Unbeknownst to many, authoritative and recursive domain name system (DNS) servers are the foundation of the internet. In this article, we’re going to introduce these two concepts and identify the key differences between them.
Each computer and website on the internet is identified using an internet protocol (IP) address. You may already be familiar with the IP address, a series of numbers that means you can contact any computer as long as you have its IP. Servers that host websites and applications on the internet also have IP addresses.
What is the Domain Name System (DNS)?
Also referred to as the “directory” of the internet, the domain name system or DNS allows you to connect to any website by typing in its IP address in the address bar of your browser. DNS was primarily created so that people would no longer need to key in long IP address numbers and instead use names like www.examplewebsite.com.
And since there are much too many sites on the Internet for personal computers to keep track of, DNS servers power a website directory service for better efficiency. While there is no single ‘phone book’ that contains all website addresses, there are two types of DNS servers that carry out different functions.
These are authoritative and recursive nameservers. The former is much like the phone book company that publishes multiple phone books based on region, while the latter is like someone who uses a phone book to find a number they need to get in touch with a person or a company.
What are Recursive DNS Servers?
When you type a website address into your browser’s address bar, the DNS system makes browsing possible by connecting to a recursive DNS server. There are thousands of recursive DNS servers globally, and most people use recursive DNS servers managed by their Internet Service Provider (ISP).
Once a computer connects to its assigned recursive DNS server, it looks for the IP address assigned to a certain website name. Since the recursive DNS server does not have a copy of the directory, it connects to another type of DNS server to continue the search.
What are Authoritative DNS Nameservers?
Authoritative DNS servers hold a copy of the regional phone book that matches IP addresses with domain names, hence the term “authoritative.” They are responsible for providing responses to recursive DNS nameservers about where to find specific websites and thus contain important information for each domain, such as their IP addresses.
There are different types of authoritative DNS servers that cover different regions, such as countries, localities, and companies. Regardless of the region they cover, authoritative DNS servers perform two important tasks:
- Storing lists of domain names and associated IP addresses
- Responding to requests from recursive DNS servers about the correct IP address assigned to a domain name
Once it gets a response, the recursive DNS server sends the information back to the requesting computer and browser.
Where Do Recursive and Authoritative Nameservers Fit Within DNS?
When a recursive resolver receives a request, it first attempts to answer the query with information it has in its cache. If such information does not exist in its cache, the resolver then contacts a root server, which will then refer it to a TLD (the letters that come after the dot in the domain name). The resolver is then referred by the TLD to an authoritative nameserver, which provides the answer to the recursive resolver’s original request. This is a process that repeats as often as needed until a final answer is acquired.
Who Uses Recursive DNS?
Anyone who uses any system or device to connect to the internet uses recursive DNS. As mentioned, these are typically provided by their internet service providers, but internet users can also search for alternatives beyond what their ISP currently provides.
Who Uses Authoritative DNS?
Most authoritative DNS users are small and enterprise-level businesses. However, so do individuals who own domain names for blogs, businesses, and the like. This is because an authoritative DNS allows a domain to be reachable by anyone trying to access the site.
Enterprise-level authoritative DNS are more secure, offer better performance, and have more features — making them critical for businesses. Both free and paid authoritative DNS providers are available, but most organizations opt for paid providers that offer premium features and better security.
Key Differences Between Recursive and Authoritative DNS
Recursive and authoritative DNS work hand-in-hand with each other, but there are key differences that exist between them. Recursive servers primarily store information that they’ve previously retrieved temporarily. However, when that information isn’t available in their cache, they have to get it from another server.
Authoritative nameservers, on the other hand, contain up-to-date information and can provide final answers for new user queries.
The recursive DNS provided by ISPs also typically lack the advanced features offered by authoritative DNS providers, like customization options and EDNS client subnet utilization.
For example, let’s say a user wishes to find a recipe online for spaghetti with meatballs. The user proceeds to visit Google to conduct a search by typing “www.google.com” into their web browser. If the user’s computer does not yet know the website’s server IP address, it sends a query to its assigned recursive DNS nameserver.
