What are DNS Authoritative Name Servers?

Quick Definition: An authoritative name server is a specialized DNS server responsible for storing and providing authoritative DNS information for specific domains. It holds the original copies of DNS zone data for a domain and responds authoritatively to DNS queries for that domain.

Domain Name Service (DNS) is the backbone of the internet’s infrastructure. It acts as a phonebook for the internet, allowing users to quickly look up and connect with websites all over the globe. Computers are far better at interpreting binary numbers, while people excel at remembering words. DNS bridges this discrepancy by mapping between a URL’s name and its IP address, which network nodes use to navigate and recognize other hosts.

In the phonebook analogy, the “phonebook” is the authoritative name server (ANS). For most LANs, the ANS is provided by the ISP (internet service provider). The ANS records all website names and the IP addresses it maps to. On a Linux or Mac machine, you can use the dig command to query the ANS. For example, digging www.google.com will yield the IP addresses that google.com maps to.

While DNS may sound simple in principle, there is a little more to it that we need to walk through. It is a pivotal concept for all IT professionals — especially anyone planning to take the Network+ Exam. Let's dive deep into different types of authoritative name servers, DNS zone files, how to troubleshoot DNS issues, and more.

What are the Types of Authoritative Name Servers?

Authoritative name servers come in two types: the primary name server and the secondary name server. Let’s explore how they work together to resolve domain names. 

Primary Domain Name Server

Primary name servers are the authoritative servers that hold the original copies of DNS zone data for a domain. They are responsible for maintaining and updating the DNS zone files with the latest domain information. When changes to DNS Records are required (i.e., adding, modifying, or deleting records), they are made on the primary name server.  

Secondary Domain Name Servers

Secondary name servers are authoritative servers that obtain DNS zone data from primary name servers. The secondary servers are backups to the primary servers, providing redundancy and fault tolerance. Secondary servers also periodically synchronize their zone data with the primary servers to ensure they have the latest information.

If the primary server becomes unavailable, secondary servers can continue to respond to domain DNS queries using synchronized data. Though secondary servers can answer DNS queries for a domain, they do not have the authority to change zone data themselves.

What are DNS Zone Files? How Do They Fit Into Authoritative Name Servers?

You don't just need a server to store DNS records — you also need a structured storage method so they can be easily read and retrieved. That is where DNS zone files come in. DNS zone files contain essential information used to map domain names to their corresponding IP addresses accurately.

DNS Zone files contain specifically structured records such as A and CNAME. These are fundamental to understanding zone files, so let’s briefly review how the data is structured. 

Types of DNS Records

DNS zone files can contain different types of DNS records, including:

• A (Address) records: Map domain names to IPv4 addresses.

• AAAA (IPv6 Address) records: Map domain names to IPv6 addresses.

• CNAME (Canonical Name) records: Alias one domain name to another.

• MX (Mail Exchange) records: Specify mail servers responsible for accepting email on behalf of a domain.

• NS (Name Server) records: Specify authoritative name servers for the domain.

• TXT (Text) records: Store arbitrary text data, often used for SPF (Sender Policy Framework) records and other purposes.

Network administrators change these record types for many different reasons. For example, the CNAME is changed when the administrator wants to create a subdomain. Let’s say you have a website called mygreatblog.com. However, you want to change it to new.blog.com. This would be a CNAME change.

What Does a DNS Zone File Look Like?

Here is an example of what a DNS Zone File from www.example.com would look like:

; DNS zone file for example.com
$TTL 3600     ; Default TTL (Time To Live) for all records (1 hour)
; Start of Authority (SOA) record
@ IN SOA ns1.example.com. hostmaster.example.com. (
               2024021801 ; Serial number
               7200       ; Refresh interval (2 hours)
               3600       ; Retry interval (1 hour)
               1209600    ; Expire time (2 weeks)
               3600       ; Minimum TTL (1 hour)
             )
; Name Server (NS) records
@ IN NS ns1.example.com.
@ IN NS ns2.example.com.
; Address (A) records
www IN A 192.0.2.1
mail IN A 192.0.2.2
; Canonical Name (CNAME) records
blog IN CNAME www.example.com.
; Mail Exchange (MX) records
@ IN MX 10 mail.example.com.
; Text (TXT) records
@ IN TXT "v=spf1 mx -all"

Let’s break this example down a bit:

• The @ symbol represents the domain name "example.com".

• The $TTL directive sets the default Time-To-Live value for all records in the zone file.

• The SOA record indicates the start of authority for the domain.

• NS records specify the authoritative name servers for the domain.

• A records map hostnames to IPv4 addresses.

• CNAME records aliases from one domain name to another.

• MX records specify the mail servers responsible for accepting emails for the domain.

