Authoritative DNS is server that is maintained by the original domain owner. It contains the actual zone files which are used to resolve any DNS queries relate to that domain. On the other hand a non authoritative DNS is just an ordinary DNS that helps the requester to resolve the domain name and queries through authoritative DNS server. Lets understand it through an an example,

Authoritative DNS

216.239.36.10 is authoritative DNS for google.com. When we ask it to resolve www.google.com. It goes to its zone file finds the appropriate record 192.178.24.132 and return it to user. Since we can not find a word “Non-authoritative” in its response this because 216.239.36.10 authoritative server for google.com.

Non-Authoritative DNS

Now we are sending the same query to resolve www.google.com to a different server (8.8.8.8 this time). It resolved the domain name for us and return the same result that is 192.178.24.132. But you will find a little difference in response. A new line “Non-authoritative answer”. The reason is 8.8.8.8 is not authoritative DNS server for google.com.

A a non-authoritative DNS in the backend, goes to the authoritative DNS get the query resolved though it and sends the response to the requester. It also keep the result of query in its own cache so that next time if someone requests same, it will used its own caches instead of going to authoritative DNS every time. The process is call DNS caching. DNS caching improves the response time and performance for internet users. All modern DNS servers have caching feature. Some DNS servers does not have any zone at all . It means they are not authorities for any zone/domain. We call them caching only DNS servers. Internet service providers across the word frequently use caching only DNS servers for their clients.

Find authoritative DNS server of a domain

You need to query NS record to find the authoritative DNS Server for a particular domain. For example if you want to search authoritative DNS server for google.com, you need to run “nslookup -q=ns google.com” on command prompt. Below image shows the output of this command and returned four name servers.

Another relatively easier method is to use web based nslookup tools. We can go to www.pingstage.com. Simply type the domain name. Select NS in record type and lookup. We will get the same response.

Original domain owners manages the authoritative DNS servers. They create, deleted or modify DNS records. In short it is their responsibility to make sure the zone file updated all the time. However non authoritative DNS servers do not have such responsibility. They fully rely on authoritative DNS server to obtain the correct information and give it to their clients when needed. But they still maintain the their local cache so that they don’t need to go to authoritative server frequently.

Authoritative DNS	Non-Authoritative DNS
It contains the zone file and has all the resource records.	It does not contains the zone file.
Administrator can add, remove modify DNS records.	Administrator can not modify any DNS record.
It depends on zone file answer any query.	It depends on authoritative DNS and cache to answer any query.
It is responsibility of original domain owner to maintain authoritative DNS.	Anyone can build a non-authoritative DNS. Usually internet service providers maintain them for their clients.
It has always fresh information about domain records.	It main contain older information. Since they are not up to date.
Authoritative DNS information must be registered with with authorities like Internet Corporation for Assigned Names and Numbers (ICANN)	A non authoritative DNS doe not needed to be registered anywhere.

Frequently Asked Questions (FAQ)