In this post, we will answer the most popular question that’s our users have asked over the years: What’s the difference between authoritative and recursive DNS servers?
What is DNS?
What’s DNS? Skip this if you know. If not, we’ll make it easy.
DNS, better known as the Domain Name System, connects you to different websites and servers by translating domain names like www.example.com into an IP address like 220.127.116.11 These numbers are then used by routers and servers to direct your requests and get you the right answer which is then translated back into a domain name. [Want to see this in action?]
Authoriative vs. Recursive
There are two different kinds of servers that you’ll run your queries through when you’re trying to connect to a site. These servers are called Authoritative and Recursive DNS servers, and they are the servers that respond to your queries and hold the canonical information that says which IP address maps to which domain.
In a nutshell, Authoritative DNS servers store the “maps” of your domain names to IP addresses. This domain name to IP mapping is usually configured by system administrators. A person that is visiting web sites asks Recursive DNS servers for the lookups. Recursive DNS servers than ask the necessary Authoritative Name Server for the answer. Then the Recursive name server will give this answer to the person needing the information.
How Recursive Servers Work
Recursive servers are the workhorses in the DNS lookup process. They often have to make numerous DNS lookups in order to respond with the proper IP for the querying client. These kinds of servers are typically managed by an ISP (Internet Service Provider) or specialty resolving DNS providers.
For example, Google runs their own public recursive DNS servers.
How Authoritative Servers Work
If you own a domain name, at some point you will need to use an Authoritative DNS server to map your domain names to an IP address. This is only done on an Authoritative DNS server.
Authoritative DNS servers are configured in a hierarchical structure. Everything starts with the dot root name servers. These authoritative name servers know where to find the next level set in the hierarchy such as Top Level Domains. The root servers are at the top of the proverbial DNS tree. They know exactly which IP addresses of the authoritative servers are the ones that handle DNS queries for Top Level Domains (TLD) like .com.
So now we’re starting to a see a difference… The Authoritative servers have direct access to the root name servers, while the Recursive servers will sometimes already have this information stored or cached.
But what if your Recursive server doesn’t have the map cached?
If your Recursive DNS server doesn’t have any information cached, what steps would the recursive server take to find the IP address for said domain?
- First the recursive server would go to the root domain servers.
- Then, it goes to the authoritative server designated as .com.
This is why they are called recursive servers because they recurse through the hierarchical DNS tree from top to bottom until they hit the authoritative server for the domain in question. Most of the time, recursive DNS servers are actually caching recursive DNS servers. This means they store the maps of URLs to IPs for a specified amount of time (known as the TTL or time to live). This means they don’t have to repeatedly send the same queries to those same authoritative servers, saving the user a lot of time.
Recursive name server only knows where to find the root name servers (dot). Based up each level of name servers knowing where the next level is in the hierarchy, the answer is eventually found.
Also published on Medium.