4

I am trying to understand the purpose of public DNS nameservers (public as in not an SOA; like 8.8.8.8).

I executed a dig +trace command, and, as far as I can tell, the only time the nameserver is used is when finding The SOA of the root domain .. After that, the SOA of each domain up in the hierachy is queried.

My assumptions are that public nameservers are used for:

  • identifying the SOAs of the root domain, so they don't have to be hardcoded on clients.
  • decentralizing the process and caching. So if a domain's SOA goes down, another server can guide the clients.
  • reducing the load on the SOA. If another server knows the recored, no need to query the SOA.

I have 3 question:

  • Are my assumptions correct?

  • If these are really the only things that a nameserver does, if I don't need caching and am willing to do the recursive query on my own, can I stop using nameservers?

  • Can/Does an SOA refuse to answer queries from a specific nameserver if it performs too many requests?
David Bryant
  • 43

3 Answers3

7

Your assumption is incorrect. The +trace option tells dig to query the SOA servers for each domain; that's not its normal behaviour. A normal DNS lookup will use your configured DNS server, such as a public recursive DNS server, for all of its lookups.

You can't stop using name servers unless you're prepared to use IP addresses only. But you can run your own recursive name server, possibly on the same machine as your client software, in which case you can stop using public recursive name servers.

Mike Scott
  • 4,501
5

As a small addition to Mike Scott's answer...

The main purposes of public name servers (as you've defined them) are to:

  1. Keep individuals from having to run their own name servers.

  2. Help (potentially) speed up the process of resolving domains.

Some notes regarding your "three assumptions"

  • Some name servers merely forward lookups for unknown requests to other recursive resolvers (such as public name servers). Since public name servers keep a root hints files to do recursive lookups, this does mean that this file is unnecessary on these forwarding-only name servers. However, this has nothing to do with any "clients" (as far as I understand your meaning).

  • Public name servers can (arguably) help with decentralization and caching. Likewise, they can potentially provide robustness to the DNS system overall. But these are side benefits.

  • Public DNS servers can reduce the load on an authoritative name server, but again, that is not the main reason for bypassing those servers. The idea is that cached information is returned quicker versus asking for that information from an authoritative name server.

Anaksunaman
  • 18,227
0

A public resolver (be careful of the terme "nameserver": there are two kinds of name servers, resolvers and authoritative, and they have almost nothing in common) is just a resolver, like the one of your ISP or the one you run yourself on your network. Like any service, they can be faster or slower than the default service, more or less reliable, have some additional good or bad features but they don't do anything specific.

bortzmeyer
  • 1,191