My question is, for example.com, the authoritative name server would be the com server right?
No. Let dig it:
# dig example.com SOA
;; ANSWER SECTION:
example.com. 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2018080109 7200 3600 1209600 3600
;; AUTHORITY SECTION:
example.com. 86400 IN NS a.iana-servers.net.
example.com. 86400 IN NS b.iana-servers.net.
Authoritative name server for example.com is:
a.iana-servers.net.
b.iana-servers.net.
That's the servers who are holding DNS records for example.com
Now we can query them directly:
dig @a.iana-servers.net example.com A
;; ANSWER SECTION:
example.com. 86400 IN A 93.184.216.34
DNS resolver disassemble FQDN (Fully qualified domain name) from right to left.
First query going to root DNS servers asking who is authoritative DNS server in TLD for .com, then resolver query particular TLD for example.com from those servers.
# dnstracer -4 -r1 -s. example.com
Tracing to example.com[a] via A.ROOT-SERVERS.NET, maximum of 1 retries
A.ROOT-SERVERS.NET [.] (198.41.0.4)
|\___ d.gtld-servers.net [com] (192.31.80.30)
| |\___ b.iana-servers.net [example.com] (2001:0500:008d:0000:0000:0000:0000:0053) Not queried
| |\___ b.iana-servers.net [example.com] (199.43.133.53) Got authoritative answer
| |\___ a.iana-servers.net [example.com] (2001:0500:008f:0000:0000:0000:0000:0053) Not queried
| \___ a.iana-servers.net [example.com] (199.43.135.53) Got authoritative answer
Let's try now another domain in .com TLD:
# dig google.com SOA
;; AUTHORITY SECTION:
google.com. 345600 IN NS ns3.google.com.
google.com. 345600 IN NS ns4.google.com.
google.com. 345600 IN NS ns1.google.com.
google.com. 345600 IN NS ns2.google.com.
we will see, that authoritative name servers for SLD google.com is different now.
since it is the one giving us the information?
No, it is a chain of authoritative DNS servers.
Root DNS servers holding only top level zones also known as TLD, - such as .com, .net
When resolver got authoritative DNS servers responsible for TLD, resolver query particular zone for
SLD(Second-level domain, example in our case) and when it found authoritative DNS server for SLD it query that server for FQDN (Fully qualified domain name) such as www.example.com
Usually people using internet provider's DNS servers that hold cached resolved DNS records. Such DNS servers called forwarding DNS servers. If they have records in cache, they reply to client immediately without bothering all intermediate servers starting from root. If such forwarding DNS servers doesn't have records in cache (or DNS record expired ) then forwarder resolving again and cache result. Client's DNS queries sent as recursive, that's means client should receive from DNS provider either an error or resolved record. Client shouldn't query chain of intermediate DNS servers on its own, it is job of forwarding DNS server who serves clients requests and cached results. This way forwarders reduce loading to intermediate DNS servers and reply to clients as soon as possible since providers DNS servers are closer to clients.
(BTW, public Google's DNS server is also a forwarder.)
DNS records has parameter TTL (time to live) that set in authoritative servers by owner of domain, so in case you expecting your IP address would change often, you can set TTL=5 minutes or if one don't want his DNS server be bothered too often then TTL can be set for a days.
The authoritative name Server is the one that holds the records. That is the DNS server for example.com. In addition, computers don’t do root lookups. They have a DNS server configured, typically an ISP, and they query the ISP dns server. If a root lookup is required then the ISP dns server’s do it. Not your computer. It would be very inefficient and burdensome to have individual computers doing root lookups. – Appleoddity – 2018-08-22T14:49:38.397
Say my dns servers have no cached data at all. So, it is going to go to the root, then TLD, then com servers and finally to the "example.com" servers. "The authoritative name Server is the one that holds the records" By this statement, would the authoritative name servers be the com servers? – john – 2018-08-23T03:23:02.007
Why would it be inefficient? Would it be extremely time consuming? – john – 2018-08-23T03:28:21.817
The DNS servers that host the domain example.com are authoritative. The root server delegates .com to a second set of DNS servers. Those .com DNS servers delegate .example.com to another set of DNS servers which is typically the servers you would specify when you register the domain. Those are the authoritative DNS servers - the ones you specify when you register the domain. See here: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/reviewing-dns-concepts it is inefficient because there is a caching system in place for the very specific reason not to overwhelm internet DNS.
– Appleoddity – 2018-08-23T04:01:28.217For example you’re not the only customer of your ISP querying for google.com. It is terribly inefficient to send your computer or DNS servers to root servers to do a recursive lookup. Number one you don’t have a direct connection to the backbone of the internet, like your ISP does - so it’s slower. Number two you can take advantage of cached results others have seeded for you. Even if you are running your own DNS like in Active Directory, it should be configured to use forwarders at your ISP, and only use root hints as a failsafe. It’s faster and more efficient, when milliseconds matter. – Appleoddity – 2018-08-23T04:05:10.687
I got one more doubt. I have captive portal website and its extension is a "in". The authoritative name server for that website is a root server. Now an authoritative name server is a server that is giving the record to the client. What i don't understand is how can any website have its authoritative name server as a root server? Cause all the root server is doing is sending the query to a server that can do the job for you. It is not the one giving you the i.p address, but just redirecting you to the right server . Shouldn't the authoritative name server be the websites DNS servers? – john – 2018-08-23T12:10:06.630