+420-602-558-144 I'm under attack Log in Sign Up

What Is a DNS Server?

Understanding DNS Servers

A DNS server is a key component of the Domain Name System that processes requests to convert human-friendly domain names into IP addresses that computers use to identify and communicate with each other. Also referred to as name servers, DNS servers store records and manage domain name queries, ensuring that this translation happens quickly and as efficiently as possible.

Since the internet is vast, decentralized, and constantly changing, it’s impractical to store all domain name information on every user’s computer. The hierarchical and decentralized Domain Name System, made up of countless DNS servers, distributes this information globally, resolving millions of domain name queries every second.

Authoritative Name Server

Decentralization in the Domain Name System works by assigning each domain to a specific DNS server, fully responsible for managing it. This server, known as an authoritative name server, stores all DNS records, such as A, AAAA, and CNAME, which link domain names to their corresponding IP addresses. The authoritative DNS server is also responsible for providing these records to anyone who requests them.

As the domain names themselves are hierarchical, so is the system of authoritative name servers. There are several distinctive roles in this hierarchy:

  • Root name server: The highest level in the DNS hierarchy, responsible for directing queries to the correct top-level domain (TLD) servers. There are only 13 root name servers across the entire Internet, and they serve as the starting point for any DNS lookup.
  • Top-level domain (TLD) name server: Manages domains within a specific TLD, such as .com, .net, .org, as well as country code TLDs like .uk and .de. Top-level domain name servers are responsible for directing queries to the appropriate lower-level authoritative servers for further resolution.
  • Authoritative name server for a lower-level domain: Stores DNS records for specific domains and subdomains, providing final answers to queries about those domains.

An authoritative DNS server can either be a primary or secondary server. A primary authoritative name server holds the original version of the zone records and manages updates. A secondary authoritative name server stores a copy of the zone records received from the primary using an automatic updating mechanism called DNS zone transfer (AXFR). This arrangement provides redundancy, allowing the secondary server to respond to DNS queries if the primary server becomes unavailable, thereby improving reliability and uptime.

Recursive Resolver

Another distinctive role of DNS servers is the recursive resolver. Also known as a recursive name server or DNS recursor, it acts as an intermediary between the user’s computer and authoritative DNS servers.

When users type domain names into their browsers, their queries are directed to the recursive resolvers. These servers are responsible for finding the necessary IP address by querying various authoritative DNS servers. As the name suggests, the resolver's search progresses recursively through the DNS hierarchy, starting with root servers, then querying TLD servers, and finally reaching the authoritative name servers that hold the domain’s records.

Recursive resolvers typically also act as caching name servers. When a DNS recursor queries the authoritative servers to resolve a domain name, it temporarily stores the result in its cache. This allows the server to quickly respond to subsequent queries for the same domain without repeating the entire lookup process.

Cached responses significantly reduce query times and lessen the load on authoritative DNS servers. Cached entries remain valid for a limited period, determined by the time-to-live (TTL) value assigned to each DNS record.

Roles of DNS Servers in DNS Lookup

Let’s explore the different roles of DNS servers using a specific example of a DNS lookup. When you enter qrator.net into the address bar, your browser sends a request to a recursive DNS resolver to find the corresponding IP address. If the resolver has the answer cached, it immediately returns it. If not, the resolver queries the root name server, which returns the IP address of the TLD server for .net.

In the next step, the recursive resolver queries the TLD name server for .net and receives the IP address of the authoritative name server responsible for the qrator.net domain. The resolver then queries this authoritative name server, which finally returns the IP address of the web server hosting qrator.net. The resolver sends this IP address back to your browser, allowing it to establish a connection with the web server.

If a subdomain like docs.qrator.net is requested, the recursive resolver makes an additional query to the appropriate authoritative server for that subdomain. This entire process happens very quickly, often within milliseconds. Any subsequent requests for the same domain are resolved even faster thanks to DNS caching, which occurs in the browser, operating system, and the recursive resolver itself.

It’s worth noting that the specific roles of DNS servers, such as authoritative servers, recursive resolvers, and primary and secondary DNS servers, are often omitted, with any of them simply being referred to as DNS servers or name servers. While this simplification is common, it can cause confusion, as each role is distinct and linked to different tasks within the Domain Name System. Understanding these differences is essential for gaining a clearer view of DNS infrastructure and ensuring its proper management and protection.

Protecting DNS Servers from DDoS Attacks

DNS servers, due to their critical role in digital infrastructure, are frequent targets of Distributed Denial of Service (DDoS) attacks. Disabling DNS servers can make websites and services unreachable, even when the web servers remain fully operational. Despite the high risks, DNS protection is often overlooked, leaving organizations vulnerable.

Qrator.SecureDNS provides robust protection against DDoS attacks by utilizing a global Anycast network that ensures high availability at no additional cost. Anycast distributes DNS traffic across multiple servers worldwide, improving resilience and accelerating query response times by routing requests to the nearest DNS server.

Our cloud DNS also supports DNSSEC, ensuring secure DNS queries, and can be deployed using two methods: as a secondary DNS server or via Qrator DNS Reverse Proxy. This flexibility allows businesses to integrate advanced DNS protection with minimal disruption to their existing infrastructure.

Qrator Labs uses cookies to improve your experience, deliver personalized content and analyze our traffic. By clicking “Accept All” you agree to the storing of cookies on your device to enhance website navigation and analyze usage, assisting in our marketing efforts and improving user experience. You may modify your cookies settings at any time, as explained in our Cookie notice.
Cookies Preference Center
Strictly Necessary Cookies

Always Active

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Detailed information about this category of cookies can be found in the Cookie Policy.
Performance/Analytics Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance. Detailed information about this category of cookies can be found in the Cookie Policy.
Targeting/Marketing Cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. You may opt out of Targeting/Marketing cookies through the "Cookie settings" button. Detailed information about this category of cookies can be found in the Cookie Policy.
Functionality Cookies
These cookies enable the Website to provide enhanced functionality and personalization. Company sets some functionality cookies, while third party providers whose services Qrator Labs added to the website set the rest of these cookies. If you do not allow functionality cookies, then services relying on functionality cookies may not function properly.