What Is Authoritative DNS?

Authoritative DNS is the system that keeps official records corresponding to domain names such as IP addresses. Domain names are the human-readable names of IP addresses that direct applications such as browsers to websites such as www.example.com. IP addresses are designated by strings of numbers and periods — like 123.45.67.189 — that can be read by machines.

When a user types a domain name into a browser, the user’s device queries the DNS system for the IP address for the domain name. If the address cannot be produced quickly from the initial DNS server, it contacts another nameserver to look for the answer. This process is known as the recursive lookup process.

The Domain Name System (DNS) makes it possible for users to navigate the web using easy-to-remember names rather than long strings of numbers. DNS is often called the phone book of the internet, since it is responsible for keeping records such as the IP addresses for a website.

To allow millions of computers and devices to quickly find IP addresses  and websites, applications, and other web resources, DNS uses a highly distributed system of servers rather than one enormous centralized database of domain names and IP addresses. This distributed system includes many types of DNS servers, including authoritative DNS servers and recursive DNS servers. Authoritative DNS servers keep the official information for names and IP addresses for a certain domain, while recursive DNS servers help to make that information readily available.

Recursive DNS servers (also known as DNS resolvers or recursive resolvers) are the first stop in the chain of events that produces an IP address for an internet resource such as a web domain name. Recursive DNS servers are managed by a DNS provider, typically an internet service provider (ISP) or content service provider (CSP), and store answers to previous DNS queries (also known as DNS lookups) in a local cache for a certain period of time, reducing the amount of time it takes to resolve a DNS request. This is really helpful for responding to repeated DNS requests for the dozens or hundreds of websites that a user regularly visits each day. The length of time a recursive server caches each DNS record is determined by a time to live (TTL), which is set in the authoritative DNS server. (A longer TTL helps reduce internet traffic, while a shorter TTL ensures greater accuracy by requiring recursive resolvers to check for updates more frequently.) If the recursive server doesn’t have a record of a website’s IP address in its cache, it will check with other recursive servers. If those searches are unsuccessful, the recursive server reaches out to an authoritative DNS server for an answer.

It takes several steps for DNS to produce the IP address for a domain name.

• When a user enters the name of the website, or domain name, into a web browser, the user’s device issues a DNS request that is transmitted to a DNS recursive server.
• The recursive server may respond with the IP address from DNS records stored in its DNS cache from previous requests. Alternatively, it will contact additional servers to get information. These include a root nameserver that tracks IP addresses of authoritative nameservers for different top level domains such as .com, .edu, .net, and.org. The request then moves to top-level domain nameservers, or TLD servers, that direct the request to the authoritative DNS for an authoritative answer.
• The authoritative DNS server responds with the IP address of the requested domain, which the recursive DNS server stores in its cache and passes along to the user’s device.
• The user’s browser uses the IP address to load the website.

Fortunately for users, the entire chain of events for a DNS service may only take a fraction of a second.