Please note that "resolver" and "nameserver" are not exactly synonymous, and that you ask about a nameserver in the first case and a resolver in the second.
An authoritative nameserver is one that satisfies queries from its own data without needing to reference another source. Unless it is also a recursive nameserver (a practice which is generally deprecated) it will answer only with authoritative data from its own store (which can come from a zone master file, from a copy of that data transferred from a master server, from a database, from dynamic DNS, be built in, etc.) or with a referral (e.g. "I don't know that answer, but you can talk to server so-and-so, who answers questions for this subdomain..), or with an NXDOMAIN or similar error.
A recursive nameserver is one that satisfies queries by asking other nameservers for the answer, traversing the tree from the root level of the DNS tree if necessary. If it does not know the answer it will attempt to find it for the querying client.
A resolver is (collectively) the set of functionality that a DNS-aware system uses to query DNS.
Most client systems have a stub resolver, which knows only in a very basic fashion how to query a DNS server and how to receive an answer, but which does not contain logic for following a delegation chain from the root.A recursing resolver is a full-service resolver which can traverse the tree to find an answer to a query.Recursive nameservers must contain the functionality of a recursing resolver in order to function, but other programs may contain recursing resolvers without performing the functions of a nameserver. An excellent example is the utility / DNS-troubleshooting program "dig" (distributed by ISC as a part of BIND) which contains a full recursing resolver.
DNS concepts which are sometimes confused with the distinction between authoritative and recursive:
There are several DNS concepts which people sometimes confuse with the split between authoritative and recursive data.
Delegation
This one confuses quite a few people, particularly because the name of the SOA (start of authority) resource record type contains the word "authority" which sounds as though it should be related to "authoritative." However, you can serve authoritative data for a zone which is not delegated to you, and many people do. Examples include DNS-based content blocking and servers which provide authoritative answers for RFC 1918 zones [i.e. nobody has delegated you authority to answer PTR record queries for 168.192.in-addr.arpa (192.168.0.0/16) and similar zones but it's not a bad idea for your server to answer such queries authoritatively rather than leak queries for those zones to the internet, where nobody is delegated to answer them. ISC BIND and other nameservers provide built-in zone data for these private address space zones to prevent the in-addr.arpa servers from being bombarded with queries that cannot be referred.]
It is not required that you be delegated authority for a zone in order for answers to be considered authoritative.
Master and Slave
Slave servers, even though they get their zone data from another source, are still authoritative servers, as they are satisfying queries with data from their own storage (of whatever type) rather than satisfying it by relaying the queries recursively to other nameservers.
Slave servers are authoritative servers (for the zones they serve.)
Blogger Comment
Facebook Comment