nslookup DNS query won't display authoritative answer

dns nslookup

Solution 1:

To get guaranteed authoritative (and up-to-date) answers from a domain with nslookup, you should query the authoritative servers directly. For example, to get the authoritative DNS name servers for the domain ox.ac.uk, in nslookup run:

> set query=ns
> ox.ac.uk

The set query=ns command tells nslookup we want to know what DNS servers are authoritative for the domain. You'll get output that includes the authoritative name servers for the ox.ac.uk domain:

ox.ac.uk    nameserver = dns2.ox.ac.uk.
ox.ac.uk    nameserver = dns1.ox.ac.uk.
ox.ac.uk    nameserver = dns0.ox.ac.uk.
ox.ac.uk    nameserver = ns2.ja.net.

Now, these results are coming from whatever DNS server your system is currently configured to use, which means these records may possibly be cached. If you really want to be sure you're getting the most current information, you need to query one of the domain's authoritative name servers directly, as follows:

In nslookup run:

> server dns2.ox.ac.uk

This tells nslookup to send subsequent DNS lookups to the specified server, which is authoritative for this domain. (Any one of the DNS servers listed in our above query should work.) Now switch from Nameserver record query mode back to "any" record mode with:

> set query=any

And issue a query for whatever record you want. In this case, we'll query the domain itself with:

> ox.ac.uk

The result includes the authoritative name servers for the domain:

Server:  dns1.ox.ac.uk
Address:  129.67.1.191


ox.ac.uk        internet address = 129.67.242.154
ox.ac.uk        internet address = 129.67.242.155
ox.ac.uk        nameserver = dns0.ox.ac.uk
ox.ac.uk        nameserver = dns1.ox.ac.uk
ox.ac.uk        nameserver = dns2.ox.ac.uk
ox.ac.uk        nameserver = ns2.ja.net


    primary name server = nighthawk.dns.ox.ac.uk
    responsible mail addr = hostmaster.ox.ac.uk
    serial  = 2017040772
    refresh = 3600 (1 hour)
    retry   = 1800 (30 mins)
    expire  = 1209600 (14 days)
    default TTL = 900 (15 mins)

The primary name server is the "Master" DNS server. This is typically where the domain's administrator will perform updates to DNS records. The remaining nameservers are "Slave" DNS servers. They're job is to simply keep a copy of the zone file provided by the Master server. Having multiple DNS servers ensures the zone is still accessible should one of the servers go down.

Any one of the listed DNS servers should be able to respond (authoritatively) to DNS queries, unless the domain administrator has configured them otherwise.

Related

Elixir - possible to combine custom map types?
Configure Google Chrome to open .docx files in Microsoft Word instead of just downloading them
How to extract the the alt value form a jsx image element?
How to fix php XSS issues
NPM logs on windows?
how to filter on list_gateways() aws boto3
Submit Aws Amplify React App to Google Search Console for Indexing [migrated]
Rerender angular-datatables when switching language with angular-translate
Is there a clean way to build a line of code with methods call from a dictionary in Python?
Cannot "reach" class properties from inside method [duplicate]
Spark dataframe to pandas profiling
Not able access the application running with skaffold and docker desktop on WSL 2