With the domain name space continuing to expand and new service providers entering the market, there has been a lot of discussion about the different types of DNS services available today. While on the surface, many of these DNS services sound similar, in reality, the technology and name servers behind these services are vastly different in terms of functions, scale and complexity. One of the most important differentiators is whether the name server in question is authoritative or recursive.
How DNS Resolution Works
The Internet is made up of two major name spaces: The domain name hierarchy and the Internet Protocol (IP) addressing system. The DNS maintains the domain name space and provides translation services between the two name spaces.
A DNS name server stores the DNS records, such as address records, name server records, and mail exchanger (MX) records, for a domain name and responds with answers to queries against this data.
Every computer on the Internet has an IP address. Usually this is a series of four decimal numbers from 0 to 255 separated by dots, although in some cases, you may see a larger (IPv6) address of up to eight hexadecimals from 00 to FF separated by colons. The DNS resolves, that is, translates, computers' names into IP addresses and vice versa.
When you use your Internet browser to navigate to a website, the DNS supports you in multiple ways. First, a DNS stub resolver, a software application on your computer (or Internet enabled device such as a smartphone), looks into local memory to see if it has recently found and cached an IP address for the domain name of the website. If it does not find the address in its cache, it sends a DNS query to a recursive name server. The recursive name server has a cache as well. If it has looked up that exact domain name before, it will find the answer in its cache and respond at once. If not, it will need to send its own DNS queries to obtain the answer. It sends its queries to one or more of the authoritative name servers. These name servers maintain the domain data about specific portions of the name space (called zones) and thus can provide definitive answers.
Recursive Name Servers
A recursive name server performs domain name lookups on behalf of end-user devices, such as PCs, smartphones, etc., and is typically located on the network to which the device is attached. If you are using an Internet Service Provider (ISP), your recursive name server is typically at your ISP. If you are using the network at your office or school, the recursive server is usually located in a server room somewhere close by.
If a recursive name server does not find the answer to an end user's query in its cache, it will send one or more queries to authoritative name servers that chase down the answer using a process called recursion. The recursive name server repeats the query to one server after another. By default it starts with a query to a root name server, which is the authoritative server for TLDs. If it already has information in its cache for a more specific authoritative name server than root, the recursive name server will query the more specific authoritative server. For example, because queries for domain names in .com occur frequently, the recursive name server often already has information about the authoritative name servers for .com in its cache.
Recursive name servers cache DNS query results for a period of time determined in the configuration of each domain name record. DNS caching improves the efficiency of DNS by reducing DNS traffic across the Internet, and by reducing load on authoritative name servers. Because caching often allows a name server to answer questions quickly, end-user applications also see increased DNS performance.
Recursive name servers resolve any query they receive, by ultimately consulting the server or servers that are authoritative for the question being asked. The recursive server's queries to authoritative servers either result in a referral, directing the recursive server to a different authoritative server, or the final answer to the question.
Authoritative Name Servers
Authoritative name servers primarily answer queries from recursive name servers. In order to do so, they maintain accurate, up-to-date domain information for specific zones. Every domain name appears in a zone served by one or more authoritative name servers.
When a domain is registered with a domain name registrar, an administrator provides a list of name servers that are authoritative for the zone corresponding to that domain. The registrar in turn conveys these server names to the domain registry for the TLD that is authoritative for the corresponding zone, e.g. .com for VerisignInc.com. The domain registry updates its authoritative name servers to include the new domain information.
Authoritative name servers both respond to queries and act as maintainers of the domain name data, while recursive name servers only respond to queries, and do not have roles of registering, updating and maintaining the domain data.
Public DNS Services vs. Domain Registries
One type of public DNS service is provided by outsourced, publicly available recursive name servers. When using a public DNS service, an end-user computer sends its initial queries to the public DNS instead of sending to the recursive name server operated by its ISP, school, or company. Public DNS services thus receive queries from global locations, in common with authoritative name servers. As already noted, authoritative name servers answer queries from recursive name servers, while public DNS services are recursive servers that answer queries from end-user computers, and domain registries additionally create and maintain the authoritative domain databases. Because they differ in roles, the two server types have different resource requirements in terms of memory consumption, CPU usage, and network bandwidth and usage patterns. Despite their differences, the two types of server work together to enhance the performance of the Internet and enable the world to connect online with reliability and confidence.
As the global leader in domain names, Verisign powers the invisible navigation that takes people to where they want to go on the Internet. For more than 15 years, Verisign has operated the infrastructure for a portfolio of top-level domains that today include .com, .net, .tv, .edu, .gov, .jobs, .name and .cc, as well as two of the world's 13 Internet root servers. Verisign's product suite also includes Distributed Denial of Service (DDoS) Protection Services, iDefense Security Intelligence Services and Managed DNS. (Learn More)
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Neustar DNS Services
Minds + Machines
Neustar DDoS Protection