Four different types of DNS servers have to work in harmony to deliver a single webpage.
What are the different types of DNS servers?
All DNS servers fall into four categories: Recursive resolvers, root nameservers, TLD nameservers, and authoritative nameservers. In a typical DNS lookup (when there is no caching in play), these four DNS servers work together in harmony to complete the task of delivering the IP address for a specified domain to the client (the client is usually a stub resolver – a simple resolver built into an operating system).
What is a DNS recursive resolver?
A recursive resolver (DNS recursor) is the first stop in a DNS query. The recursive resolver is a middleman between a client and a DNS nameserver. After receiving a DNS query from a web client, a recursive resolver will either respond with cached data or send a request to a root nameserver, followed by another request to a TLD name server and then one last request to an authoritative nameserver. After receiving a response from the authoritative nameserver containing the requested IP address, the recursive resolver sends a response to the client.
During this process, the recursive resolver will cache information received from authoritative nameservers. When a client requests the IP address of a domain name that another client recently requested, the resolver can circumvent the process of communicating with the name servers and deliver the client the requested record from its cache.
Most Internet users use a recursive resolver provided by their ISP, but other options are available; for example, Cloudflare’s 1.1.1.1 or Google’s 8.8.8.8.
What is a DNS root nameserver?
The 13 DNS root nameservers are known to every recursive resolver, and they are the first stop in a recursive resolver’s quest for DNS records. A root server accepts a recursive resolver’s query, which includes a domain name, and the root nameserver responds by directing the recursive resolver to a TLD nameserver based on the domain’s extension (.com, .net, .org, etc.). The root nameservers are overseen by a nonprofit called the Internet Corporation for Assigned Names and Numbers (ICANN).
Note that while there are 13 root nameservers, that does not mean that there are only 13 machines in the root nameserver system. There are 13 types of root nameservers, but there are multiple copies of each one worldwide, which use Anycast routing to provide speedy responses. If you added up all the instances of root nameservers, you’d have over 600 different servers.
What is a TLD nameserver?
A TLD nameserver maintains information for all the domain names that share a common domain extension, such as .com, .net, or whatever comes after the last dot in a URL. For example, a .com TLD nameserver contains information for every website that ends in ‘.com.’ If a user were searching for google.com, after receiving a response from a root nameserver, the recursive resolver would then send a query to a .com TLD nameserver, which would respond by pointing to the authoritative nameserver (see below) for that domain.
Management of TLD nameservers is handled by the Internet Assigned Numbers Authority (IANA), a branch of ICANN. The IANA breaks up the TLD servers into two main groups:
- Generic top-level domains: These are domains that are not country-specific; some of the best-known generic TLDs include .com, .org, .net, .edu, and .gov.
- Country code top-level domains: These include any domains that are specific to a country or state. Examples include .uk, .us, .ru, and .jp.
There is actually a third category for infrastructure domains, but it is rarely used. This category was created for the .arpa domain, a transitional domain used to create modern DNS; its significance today is mostly historical.
What is an authoritative nameserver?
When a recursive resolver receives a response from a TLD nameserver, that response will direct the resolver to an authoritative nameserver. The authoritative nameserver is usually the resolver’s last step in the journey for an IP address. The authoritative nameserver contains information specific to the domain name it serves (e.g., google.com). It can provide a recursive resolver with the IP address of that server found in the DNS A record, or if the domain has a CNAME record (alias), it will provide the recursive resolver with an alias domain, at which point the recursive resolver will have to perform a whole new DNS lookup to procure a record from an authoritative nameserver (often an A record containing an IP address).