I am trying to understand the purpose of public DNS nameservers (public as in not an SOA; like 8.8.8.8).
I executed a dig +trace command, and, as far as I can tell, the only time the nameserver is used is when finding The SOA of the root domain .. After that, the SOA of each domain up in the hierachy is queried.
My assumptions are that public nameservers are used for:
- identifying the SOAs of the root domain, so they don't have to be hardcoded on clients.
- decentralizing the process and caching. So if a domain's SOA goes down, another server can guide the clients.
- reducing the load on the SOA. If another server knows the recored, no need to query the SOA.
I have 3 question:
-
Are my assumptions correct?
-
If these are really the only things that a nameserver does, if I don't need caching and am willing to do the recursive query on my own, can I stop using nameservers?
- Can/Does an SOA refuse to answer queries from a specific nameserver if it performs too many requests?
Best Answer
Your assumption is incorrect. The
+traceoption tells dig to query the SOA servers for each domain; that's not its normal behaviour. A normal DNS lookup will use your configured DNS server, such as a public recursive DNS server, for all of its lookups.You can't stop using name servers unless you're prepared to use IP addresses only. But you can run your own recursive name server, possibly on the same machine as your client software, in which case you can stop using public recursive name servers.