Authoritative Vs Recursive DNS: What You Need To Know

Listen to this article instead
4:30


There are two types of DNS servers: authoritative and recursive

Authoritative DNS servers are the authority on DNS records and store DNS record information while recursive DNS servers interact directly with the end user. The recursive DNS server reads a user’s DNS request and either uses cached data to respond or attempts to discover the answer and then respond. The recursive DNS server is able to discover the answer by seeing what is stored on the authoritative DNS servers.

More detail on authoritative vs. recursive DNS

When you attempt to access a domain, your computer sends what is known as a DNS request or query. Every time you access a website, you’re making a DNS request. But you’re not always using authoritative DNS servers when you access a site. While you always rely on recursive servers, sometimes authoritative servers are not part of the process as stated above.

Recursive DNS is often called the “middleman” of DNS, but I think it could be more aptly referred to as the “workhorse” of DNS. It’s involved in every single DNS query, connecting the dots between end users and either authoritative name servers or cached information.

Let’s break it down even further. Please note that the following is a simplified version and this process can actually involve more steps. However, if you’re unfamiliar with types of DNS, this is a good breakdown of the usual process.

Authoritative DNS

As stated above, authoritative DNS servers are just that: the authority on DNS records for a domain.

The IP addresses (and other DNS data) of websites are stored on authoritative name servers. But in order for them to provide the correct IP, the DNS query needs to start at the root zone and travel downward so the recursive server knows exactly where to find the IP address. Domains are organized in a hierarchy by the top level domain, or TLD. By this we mean, there's information at the top, pointing to more below, which ultimately ends with the domain itself. 

Let’s extend the metaphor of DNS as “the phonebook of the internet.” If we are looking for the number (in this case IP address) for the domain of DNSFilter, you would first flip to the "com" section of the address book (the root and TLD servers), then look for "dnsfilter.com" (stored on the authoritative servers) where you would finally find the number you were after.

Recursive DNS

So while authoritative DNS servers “hold” the information, recursive DNS servers are discovering information about domains for you. This can be a lengthy process. 

It’s important to remember that there are billions of registered domains. In Q1 of 2021 alone, 363.5 million top-level domain names were registered. That means there is a lot happening behind the scenes (and all occurring very quickly!) directing recursive DNS to the correct authoritative name server.

The recursive resolver is the part of the system that's doing all the work here: flipping through each part of the address book until it finds the information you're really after.

When it's done this, it saves a copy of the data locally for a period of time. This is called caching. The amount of time data is cached for is determined by the TTL, or "time to live". This means that if the recursive resolver is asking for an address you’ve already visited within the TTL, it doesn't have to repeat the whole process again—it just sends back the information it has.

When you implement DNS protection and content filtering like DNSFilter, this is done through the DNS resolver.

In some cases, DNS queries aren't directly prompted by something the user is doing. This occurs when a user doesn’t directly request a domain, but rather a domain that was requested needs other domains in order to function properly. In these instances, it’s a machine-generated DNS query. I wrote a blog about TikTok network usage that gives examples of how this works. But even in these cases, DNSFilter will block malicious domains.

So even if you never actively navigate to a malicious site, sites you access may attempt to send malicious requests. With a DNS security solution like DNSFilter, you’re protected by even these background queries.

Start putting a barrier between your DNS requests and DNS resolution to better protect your organization. Get a free trial of DNSFilter today.

Search
  • There are no suggestions because the search field is empty.
Latest posts
What is Secure Web Gateway: What It Does, Benefits, and More What is Secure Web Gateway: What It Does, Benefits, and More

In today's world of ever-increasing cyber threats, organizations need strong defenses to protect their networks and data and in this complex digital ecosystem, we need more than just one line of defense.

Revving Up the Fun: DNSFilter's IndyCar Experience Recap — St. Pete Edition Revving Up the Fun: DNSFilter's IndyCar Experience Recap — St. Pete Edition

What a weekend at the track! DNSFilter was thrilled to host 10 guests alongside Pax8 this weekend for an unforgettable IndyCar experience in sunny St. Petersburg. Those who joined us came from Thrive, MVP Network Consulting LLC, Myrtle Beach Academy of Aviation, Entech, NetGain Technologies,Warren Averett Technology Group, LLC, and ECMSI—we were lucky to be in such great company for our very first race of the season.

Man-in-the-Middle Attacks: What Are They? Man-in-the-Middle Attacks: What Are They?

A man-in-the-middle (MITM) attack is a form of cyber threat where a bad actor inserts themselves into a conversation between two parties, intercepts traffic, and gains access to information that the two parties were trying to send to each other. It allows attackers to eavesdrop, collect data, and even alter communications between victims. Understanding the mechanics, implications, and defense mechanisms against MITM attacks is essential for prote...

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.