DNS servers can be classified into various types based on their functions and positions in the DNS resolution chain. Understanding these types is crucial for building a reliable DNS architecture.
DNS Server Classification
By Function
| Type | Function | Example |
|---|---|---|
| Recursive DNS Server | Completes full query on behalf of client | 8.8.8.8, 1.1.1.1 |
| Authoritative DNS Server | Stores and manages domain data | ns1.example.com |
| Root Server | Top layer of DNS hierarchy | a.root-servers.net |
| TLD Server | Manages top-level domains | .com, .org servers |
| Forwarding DNS Server | Forwards queries to other DNS | Enterprise internal DNS |
Recursive DNS Server
Definition and Role
Recursive DNS Server receives DNS queries from clients and is responsible for completing the entire query process, returning final results.
Workflow
Client → Recursive DNS Server ↓ Recursive DNS Server queries root server ↓ Queries TLD server ↓ Queries authoritative DNS server ↓ Returns final IP to client
Characteristics
✅ Client-friendly: Client only needs to send one request ✅ Caching: Caches query results, improves performance ✅ Simplifies Client: Client doesn't need to understand DNS hierarchy
❌ High Server Load: Needs to complete all subsequent queries ❌ May Be Abused: Can be used for DNS amplification attacks
Configuration Example
; named.conf options { recursion yes; allow-recursion { trusted; }; recursion-clients 1000; }; zone "." { type hint; file "root.hints"; };
Common Recursive DNS Servers
| Provider | Address | Features |
|---|---|---|
| 8.8.8.8 | Stable and reliable | |
| Cloudflare | 1.1.1.1 | Privacy-first |
| Quad9 | 9.9.9.9 | Malicious domain blocking |
| Alibaba | 223.5.5.5 | Fast domestic access |
Authoritative DNS Server
Definition and Role
Authoritative DNS Server stores and manages DNS data for specific domains, serving as the final data source for those domains.
Workflow
Recursive DNS Server → Authoritative DNS Server ↓ Authoritative DNS Server queries local data ↓ Returns authoritative answer
Characteristics
✅ Authoritative Data: Provides final data for domains ✅ Configurable: Administrators can configure DNS records ✅ Supports DNSSEC: Can sign DNS data
❌ Non-recursive: Only answers domains it's responsible for ❌ No Caching of Other Domains: Only stores its own data
Configuration Example
; Master server zone "example.com" { type master; file "/etc/bind/db.example.com"; allow-transfer { 192.0.2.10; }; }; ; Slave server zone "example.com" { type slave; file "/etc/bind/db.example.com.slave"; masters { 192.0.2.1; }; };
Master-Slave Architecture
Master Server ↓ AXFR/IXFR Slave Server 1 Slave Server 2
Advantages:
- High availability
- Load distribution
- Data redundancy
Root Server
Definition and Role
Root Server is the highest layer of DNS hierarchy, knowing the locations of all top-level domain (TLD) servers.
Workflow
Recursive DNS Server → Root Server ↓ Root Server returns TLD server address ↓ Recursive DNS Server queries TLD server
Characteristics
✅ DNS Starting Point: Starting point for all DNS resolution ✅ Anycast Deployment: Multiple nodes globally ✅ Highly Stable: Distributed architecture
❌ Limited Quantity: Logically only 13
Root Server List
| Identifier | Operator | Location |
|---|---|---|
| A | Verisign | USA |
| B | USC-ISI | USA |
| C | Cogent | USA |
| D | University of Maryland | USA |
| E | NASA | USA |
| F | ISC | USA |
| G | US DoD NIC | USA |
| H | US Army Research Lab | USA |
| I | Netnod | Sweden |
| J | Verisign | USA |
| K | RIPE NCC | UK/Netherlands |
| L | ICANN | USA |
| M | WIDE Project | Japan |
TLD Server
Definition and Role
TLD Server (Top-Level Domain Server) manages DNS data for top-level domains (like .com, .org, .cn).
Workflow
Recursive DNS Server → TLD Server ↓ TLD Server returns authoritative DNS server address ↓ Recursive DNS Server queries authoritative DNS server
Common TLDs
| TLD | Management Organization | Features |
|---|---|---|
| .com | Verisign | Largest TLD |
| .org | Public Interest Registry | Non-profit organizations |
| .net | Verisign | Network services |
| .cn | CNNIC | China's national domain |
Forwarding DNS Server
Definition and Role
Forwarding DNS Server forwards client DNS queries to other DNS servers instead of resolving them itself.
Workflow
Client → Forwarding DNS Server ↓ Forwards to upstream DNS server ↓ Upstream DNS server returns results ↓ Forwarding DNS Server returns to client
Configuration Example
; named.conf options { forward only; forwarders { 8.8.8.8; 1.1.1.1; }; };
Use Cases
- Enterprise Internal: Unified use of upstream DNS
- Firewall Restrictions: Limit direct internet access
- Cache Optimization: Local caching of upstream DNS results
DNS Server Architecture Design
Typical Architecture
Users ↓ Local DNS (Recursive) ↓ ┌────┴────┐ ↓ ↓ Root Server Forwarding DNS ↓ ↓ TLD Server Upstream DNS ↓ ↓ Authoritative DNS Server
High Availability Architecture
Users ↓ Local DNS Cluster (Load Balanced) ↓ ┌────┴────┐ ↓ ↓ Master Slave Authoritative Authoritative ↓ ↓ Database Database
Common Interview Questions
Q: What's the difference between recursive DNS server and authoritative DNS server?
A:
- Recursive DNS Server: Completes full query on behalf of client, returns final result (e.g., 8.8.8.8)
- Authoritative DNS Server: Stores and manages DNS data for specific domains, provides authoritative answers (e.g., ns1.example.com)
Q: Why do we need master-slave DNS servers?
A:
- High Availability: When master server fails, slave servers continue serving
- Load Distribution: Multiple servers share query load
- Data Redundancy: Prevent data loss
Q: What's the role of forwarding DNS server?
A:
- Unified Management: Enterprise internal unified use of upstream DNS
- Security Control: Limit direct internet access
- Performance Optimization: Local caching of upstream DNS results
Q: What's the difference between root server and TLD server?
A:
- Root Server: Top layer of DNS hierarchy, knows locations of all TLDs
- TLD Server: Manages specific top-level domains (e.g., .com), knows authoritative servers for all domains under that TLD
Summary
| Type | Role | Characteristics |
|---|---|---|
| Recursive DNS | Query on behalf of client | Caching, simplifies client |
| Authoritative DNS | Store domain data | Authoritative, configurable |
| Root Server | DNS starting point | Anycast, stable |
| TLD Server | Manage top-level domains | Hierarchical management |
| Forwarding DNS | Forward queries | Unified management, caching |