nslookup DNS query won't display authoritative answer

Solution 1:

To get guaranteed authoritative (and up-to-date) answers from a domain with nslookup, you should query the authoritative servers directly. For example, to get the authoritative DNS name servers for the domain ox.ac.uk, in nslookup run:

> set query=ns
> ox.ac.uk

The set query=ns command tells nslookup we want to know what DNS servers are authoritative for the domain. You'll get output that includes the authoritative name servers for the ox.ac.uk domain:

ox.ac.uk    nameserver = dns2.ox.ac.uk.
ox.ac.uk    nameserver = dns1.ox.ac.uk.
ox.ac.uk    nameserver = dns0.ox.ac.uk.
ox.ac.uk    nameserver = ns2.ja.net.

Now, these results are coming from whatever DNS server your system is currently configured to use, which means these records may possibly be cached. If you really want to be sure you're getting the most current information, you need to query one of the domain's authoritative name servers directly, as follows:

In nslookup run:

> server dns2.ox.ac.uk

This tells nslookup to send subsequent DNS lookups to the specified server, which is authoritative for this domain. (Any one of the DNS servers listed in our above query should work.) Now switch from Nameserver record query mode back to "any" record mode with:

> set query=any

And issue a query for whatever record you want. In this case, we'll query the domain itself with:

> ox.ac.uk

The result includes the authoritative name servers for the domain:

Server:  dns1.ox.ac.uk
Address:  129.67.1.191

ox.ac.uk internet address = 129.67.242.154 ox.ac.uk internet address = 129.67.242.155 ox.ac.uk nameserver = dns0.ox.ac.uk ox.ac.uk nameserver = dns1.ox.ac.uk ox.ac.uk nameserver = dns2.ox.ac.uk ox.ac.uk nameserver = ns2.ja.net

primary name server = nighthawk.dns.ox.ac.uk responsible mail addr = hostmaster.ox.ac.uk serial = 2017040772 refresh = 3600 (1 hour) retry = 1800 (30 mins) expire = 1209600 (14 days) default TTL = 900 (15 mins)

The primary name server is the "Master" DNS server. This is typically where the domain's administrator will perform updates to DNS records. The remaining nameservers are "Slave" DNS servers. They're job is to simply keep a copy of the zone file provided by the Master server. Having multiple DNS servers ensures the zone is still accessible should one of the servers go down.

Any one of the listed DNS servers should be able to respond (authoritatively) to DNS queries, unless the domain administrator has configured them otherwise.