An authoritative DNS server is the system that holds the official DNS records for a domain, such as its A, AAAA, MX, and NS records. When another server or client asks for that domain’s name information, the authoritative server is the source of truth for the responses it is allowed to give.
This role matters because attackers often target DNS to redirect traffic, hijack email, or make services unreachable. If an authoritative server is compromised or misconfigured, users may be sent to a malicious site or fail to reach the real one. Defenders protect this role with strict access control, zone-transfer restrictions, DNSSEC signing and validation, careful patching, and monitoring for unauthorized record changes. In practice, authoritative DNS servers are often separated from recursive resolvers so a flaw in one role does not expose the other.