Identify Threats Before They Hit Your Network

33% of data breaches occur at the DNS layer—
You can protect yourself against them with DNSFilter

Authoritative Vs Recursive DNS

Authoritative Vs Recursive DNS: What You Need To Know

There are two types of DNS servers: authoritative and recursive

Authoritative DNS servers are the authority on DNS records and store DNS record information while recursive DNS servers interact directly with the end user. The recursive DNS server reads a user’s DNS request and either uses cached data to respond or attempts to discover the answer and then respond. The recursive DNS server is able to discover the answer by seeing what is stored on the authoritative DNS servers.

More detail on authoritative vs. recursive DNS

When you attempt to access a domain, your computer sends what is known as a DNS request or query. Every time you access a website, you’re making a DNS request. But you’re not always using authoritative DNS servers when you access a site. While you always rely on recursive servers, sometimes authoritative servers are not part of the process as stated above.

Recursive DNS is often called the “middleman” of DNS, but I think it could be more aptly referred to as the “workhorse” of DNS. It’s involved in every single DNS query, connecting the dots between end users and either authoritative name servers or cached information.

Let’s break it down even further. Please note that the following is a simplified version and this process can actually involve more steps. However, if you’re unfamiliar with types of DNS, this is a good breakdown of the usual process.

Authoritative DNS

As stated above, authoritative DNS servers are just that: the authority on DNS records for a domain.

The IP addresses (and other DNS data) of websites are stored on authoritative name servers. But in order for them to provide the correct IP, the DNS query needs to start at the root zone and travel downward so the recursive server knows exactly where to find the IP address. Domains are organized in a hierarchy by the top level domain, or TLD. By this we mean, there's information at the top, pointing to more below, which ultimately ends with the domain itself. 

Let’s extend the metaphor of DNS as “the phonebook of the internet.” If we are looking for the number (in this case IP address) for the domain of DNSFilter, you would first flip to the "com" section of the address book (the root and TLD servers), then look for "dnsfilter.com" (stored on the authoritative servers) where you would finally find the number you were after.

Recursive DNS

So while authoritative DNS servers “hold” the information, recursive DNS servers are discovering information about domains for you. This can be a lengthy process. 

It’s important to remember that there are billions of registered domains. In Q1 of 2021 alone, 363.5 million top-level domain names were registered. That means there is a lot happening behind the scenes (and all occurring very quickly!) directing recursive DNS to the correct authoritative name server.

The recursive resolver is the part of the system that's doing all the work here: flipping through each part of the address book until it finds the information you're really after.

When it's done this, it saves a copy of the data locally for a period of time. This is called caching. The amount of time data is cached for is determined by the TTL, or "time to live". This means that if the recursive resolver is asking for an address you’ve already visited within the TTL, it doesn't have to repeat the whole process again—it just sends back the information it has.

When you implement DNS protection and content filtering like DNSFilter, this is done through the DNS resolver.

In some cases, DNS queries aren't directly prompted by something the user is doing. This occurs when a user doesn’t directly request a domain, but rather a domain that was requested needs other domains in order to function properly. In these instances, it’s a machine-generated DNS query. I wrote a blog about TikTok network usage that gives examples of how this works. But even in these cases, DNSFilter will block malicious domains.

So even if you never actively navigate to a malicious site, sites you access may attempt to send malicious requests. With a DNS security solution like DNSFilter, you’re protected by even these background queries.

Start putting a barrier between your DNS requests and DNS resolution to better protect your organization. Get a free trial of DNSFilter today.

Serena Raymond
June 16, 2021
SHARE THIS ARTICLE
Most Popular
Why businesses are seeking out an OpenDNS Umbrella Alternative
July 15, 2021
By
Serena Raymond

Why are existing Cisco customers ditching their provider for an OpenDNS Umbrella alternative? We explore the four main factors that prompt them to switch.

read more
This is some text inside of a div block.

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.

Secure Your Organization Without Slowing Down

Content filtering for end-user protection. Block security threats and inappropriate content with DNSFilter.