What Are the Types of DNS Servers and Their Roles

DNS servers can be classified into various types based on their functions and positions in the DNS resolution chain. Understanding these types is crucial for building a reliable DNS architecture.

DNS Server Classification

By Function

Type	Function	Example
Recursive DNS Server	Completes full query on behalf of client	8.8.8.8, 1.1.1.1
Authoritative DNS Server	Stores and manages domain data	ns1.example.com
Root Server	Top layer of DNS hierarchy	a.root-servers.net
TLD Server	Manages top-level domains	.com, .org servers
Forwarding DNS Server	Forwards queries to other DNS	Enterprise internal DNS

Recursive DNS Server

Definition and Role

Recursive DNS Server receives DNS queries from clients and is responsible for completing the entire query process, returning final results.

Workflow

shell
Client → Recursive DNS Server
         ↓
    Recursive DNS Server queries root server
         ↓
    Queries TLD server
         ↓
    Queries authoritative DNS server
         ↓
    Returns final IP to client

Characteristics

✅ Client-friendly: Client only needs to send one request ✅ Caching: Caches query results, improves performance ✅ Simplifies Client: Client doesn't need to understand DNS hierarchy

❌ High Server Load: Needs to complete all subsequent queries ❌ May Be Abused: Can be used for DNS amplification attacks

Configuration Example

bind
; named.conf
options {
    recursion yes;
    allow-recursion { trusted; };
    recursion-clients 1000;
};

zone "." {
    type hint;
    file "root.hints";
};

Common Recursive DNS Servers

Provider	Address	Features
Google	8.8.8.8	Stable and reliable
Cloudflare	1.1.1.1	Privacy-first
Quad9	9.9.9.9	Malicious domain blocking
Alibaba	223.5.5.5	Fast domestic access

Authoritative DNS Server

Definition and Role

Authoritative DNS Server stores and manages DNS data for specific domains, serving as the final data source for those domains.

Workflow

shell
Recursive DNS Server → Authoritative DNS Server
         ↓
    Authoritative DNS Server queries local data
         ↓
    Returns authoritative answer

Characteristics

✅ Authoritative Data: Provides final data for domains ✅ Configurable: Administrators can configure DNS records ✅ Supports DNSSEC: Can sign DNS data

❌ Non-recursive: Only answers domains it's responsible for ❌ No Caching of Other Domains: Only stores its own data

Configuration Example

bind
; Master server
zone "example.com" {
    type master;
    file "/etc/bind/db.example.com";
    allow-transfer { 192.0.2.10; };
};

; Slave server
zone "example.com" {
    type slave;
    file "/etc/bind/db.example.com.slave";
    masters { 192.0.2.1; };
};

Master-Slave Architecture

shell
Master Server
    ↓ AXFR/IXFR
Slave Server 1
Slave Server 2

Advantages:

• High availability
• Load distribution
• Data redundancy

Root Server

Definition and Role

Root Server is the highest layer of DNS hierarchy, knowing the locations of all top-level domain (TLD) servers.

Workflow

shell
Recursive DNS Server → Root Server
         ↓
    Root Server returns TLD server address
         ↓
    Recursive DNS Server queries TLD server

Characteristics

✅ DNS Starting Point: Starting point for all DNS resolution ✅ Anycast Deployment: Multiple nodes globally ✅ Highly Stable: Distributed architecture

❌ Limited Quantity: Logically only 13

Root Server List

Identifier	Operator	Location
A	Verisign	USA
B	USC-ISI	USA
C	Cogent	USA
D	University of Maryland	USA
E	NASA	USA
F	ISC	USA
G	US DoD NIC	USA
H	US Army Research Lab	USA
I	Netnod	Sweden
J	Verisign	USA
K	RIPE NCC	UK/Netherlands
L	ICANN	USA
M	WIDE Project	Japan

TLD Server

Definition and Role

TLD Server (Top-Level Domain Server) manages DNS data for top-level domains (like .com, .org, .cn).

Workflow

shell
Recursive DNS Server → TLD Server
         ↓
    TLD Server returns authoritative DNS server address
         ↓
    Recursive DNS Server queries authoritative DNS server

Common TLDs

TLD	Management Organization	Features
.com	Verisign	Largest TLD
.org	Public Interest Registry	Non-profit organizations
.net	Verisign	Network services
.cn	CNNIC	China's national domain

Forwarding DNS Server

Definition and Role

Forwarding DNS Server forwards client DNS queries to other DNS servers instead of resolving them itself.

Workflow

shell
Client → Forwarding DNS Server
         ↓
    Forwards to upstream DNS server
         ↓
    Upstream DNS server returns results
         ↓
    Forwarding DNS Server returns to client

Configuration Example

bind
; named.conf
options {
    forward only;
    forwarders {
        8.8.8.8;
        1.1.1.1;
    };
};

Use Cases

• Enterprise Internal: Unified use of upstream DNS
• Firewall Restrictions: Limit direct internet access
• Cache Optimization: Local caching of upstream DNS results

DNS Server Architecture Design

Typical Architecture

shell
Users
    ↓
Local DNS (Recursive)
    ↓
    ┌────┴────┐
    ↓         ↓
  Root Server   Forwarding DNS
    ↓         ↓
  TLD Server   Upstream DNS
    ↓         ↓
Authoritative DNS Server

High Availability Architecture

shell
Users
    ↓
Local DNS Cluster (Load Balanced)
    ↓
    ┌────┴────┐
    ↓         ↓
  Master      Slave
  Authoritative Authoritative
    ↓         ↓
  Database    Database

Common Interview Questions

Q: What's the difference between recursive DNS server and authoritative DNS server?

A:

• Recursive DNS Server: Completes full query on behalf of client, returns final result (e.g., 8.8.8.8)
• Authoritative DNS Server: Stores and manages DNS data for specific domains, provides authoritative answers (e.g., ns1.example.com)

Q: Why do we need master-slave DNS servers?

A:

1. High Availability: When master server fails, slave servers continue serving
2. Load Distribution: Multiple servers share query load
3. Data Redundancy: Prevent data loss

Q: What's the role of forwarding DNS server?

A:

1. Unified Management: Enterprise internal unified use of upstream DNS
2. Security Control: Limit direct internet access
3. Performance Optimization: Local caching of upstream DNS results

Q: What's the difference between root server and TLD server?

A:

• Root Server: Top layer of DNS hierarchy, knows locations of all TLDs
• TLD Server: Manages specific top-level domains (e.g., .com), knows authoritative servers for all domains under that TLD

Summary

Type	Role	Characteristics
Recursive DNS	Query on behalf of client	Caching, simplifies client
Authoritative DNS	Store domain data	Authoritative, configurable
Root Server	DNS starting point	Anycast, stable
TLD Server	Manage top-level domains	Hierarchical management
Forwarding DNS	Forward queries	Unified management, caching

​