Can a registered domain name have no DNS records at all?
Normally, after a domain name is registered, it has some DNS records. But recently, I found some registered domain names that have no DNS records.
For example, I ran dig 00000onlinecasino.com any
but it did not return any DNS records, not even the NS record, despite the fact this is a registered domain.
Is it possible to have no DNS records, or is there some error in the DNS system?
Solution 1:
TL;DR It's extremely unlikely (though not technically impossible) that a properly registered domain would have zero* DNS records. The existence of the domain must be announced to the global DNS system by an update provided by the domain registrar. Failure by the Registrar to provide this update would constitute failure to perform the duty delegated to them by the IANA.
At minimum, every domain has one or more DNS glue records
When a domain is registered, the Domain Registrar sends an update to the generic Top-Level Domain (gTLD) servers responsible for the TLD in question. For example, registering the domain example.com
triggers an update to the .com
gTLD servers, which are operated by VeriSign.
This update includes the authoritative name server (NS) records from the domain's WHOIS data. The gTLD server then creates a DNS glue record for the domain pointing to the authoritative name servers. These glue records are what enable the gTLD servers to refer incoming queries to the authoritative name servers for the domain.
Therefore, unless the domain registrar fails to perform the duty delegated to them by IANA, a lookup against any registered domain will return the authoritative name server records for that domain.
Then why aren't lookups for 00000onlinecasino.com
returning any records?
It appears that everything has taken place as described above; in other words, this domain's registrar (NameBright.com) has created the required WHOIS entry and submitted the NS records to the .COM gTLD servers. I confirmed this as follows by running nslookup set to query for NS records:
C:\> nslookup -q=ns 00000onlinecasino.com
Server: my-dns-server.internal.local
Address: 192.168.168.1
Non-authoritative answer:
00000onlinecasino.com nameserver = n2.juming.com
00000onlinecasino.com nameserver = n1.juming.com
n2.juming.com internet address = 112.253.3.26
n2.juming.com internet address = 121.14.157.13
n1.juming.com internet address = 121.14.157.13
n1.juming.com internet address = 220.181.135.142
I also used this handy Glue Record checker from MeBSD.com which confirmed the results:
However, the same query when performed against any of these name servers is returning an error:
C:\> nslookup -q=ns 00000onlinecasino.com n1.juming.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 220.181.135.142
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
Since these servers are authoritative for this domain, they should at least know about it and identify themselves as the NS records for the domain! Given this, it's clear that these NS servers have been mis-configured.
*I must allow that the definition of "zero DNS records" is open to interpretation. As demonstrated by this question's test case, the authoritative name servers aren't responding, giving cause to the argument that the domain has no records. However, I prefer the view that a domain's glue records are essentially the "other half" of a domain's NS records. After all without the glue records, any attempts to look up the authoritative name servers for a domain would result in the circular instruction to, "go ask [insert name server here]."
More Information
- What is a glue record? from ServerFault
- ServerFault answer explaining Authoritative NS records, glue records, and gTLD servers
- Domain Name System on Wikipedia
- Me, BSD online Glue Record lookup tool
Solution 2:
Yes. There are multiple ways this can happen.
To start, let's review how DNS lookup works for a record like www.example.com
:
The DNS resolver contacts a root nameserver, which responds with a delegation to the
com
TLD nameservers.The resolver contacts a
com
TLD nameserver, which responds with a delegation to the registered nameservers forexample.com
.The resolver contacts one of the registered nameservers for
example.com
, which responds with the records forwww.example.com
.
First: the nameservers for example.com
could have deleted all records for example.com
. While domain servers are supposed to always have certain records (including SOA and NS records) available for a domain, there is nothing in practice which forces them to do so. A domain missing these records may not work properly with some resolvers, but if the domain has no DNS records anyways there's no practical difference.
Second: the nameservers for example.com
could reject or fail to respond to queries. The DNS records only exist within these nameservers, so if the nameservers aren't responding with the records, the records effectively don't exist.
Third: the com
registry could suspend the registration for example.com
, e.g. if the domain registration lapsed. This would cause the com
nameservers to stop returning a delegation to the example.com
nameservers, making any records there unavailable. Just as before, if the records aren't accessible, they might as well not exist.