• TXT records store arbitrary text data, often used for SPF records or other purposes.

In conclusion, a DNS zone file is a text-based configuration file that contains DNS records defining a specific DNS zone, mapping domain names to IP addresses and other resources. It serves as the authoritative source of DNS information for a domain and is used by DNS servers to resolve queries for that domain.

How to Configure Authoritative Name Servers​​

Now that we understand DNS servers and their zone files, let’s walk through how to configure one. Properly configuring a DNS server is a complex process; however, here is an outline of the steps required to perform the task. 

Choose DNS Software

First, decide on the proper DNS Server software your server will run. Common options include BIND (Berkeley Internet Name Domain), Microsoft DNS Server (for Windows Server), and PowerDNS.

Install and Configure DNS Software

Next, install the DNS server software on your server or virtual machine. The software will generally provide documentation for proper installation. Configure the software with appropriate settings, such as listening interfaces, logging options, and security settings.

Create DNS Zone Files

Create DNS zone files for each domain your authoritative name server will serve. For a template, please refer to the previous section of this post. 

Each zone file should contain DNS records defining the domain, including SOA, NS, A, AAAA, MX, TXT, and other records as needed. Use the example DNS zone file in this post for reference.

Define Authority in SOA Record

In each zone file, specify the Start of Authority (SOA) record, indicating the start of authority for the domain and providing essential configuration details such as the primary name server and contact email.

Configure NS Records

Add NS (Name Server) records to each zone file to specify the authoritative name servers for the domain. These records should point to the hostnames of your authoritative name servers.

Add Other DNS Records

Include other DNS records as necessary for the domain, such as A (Address), AAAA (IPv6 Address), MX (Mail Exchange), CNAME (Canonical Name), and TXT (Text) records.

Update Registrar Settings

Point your settings to the new authoritative name servers on the domain registrar. This typically involves specifying your name servers' hostname or IP address as the domain's authoritative name servers. Generally, this is done on your host's website. So, if you are on HostGator, you can navigate to their website. Same for AWS or any other. 

Verify Connectivity

Test the configuration by querying your authoritative name servers for DNS records using tools like dig or nslookup.

The Role of TTL (Time-to-Live) in Authoritative DNS

TTL plays a critical role in ensuring the reliability of the DNS records. TTL determines how long recursive resolvers, caching servers, and clients cache a DNS. Caching DNS records substantially improves network speed, reduces traffic, enhances reliability, and mitigates attacks such as DNS amplification. 

The DNS cache is considered stale and outdated when the TTL limit expires. The client will then query the ANS to retrieve the updated DNS record. As a last point, the TTL is configured in a DNS zone file and can differ for each record.

How to Troubleshoot Authoritative Name Server Issues

As with everything in IT, whatever can go wrong will go wrong, including ANS issues. Here are a few troubleshooting ideas you can try if you encounter issues. 

Verify Propagation

When a new DNS record is added to the authoritative name server, it needs time to propagate to all the other servers on the internet. This process can often take up to 24 hours (though it’s rare to take that long.). When checking a URL to verify connectivity, verify you have waited a few hours first.

Test DNS Resolution

Use DNS Lookup tools like dig or nslookup to execute DNS queries against the authoritative name server. Verify the records (AAAA, CNAME, etc.) to ensure the ANS resolves correctly. Here is an example of that: dig CNAME www.example.com

Check Network Connectivity

Ping the server and verify it is up and running. Verify the firewall or router configurations are not blocking the ports the authoritative name server uses. DNS queries will use both TCP and UDP port 53. If a firewall is blocking that port, that is a problem.

Review DNS Server Logs 

Review the logs of the authoritative name servers for any error messages, warnings, or indications of DNS-related issues. Then, look for patterns or recurring errors pointing to underlying problems.

Final Thoughts

Authoritative name servers play a central role in DNS resolution. If DNS did not exist, we would have to enter IP addresses to navigate to web addresses manually. Since IP addresses are dynamic, this would be a disaster to manage.

There are two types of authoritative name servers: the primary name server and the secondary name server. The primary name server executes all of the functions required to convert an IP address to its corresponding name and vice versa. The secondary name server stands by the ready in case the primary goes down.

Finally, it is important to remember that DNS information is stored on DNS zone files. DNS zone files are text files that contain the mapping between domain names and their corresponding IP addresses, as well as other DNS records such as mail exchange (MX) or canonical name (CNAME) records. Authoritative DNS servers use these files to provide DNS resolution for specific domains on the internet.

This is a lot to take in, but having a broad understanding of name servers is not only crucial for passing the Network+ but also serves as a foundation for configuring and troubleshooting networks. 

Want to learn more about becoming a Network Engineer? Consider this Network+ online training.