When the Internet stumbles: Why DNS is important

A brief introduction: How DNS works

Robert Frank, Area Vice President Central Europe at DigiCert

© DigiCert Inc.

Every digital interaction, from sending an email to launching an app, starts with a DNS lookup. When you type PetStore.com into your browser, your device sends a request to translate that domain name into the appropriate IP address so it knows which server to contact. This process involves two different but complementary systems: recursive DNS and authoritative DNS.

Recursive DNS servers act on behalf of the user. They receive the original request, check cached results and, if necessary, contact other DNS servers, such as an upstream recursive server or authoritative servers, to find the correct IP address. These resolvers are typically operated by a local network administrator, internet service providers (ISPs), cloud platforms or specialized DNS providers. Recursive DNS is what most people interact with - indirectly - every time they go online.

Authoritative DNS, on the other hand, provides the definitive answer for a zone or domain in a tree hierarchy below the "root" servers and top-level domains such as .com, .org or .de. These servers are maintained by domain owners or DNS providers and contain the official records - A, AAAA, MX, TXT, CNAME - that define where traffic should be directed. When a user asks a recursive resolver, "Where is PetStore.com?", the recursive server queries the hierarchy of authoritative DNS servers, which provide an answer for the part of the tree for which they are authoritative (responsible).

Both are critical, but they fulfill very different roles. The AWS incident showed what happens when one side - the recursive layer - fails.