What is an authoritative DNS server?

Domain Name System (DNS) is a very cool world. As daily Internet users, we barely think about all the processes that take place when we surf on it, every time we click, we swipe, etc.

To dig a bit into the DNS scene could help everybody understand so much better an online business’ needs. 

This said, an authoritative DNS server is an essential DNS player, together with other servers (TLD, root, and recursive). They play in different scenarios but let’s say that during every common lookup, the four work in a team to accomplish the delivery of the accurate IP address of the domain requested to a visitor. 

What is an authoritative DNS server?

As authoritative, this server contains the zone file (the DNS records). You can manage the Master Zone from it and edit these records. It is in charge of answering recursive DNS name servers every time they look for the websites that users request if they don’t have it cached yet. The main info inside those answers recursive servers wait for is the accurate IP address of requested sites to locate them, instruction for services, and verifications.

An authoritative DNS server has two critical tasks. One is to save the domain names’ list with their assigned IP addresses (TLD name servers). And the other is to keep all the DNS records for the zone, and answer all the recursive servers requests with the right DNS record (A, MX, TXT, etc.). This delivery of info is key for recursive servers to give it back to the computer and browser that requested it, to be able to connect and finally load the requested website.

There are factors that can modify this process a bit, but in general, this is what happens every time clients request your site. And it should happen as fast as possible, for them not to get impatient and leave.

There are many authoritative DNS servers covering different regions, countries, continents.

How to identify authoritative answers?

An authoritative DNS server marks its answers by setting an AA (Authoritative Answer) bit.

Let’s make a lookup of a domain name. On Windows, just open the Command Prompt and use the nslookup command (nslookup yourdomain.com). When a result is not given by the authoritative server, it commonly says “non-authoritative answer”. This can happen when such a result is given by another server with a DNS record cached copy. If the result doesn’t find the requested website, very possibly such cached copy is not updated yet. So this server will ask for the correct info from the authoritative server.

Suppose you wonder why the authoritative server doesn’t answer directly every request made (lookup). The reason is simple, to distribute the server’s load. If just authoritative were answering all requests, traffic could drown it.

MacOS or Linux users, try the same lookup by opening the Terminal and using the dig command plus a domain name (dig yourdomain.com). Once you get the result, check the header next to the AUTHORITY. If the number is zero, it’s not an authoritative answer. If the number is >0, it is.

How are authoritative DNS servers configured?

Once you define your business website’s domain name, you have to register it through a registrar service. As part of this process, the DNS zone administrator supplies the authoritative servers’ name for the zone where the domain is managed to the TLD domain registry (top-level domain) that contains the zone. 

Domain registry, a domain name’s database, and their registrants’ data in top-level domains of the Internet’s DNS, configure authoritative servers for the corresponding TLD with delegations for every server in the zone. 

The administrator of the zone will verify that the domain name belongs to its zone, and in a positive case, it will provide IP addresses for the domain name to the authoritative servers to do their job.  

Conclusion

Authoritative DNS servers have a key role in the DNS game. Without the info they provide to find your business or whatever else on Internet would be an impossible mission.

Leave a Reply

Your email address will not be published. Required fields are marked *