up of two major name spaces: The domain name hierarchy and the Internet Protocol (IP) addressing system. The DNS maintains the domain name space and provides translation services between the two name spaces.

A DNS name server stores the DNS records, such as address records, name server records, and mail exchanger (MX) records, for a domain name and responds with answers to queries against this data.

Every computer on the Internet has an IP address. Usually this is a series of four decimal numbers from 0 to 255 separated by dots, although in some cases, you may see a larger (IPv6) address of up to eight hexadecimals from 00 to FF separated by colons. The DNS resolves, that is, translates, computers' names into IP addresses and vice versa.

When you use your Internet browser to navigate to a website, the DNS supports you in multiple ways. First, a DNS stub resolver, a software application on your computer (or Internet enabled device such as a smartphone), looks into local memory to see if it has recently found and cached an IP address for the domain name of the website. If it does not find the address in its cache, it sends a DNS query to a recursive name server. The recursive name server has a cache as well. If it has looked up that exact domain name before, it will find the answer in its cache and respond at once. If not, it will need to send its own DNS queries to obtain the answer. It sends its queries to one or more of the authoritative name servers. These name servers maintain the domain data about specific portions of the name space (called zones) and thus can provide definitive answers.

Recursive Name Servers

A recursive name server performs domain name lookups on behalf of end-user devices, such as PCs, smartphones, etc., and is typically located on the network to which the device is attached. If you are using an Internet Service Provider (ISP), your recursive name server is typically at your ISP. If you are using the network at your office or school, the recursive server is usually located in a server room somewhere close by.

If a recursive name server does not find the answer to an end user's query in its cache, it will send one or more queries to authoritative name servers that chase down the answer using a process called recursion. The recursive name server repeats the query to one server after another. By default it starts with a query to a root name server, which is the authoritative server for TLDs. If it already has information in its cache for a more specific authoritative name server than root, the recursive name server will query the more specific authoritative server. For example, because queries for domain names in .com occur frequently, the recursive name server often already has information about the authoritative name servers for .com in its cache.

Recursive name servers cache DNS query results for a period of time determined in the configuration of each domain name record. DNS caching improves the efficiency of DNS by reducing DNS traffic across the Internet, and by reducing load on authoritative name servers. Because caching often allows a name server to answer questions quickly, end-user applications also see increased DNS performance.

Recursive name servers resolve any query they receive, by ultimately consulting the server or servers that are authoritative for the question being asked. The recursive server's queries to authoritative servers either result in a referral, directing the recursive server to a different authoritative server, or the final answer to the question.

Authoritative Name Servers

Authoritative name servers primarily answer queries from recursive name servers. In order to do so, they maintain accurate, up-to-date domain information for specific zones. Every domain name appears in a zone served by one or more authoritative name servers.

When a domain is registered with a domain name registrar, an administrator provides a list of name servers that are authoritative for the zone corresponding to that domain. The registrar in turn conveys these server names to the domain registry for the TLD that is authoritative for the corresponding zone, e.g. .com for VerisignInc.com. The domain registry updates its authoritative name servers to include the new domain information.

Authoritative name servers both respond to queries and act as maintainers of the domain name data, while recursive name servers only respond to queries, and do not have roles of registering, updating and maintaining the domain data.

Public DNS Services vs. Domain Registries

One type of public DNS service is provided by outsourced, publicly available recursive name servers. When using a public DNS service, an end-user computer sends its initial queries to the public DNS instead of sending to the recursive name server operated by its ISP, school, or company. Public DNS services thus receive queries from global locations, in common with authoritative name servers. As already noted, authoritative name servers answer queries from recursive name servers, while public DNS services are recursive servers that answer queries from end-user computers, and domain registries additionally create and maintain the authoritative domain databases. Because they differ in roles, the two server types have different resource requirements in terms of memory consumption, CPU usage, and network bandwidth and usage patterns. Despite their differences, the two types of server work together to enhance the performance of the Internet and enable the world to connect online with reliability and confidence.

About Verisign

Verisign

Verisign, a global leader in domain names and Internet security, enables Internet navigation for many of the world's most recognized domain names and provides protection for websites and enterprises around the world. Verisign ensures the security, stability and resiliency of key Internet infrastructure and services, including the .com and .net domains and two of the Internet's root servers, as well as performs the root-zone maintainer functions for the core of the Internet's Domain Name System (DNS). Learn More

Related topics: DNS, DNS Security, Domain Names, Registry Services, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

.ONLINE GA Launches with 28,000 Registrations in the First 30 Minutes

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Influential Law Firms Have Become Early Adopters of '.law' TLD

.Online Receives 550+ Sunrise Requests, a Fortnight Still to Go

Announcing Verisign IntelGraph: Unprecedented Context for Cybersecurity Intelligence

40+ Pioneers Signed on for .TECH, as it Enters EAP Today‚Ä®

WeddingWire Joins Minds + Machines As New TLD '.Wedding' Pioneer

LogicBoxes Introduces DomainBridge

Carlsberg Group Joins Minds + Machines Pioneer Program

Introducing the Verisign DNS Firewall

In Celebration of Marriage Equality Each New .LGBT Name Donates $20 to the It Gets Better Project

TLD Security, Spec 11 and Business Implications

Verisign Named to the Online Trust Alliance's 2015 Honor Roll

LogicBoxes Powers .NGO & .ONG Retail and Wholesale Channels for ENSET

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services

Key Considerations for Selecting a Managed DNS Provider

Verisign Mitigates More DDoS Attacks in Q1 2015 than Any Quarter in 2014

Alabama Joins dotVOTE Movement - Announces Alabama.vote for Its Election Site

LogicBoxes Partners With Domains.Green to Setup Retail & Wholesale Channels for .green Domains

Sponsored Topics