Registries, Registrars and DNS is a collection of networking tools and services that are designed to make a network administrators life just a tad bit easier. At it’s core is an Authoritative DNS service. Great! But what exactly is an authoritative DNS service?

Before we can answer that question, we have take a few steps back and provide a basic foundation of the world we live in. We’ll do this by spending energy to help differentiate between Registries, Registrars and DNS (we’ll get into Auth-DNS in another article).

What is the difference?

Unbeknownst to most website owners, every time they purchase a new domain (e.g., they by design interface with all three.


A registry is an organization that manages a Top-Level-Domain (TLD), think of the “.com”, “.net”, “.gov”, or “.edu” at the end of a domain. These are the extensions of the domain world. Every domain has a TLD, and only registries can manage those TLD’s.

There are three types of TLDs:

Type Description Example
Generic TLDs (gTLDs) These are the most recognized TLDs. .com, .org, .net
Sponsored TLDs (sTLDs) These usually are sponsored by specific organizations or industries like the government of educational institutions. .gov, .edu
Country Code TLDs (ccTLDs) Generally used or reserved for a country, sovereign state, or dependent territory .us, .ca, .co, .in


Registrars, on the other hand, sells the actual domain. Great examples might be GoDaddy, Namecheap, Google, and a number of other organizations. These registrars work with registries to issue a domain with an associated TLD (e.g., want to buy In each transaction the registrar works with a registry to verify availability of the requested domain, this happens unbeknownst to most domain buyers.

The relationship between the registry and registrar is overseen by the Internet Corporation for Assigned Names and Numbers (ICANN). This is a non-profit responsible for how the entire process works. This process includes deconflicting name collisions (the same domain being purchased on the same TLD) but also help deconflict IP’s and DNS.

Domain Name System

Another very important piece of the domain buying and creation process is DNS. The Domain Name System (DNS) is as old as the internet itself and it’s what was created at the internets inception to help streamline the online experience. Think of it as the yellow pages of the web.

In the absence of DNS or domain names, we’d have to rely heavily on our memory to reference the IP of something we’re interested in (e.g., we’d have to go to instead of

DNS is exhaustive and requires its own article, but below you’ll find a TLDR table of the different DNS components.

Type Description Layman's Explanation Example
Recursive resolver Recursive DNS nameservers are responsible for providing the proper IP address of the intended domain name to the requesting host. This is our gateway to the web, it’s through this server that we access the rest of the internet. They don’t know anything about domains, they are great at asking questions. CleanBrowsing
Root nameserver The authoritative name servers that serve the DNS root zone. These servers are the gateway to the internet. They are the first connection every recursive DNS has to make. Verisign
TLD Root nameserver The authoritative name servers for the Top Level Domain (TLD) – example: .com, .net, .org. Every TLD has a TLD root DNS. These servers keep a list of all the Fully Qualified Domain Names (FQDN) on their specific TLD. ICANN
Authoritative nameserver These servers are the authority on domain names. These servers contain all the information associated with a specific domain (e.g., is located

What is the difference?

As you dive deeper into the world of domains you quickly realize how complex a simple process really is. Each layer, with exception to the root nameservers, offers an online user and domain owner exceptional power over how they experience the web.

For instance, via your recursive resolver (e.g., CleanBrowsing) an individual or organization can enforce an acceptable use policy on their network, and via your Authoritative nameserver (e.g., a domain owner can control where online visitors are routed.

The biggest misconception domain owners have is that they have little control beyond where they bough their domain, but that is factually incorrect. You are able to purchase a domain in one location, and manage it in another. That’s where will work to demystify the process and expose some of your domains true potential.

Posted in   educational-guide     by Tony Perez (@perezbox)

Improve Your Websites Speed and Security