As discussed earlier, this is usually provided by the user’s ISP. Their computer then asks
the ISP’s recursive DNS server to locate www.google.com’s IP address. The ISP’s recursive DNS nameserver is thus assigned to find the IP address of the website.
Since Google is a widely used, popular website, the result will probably be in the cache. However, if the recursive DNS nameserver does not readily have the DNS record for www.google.com cached in its system, it refers to the authoritative DNS hierarchy to get the answer. This may not be the case for Google, but this could happen if the user were navigating to a less popular website or search engine.
Now, every website address has a “.” between it and the TLD, which designates the DNS root nameservers. These root domain nameservers know the IP addresses of the authoritative nameservers handling DNS queries for Top Level Domains (TLD).
The DNS server asks the root domain nameserver for the IP address of the .com TLD server, then the root domain nameserver responds with the address of the TLD server.
The ISP’s recursive DNS server will then ask the TLD authoritative server where it can locate the authoritative DNS server for www.google.com. The TLD authoritative server will then respond. Once the recursive DNS server finds out the IP address for the website, it will now be able to respond to the user’s computer with the appropriate IP address. The Google website then loads on their browser, and the user can now go through recipes of spaghetti with meatballs listed on the search results pages.
Authoritative DNS Vs. Recursive DNS at NetActuate
Let’s explore how NetActuate can deliver authoritative and recursive DNS services:
Authoritative DNS
Let’s say you’re registering a new website called example.com. You will need to do so via a domain registrar, or a business entity concerned with handling the reservation of domain names and assignment of IP addresses to these domains.
As such, domain registrars work with the Internet Corporation for Assigned Names and Numbers (ICANN) and TLD (top level domain) operators to let you register a domain name. Along with your registration, you specify the authoritative nameservers that can provide information about it.
NetActuate provides services to many domain registries and registrars, such as Nominet, Centralnic, Afilias (Donuts), Tucows, and more. This will commonly include MX (mail records) that may point to your email provider, as well as A and CNAME records for www.example.com and example.com to point to your hosting company.
Recursive DNS
Every device that needs to translate domain names like example.com to an IP address, uses recursive DNS servers. For example, if you’re using WiFi at home, your modem or ISP likely provides them to you, and your WiFi system may even provide caching.
So, let’s briefly recap how recursive DNS works. When your computer does a lookup for www.example.com, it first queries what is known as the “root” servers, that host simply “dot” or the “.” before .com in this case. The root servers tell your recursive DNS resolver where to go next to find records. In this case, it’s .com, but it could be any other TLD.
Next, your computer will make a request to the nameservers for example.com, and here is where they will get the records for the authoritative nameservers you’ve set up. The request will finally go to those servers, and your browser will return the IP address for example.com so you can visit it.
There are many benefits to running recursive DNS services, including for security and filtering purposes. NetActuate helps power many services, from hosting the H root for the U.S. Government (just “.”) to leading DNS companies like DNSfilter, SafeDNS, NoIP, and others that provide advanced security, parental filtering, and more for both consumers and businesses worldwide.
Final Thoughts
Without DNS, the internet ceases to function. The DNS system is so vital to our modern world that it is often described as the backbone of the internet. If your recursive DNS service encounters an issue, you won’t be able to access websites unless you manually enter their IP addresses—and who keeps an emergency list of IPs on hand? Even if your recursive DNS service is operational but experiencing delays (such as from a cyberattack), your connection to websites will also suffer.
For businesses, this can result in a loss of productivity and revenue. While recursive and authoritative DNS may seem similar on the surface, they serve different functions and play important roles in ensuring a smooth internet experience. Without both types of DNS working effectively together, navigating the internet would be much more difficult and much less secure.
So next time you type in a website address, and it immediately loads, remember to thank the DNS system for its crucial role in keeping our online world running smoothly. Talk to an expert to learn more.