0

The Root Name servers are Authoritative for Top level domains. But what are TLD Name Servers Authoritative for?

I understand that the final Name server in the recursion of resolver is Authoritative for the Domain that has been requested but not able to figure out what TLD Name Servers are Authoritative for.

TLD Name servers always seem to delegate to other NS Servers which makes me think they are not Authoritative for any zone - is that correct? Basically, what I am trying to ask is if "recursive resolver" will ever cache any DNS records from TLD Name servers?

Abhishek Palakkal Kaliyath
  • 197
  • 5

2 Answers2

2

The root name servers (*.root-servers.net) aren't authoritative for TLDs, but they are authoritative for the root i.e. .. They delegate control to the TLD name servers, and provide glue records for their name servers, just like the TLD name servers deletates the control further to the authoritative name servers of the domains.

  • a.root-servers.net is authoritative for . (aa bit set on the response):

    dig . NS @a.root-servers.net
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27

  • a.root-servers.net is not authoritative for e.g. gov or ee (no aa bit):

    dig gov NS @a.root-servers.net
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 9

;; AUTHORITY SECTION:
gov.                    172800  IN      NS      a.gov-servers.net.
gov.                    172800  IN      NS      b.gov-servers.net.
gov.                    172800  IN      NS      c.gov-servers.net.
gov.                    172800  IN      NS      d.gov-servers.net.

dig ee NS @a.root-servers.net
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 10

;; AUTHORITY SECTION:
ee.                     172800  IN      NS      b.tld.ee.
ee.                     172800  IN      NS      e.tld.ee.
ee.                     172800  IN      NS      ee.aso.ee.
ee.                     172800  IN      NS      ee.eenet.ee.
ee.                     172800  IN      NS      ns.tld.ee.

TLD name servers are authoritative for TLDs.

  • The authoritative servers listed above responds authoritatively, e.g.:

    dig gov NS @a.gov-servers.net
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

The root (last dot) is often omitted, but example.com is actually example.com., and com is com. etc.

Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122
  • Thanks @Esa Jokinen - exactly what I was looking for. QQ-When does the Authoritative rsponse for Root and TLD NS get cachd? Let us say if I search for www.youtube.com (assuming both the stub and reslver cache is purged), I am guessing that the Root NS and TLD NS only delegates so that the Authoritative NS for youtube.com can be reached and its response cached. In this case only the response from Authoritative NS for youtube.com is cached but not the responses from Root NS and TLD NS. I read that the resolver sends the whole domain name rather than in parts i.e. as '.', 'com' and so my questn. – Abhishek Palakkal Kaliyath May 31 '20 at 04:26
  • "I read that the resolver sends the whole domain name rather than in parts " it is true except less and less and it is called QNAME minimization. Proper resolver should now do it, but they may still reach some broken authoritative nameservers that will badly answer those cases. As for caching, things are cached when they are retrieved. The list of root nameservers is included hardcoded in all nameserver software for obvious bootstrap reason (but the list is immediately updated on start). – Patrick Mevzek Jun 01 '20 at 00:36
0

They are responsible for pointing all sub domains in their namespace. For example - To resolve example.com (the first time) a root name server is consulted and asked for the name servers for "com". It returns the name servers for the TLD. The TLD server is then asked for example.com and returns the appropriate nameserver info.

davidgo
  • 5,964
  • 2
  • 21
  • 38
  • Thanks - but response from TLD Name servers are never cached by resolver - right? It just returns / delegates to another Name server down the line. – Abhishek Palakkal Kaliyath May 30 '20 at 20:43
  • Correct. If you ask a TLD server it will provide an authorative answer - no caching required. – davidgo May 30 '20 at 21:04
  • "but response from TLD Name servers are never cached by resolver - right?" Not right. Things are cached, whatever level they come from, why shouldn't they be? The DNS is a tree, everything works exactly the same way technically at each level. – Patrick Mevzek Jun 01 '20 at 00:37
  • @PatrickMevzek Whenever you request a record from a TLD server the answer is the TTL set for the zone. If it were cached, if you asked the same server multiple times the value would decrease if it were cached. Recursive servers cache, authoratives don't - because they know the answer. – davidgo Jun 01 '20 at 01:47
  • "Whenever you request a record from a TLD server the answer is the TTL set for the zone. " And hence it is cached by the recursive nameserver having done the query, and it works for any server, TLD or another. I think your answer and comment above is not precise enough, and you seem to be making TLD server a specific kind, which they are not. As for the difference between authoritative and recursive, this is exactly what I am saying since the beginning. – Patrick Mevzek Jun 01 '20 at 02:57
  • @parickMevzek - I think we know the same information but are interpreting the question differently. – davidgo Jun 01 '20 at 03:23