Recursive DNS

When most people think of DNS servers, they naturally focus on the authoritative side. This is because every domain on the internet needs to have an authoritative DNS server responsible for storing (and responding with) the authoritative IP address of that domain name. However, the majority of DNS query responses are, in fact, generated from the cache of recursive servers, which are responsible for obtaining the IP address of the site or computer you are trying to reach.

The idea of a recursive server being a potential area of weakness first came to light in 1997, when the owner of a Washington State-based domain name registrar was arrested after violating federal computer fraud statutes by exploiting a loophole in a competitor’s recursive server and redirecting the traffic to his own site. Many of the security compromises and breaches that have occurred ever since have been related to vulnerabilities in the recursive or caching DNS server code.

In many situations, recursive servers are running on outdated software without the security and attention afforded to the authoritative server. This is an oversight, considering that everyone – whether they know it or not – relies on recursive servers to get the answer to their DNS queries.

Further information :