- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: What does it mean "Authoritative DNS server"?
Operating System - Linux
1748185
Members
4023
Online
108759
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-22-2008 02:09 AM
тАО03-22-2008 02:09 AM
What does it mean "Authoritative DNS server"?
Please, help me to clarify.
Thanks for your help
Thanks for your help
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-22-2008 04:59 AM
тАО03-22-2008 04:59 AM
Re: What does it mean "Authoritative DNS server"?
Hi:
An authoritative DNS server is one that has a complete copy of a domain's information. That is, a copy that is not simply cached from another server.
There are a number of good articles on the web, including:
http://en.wikipedia.org/wiki/Domain_name_system
Regards!
...JRF...
An authoritative DNS server is one that has a complete copy of a domain's information. That is, a copy that is not simply cached from another server.
There are a number of good articles on the web, including:
http://en.wikipedia.org/wiki/Domain_name_system
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-22-2008 05:00 AM
тАО03-22-2008 05:00 AM
Re: What does it mean "Authoritative DNS server"?
Whenever there's an Authoritative answer from the DNS query (by using nslookup,dig or other DNS querying tools) - it means that the zone actually resides on the queried DNS server.
And, as opposed to it, non-authoritative answer means that other DNS servers were contacted for the information.
And, as opposed to it, non-authoritative answer means that other DNS servers were contacted for the information.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2008 07:14 AM
тАО03-25-2008 07:14 AM
Re: What does it mean "Authoritative DNS server"?
A DNS server can have two roles: an "authoritative" role and a "resolver" role.
A "resolver" DNS server gets DNS requests from ordinary hosts and tries to find "authoritative" DNS servers that know the answers for those requests. If the correct authoritative server is found, the resolver server will relay the answer to the host that made the query. Usually, the resolver server will also store the information in its cache, in case it's needed again in the near future.
If a DNS answer is marked "non-authoritative", it means it came from a DNS cache; in theory, there might already be newer information available at the original source.
If a DNS server is "authoritative" for some DNS zone (= a domain or a set of domains), this means it is configured to always have a complete and up-to-date dataset about that particular zone.
If an authoritative DNS servers says some hostname does not exist in a domain it's authoritative for, that means it really does not exist, by definition: if something is trying to tell you otherwise, that thing is either misconfigured or malicious.
If a non-authoritative DNS server answers that it cannot find some host, it means it could not reach any of the authoritative servers for that particular domain and did not have that information in its cache.
A DNS server can simultaneously be authoritative for some zones, and act as a resolver for any other zones. However, in enterprise usage, the recommended practice is to disable the "resolver" role from authoritative DNS servers, to make some DNS attacks impossible.
When you configure nameservers to /etc/resolv.conf, you'll need the "resolver" nameservers; when you're registering a new host or sub-domain to the DNS system, you'll need the "authoritative" nameservers.
If you want your domain to be accessible in the Internet, the "authoritative" DNS server(s) for your domain must be public. However, your own "resolver" nameserver(s) can always be private.
MK
A "resolver" DNS server gets DNS requests from ordinary hosts and tries to find "authoritative" DNS servers that know the answers for those requests. If the correct authoritative server is found, the resolver server will relay the answer to the host that made the query. Usually, the resolver server will also store the information in its cache, in case it's needed again in the near future.
If a DNS answer is marked "non-authoritative", it means it came from a DNS cache; in theory, there might already be newer information available at the original source.
If a DNS server is "authoritative" for some DNS zone (= a domain or a set of domains), this means it is configured to always have a complete and up-to-date dataset about that particular zone.
If an authoritative DNS servers says some hostname does not exist in a domain it's authoritative for, that means it really does not exist, by definition: if something is trying to tell you otherwise, that thing is either misconfigured or malicious.
If a non-authoritative DNS server answers that it cannot find some host, it means it could not reach any of the authoritative servers for that particular domain and did not have that information in its cache.
A DNS server can simultaneously be authoritative for some zones, and act as a resolver for any other zones. However, in enterprise usage, the recommended practice is to disable the "resolver" role from authoritative DNS servers, to make some DNS attacks impossible.
When you configure nameservers to /etc/resolv.conf, you'll need the "resolver" nameservers; when you're registering a new host or sub-domain to the DNS system, you'll need the "authoritative" nameservers.
If you want your domain to be accessible in the Internet, the "authoritative" DNS server(s) for your domain must be public. However, your own "resolver" nameserver(s) can always be private.
MK
MK
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP