Join Log in
Score:-2
YoavKlein avatar Server

DNS resolver vs DNS server?

co flag
YoavKlein

From what I've got so far, we have what is called "name servers" (authoritative) which hold data about their domain (or zone). For example, the .com domain has an authoritative name server which holds the information about all the subdomains of com. Likewise, the google.com domain has an authoritative name server which holds all the records under its responsibility, etc.

On the client side, we have something called a DNS resolver which is the piece of software on my machine (for the manner of sake) that gets requests from my browser to find some IP address of a domain name I typed in the URL bar. As far as I understand, the resolver is the one that is able to access the root name servers and then iteratively access the subsequent name servers to hunt down the IP address I need.

Now I also know that my OS (particularly my network interface) is configured to use some "DNS server" to which it sends DNS queries.

The thing I don't understand is, why do I need both a DNS resolver AND a DNS server? What is this DNS server? what is it used for? is it some kind of proxy resolver?

508
0 + 0
Score:2
Patrick Mevzek avatar Server
cn flag
Patrick Mevzek

The thing I don't understand is, why do I need both a DNS resolver AND a DNS server?

This is not the distinction you should hold.

The important distinction in DNS servers is between:

  • an authoritative nameserver
  • a recursive nameserver

(and you can find others like "stub" resolver, and combination; refer to RFC 8499 for full definitions).

An authoritative nameserver has full data on one or more zones (and zones have typically two and sometimes more authoritative nameservers for load-balancing/fail over).

A recursive nameserver has basically no data (when starting) and will do queries on behalf of a client, and recurse to follow all delegations and CNAME records until arriving at either an error or the answer for the client query.

The recursive nameserver you use (either on your box, or your ISP one, or some remote one like Google Public DNS or Cloudflare one or others) knows about the root nameservers, and will contact them to get data about TLD nameservers, and so on and so forth to finally resolve the name you need.

Each authoritative nameserver has only data for the zones it administer. If you query it for anything else it might either refuse to reply (reply at the DNS level with a REFUSED code), or reply with a delegation to let you know you (you here being the recursive nameserver doing the query) should go contacting another authoritative nameserver.

"DNS resolver" and "DNS server" is ambiguous. A "DNS resolver" is also a "DNS server" in the sense that it runs a "DNS" software acting as a server (accepting queries and responding). The DNS is designed so that the same port (53) is used for both authoritative and recursive operations, which yields to some confusion (in naming, no problems for computers).

Some nameserver software are authoritative only by design (ex: NSD, Yadifa, KnotDNS), some only recursive (ex: Unbound) and some can be configured in either mode (ex: Bind, PowerDNS), even if it is recommended not to mix both operations mode inside the same process.

RFC 8499 is really a mine of information, and a recommended reading.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.