The world of DNS is complicated, and there are a lot of small details that we should think about. The DNS is a mechanism for domain resolution. The whole system involves many different DNS servers on different levels – root, TLD, domain name, subdomain. Now we will talk about the authoritative DNS server of the domain name level. Why do you need it, and what it does. 

What is an autoritative DNS server?

The authoritative DNS server is the part of the DNS infrastructure that actually has the answers – the zone file with the DNS records. It can provide the true answer to DNS queries. When we are talking about authoritative DNS servers, we have no recursive cache information but the true DNS records.

The authoritative DNS server will answer the DNS queries that come from the recursive DNS servers, and the queries of the clients will be answered.

Types of autoritative DNS server

Primary authoritative DNS server (Master authoritative DNS server). Inside the primary nameserver, you have the original zone file with all the DNS records. When an administrator changes anything from the DNS records, adding new DNS records, or deleting existing DNS records, all of that happens inside the Primary authoritative DNS server.

So, the Primary authoritative DNS server is the way to manage your domain name and all the DNS records for it.

The Primary has different ways to share the updates that happen inside its zone file. It can notify the Secondary Authoritative DNS server with NOTIFY, and they can ask for the changes. The other option is to push a zone transfer to all the secondary.

The primary authoritative DNS server is responsible for sharing the DNS records with the Secondary DNS servers.

Secondary authoritative DNS server (Slave authoritative DNS server). The Secondary DNS is a copy of the Primary authoritative DNS server. It is used to provide a backup and to spread the traffic load. That way, there are more nameservers that can answer the DNS queries. You can’t edit the DNS records inside a Secondary DNS server, but you will have more points of presence that can answer to recursive DNS servers.

How to check our authoritative DNS servers?

The easiest way to check the authoritative DNS servers is by using the nslookup command that is available on Windows, macOS, and Linux.

What we need to do is to perform a DNS lookup for the NS DNS records that show all the nameservers for the domain.

To do it, open the Command Prompt on Windows or Terminal on macOS and Linux. Then type the following nslookup command:

nslookup -type=ns

You will see a list of nameservers for the domain and their IP addresses. You can change the “” with the domain name you are more interested in checking.

You can also check each of the nameservers individually to see if they respond correctly and see the time for response. 


Now you know one more piece of the DNS. What is important to learn from this article is that the Authoritative DNS server is the one that has the DNS records and answers the DNS queries that are coming from the recursive DNS servers.