3

I am trying to understand why the name servers for a domain occurs in both whois information and DNS information.

For example, the following whois output shows that ns1.google.com, ns2.google.com, ns3.google.com and ns4.google.com are the name servers for google.com.

$ whois google.com | grep Server
Whois Server Version 2.0
   Whois Server: whois.markmonitor.com
   Name Server: NS1.GOOGLE.COM
   Name Server: NS2.GOOGLE.COM
   Name Server: NS3.GOOGLE.COM
   Name Server: NS4.GOOGLE.COM
Registrar WHOIS Server: whois.markmonitor.com
Name Server: ns4.google.com
Name Server: ns3.google.com
Name Server: ns1.google.com
Name Server: ns2.google.com

The same information occurs in the DNS information as NS records.

$ dig google.com +trace ANY

; <<>> DiG 9.10.3-P4-Debian <<>> google.com +trace ANY
;; global options: +cmd
.           44313   IN  NS  c.root-servers.net.
.           44313   IN  NS  a.root-servers.net.
.           44313   IN  NS  e.root-servers.net.
.           44313   IN  NS  k.root-servers.net.
.           44313   IN  NS  f.root-servers.net.
.           44313   IN  NS  g.root-servers.net.
.           44313   IN  NS  h.root-servers.net.
.           44313   IN  NS  i.root-servers.net.
.           44313   IN  NS  d.root-servers.net.
.           44313   IN  NS  l.root-servers.net.
.           44313   IN  NS  j.root-servers.net.
.           44313   IN  NS  b.root-servers.net.
.           44313   IN  NS  m.root-servers.net.
;; Received 239 bytes from 172.30.93.117#53(172.30.93.117) in 2 ms

com.            172800  IN  NS  a.gtld-servers.net.
com.            172800  IN  NS  b.gtld-servers.net.
com.            172800  IN  NS  c.gtld-servers.net.
com.            172800  IN  NS  d.gtld-servers.net.
com.            172800  IN  NS  e.gtld-servers.net.
com.            172800  IN  NS  f.gtld-servers.net.
com.            172800  IN  NS  g.gtld-servers.net.
com.            172800  IN  NS  h.gtld-servers.net.
com.            172800  IN  NS  i.gtld-servers.net.
com.            172800  IN  NS  j.gtld-servers.net.
com.            172800  IN  NS  k.gtld-servers.net.
com.            172800  IN  NS  l.gtld-servers.net.
com.            172800  IN  NS  m.gtld-servers.net.
com.            86400   IN  DS  30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com.            86400   IN  RRSIG   DS 8 1 86400 20170723050000 20170710040000 15768 . DxDCk0ODJBzRqA78LQkZr2U1UKQszfF3U4Wl0MeW20kAceK5Xj4KoUSu ouy/H01wK8t2r6gMBjj8npOq/+oktlFqdf0jiB8+P7D6DJLZZ/zL/fy8 NP9PkDDWYddx9SMhtKvg/anFcDrBKzzjk4KOr3s4viHlcLC1SalxdndG 3gjaSZ3KoUOMxTi+/qHQ35RsnGxsW7gJ01a7RKsJLDaNOjBSWtvyL8RW 5WsaTVof3YmxXPQd5a7vErkOEM6CuPOuvBZdN3m1wTED5zM3cNUInq59 ELN/K9TcbCU6tnXFn6YItCyjMZDmP3MRFprYeKYw6+LwLB3OhwZdmxZF PTzFuw==
;; Received 1170 bytes from 198.41.0.4#53(a.root-servers.net) in 241 ms

google.com.     172800  IN  NS  ns2.google.com.
google.com.     172800  IN  NS  ns1.google.com.
google.com.     172800  IN  NS  ns3.google.com.
google.com.     172800  IN  NS  ns4.google.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20170716044736 20170709033736 27302 com. dPL5un6VGsc3VD1fU/VGsKtTvXx2SLYXr7XwG0I1hMhPxLgSu06jTwri bi8HEbBDR8K6LZLsf/PnbAM0dkpgYn+0zAsJnpvjy3BCaCDvIGFzTKme IJ/vLjMCP3cfP/Jy2tQp5xBDCPUjwM1YR+7IfWC4kyPh8d51o5dgfHMX Zp8=
S848JI1TS2RCEPV5SPG2RJA2T711BO8H.com. 86400 IN NSEC3 1 1 0 - S84C439C9HACCNUVH6CBPPTUS93VLTUG NS DS RRSIG
S848JI1TS2RCEPV5SPG2RJA2T711BO8H.com. 86400 IN RRSIG NSEC3 8 2 86400 20170717045200 20170710034200 27302 com. i1YnEA/ddnve8DUIOiFfEWBr5j8TOu60ehJexxzMxCG6ei8jAK+x1gqy BwtlmV6bnv/rjV52LOC58IJD2nBi4LcOLD4ggCVuKpAYLntAcOkdiDQ6 fELXSYFlDdh/vZCpSivUE9K6JCWVBNXBAosY6EBqrPU7BJoymsnGkrw/ VQQ=
;; Received 660 bytes from 192.41.162.30#53(l.gtld-servers.net) in 306 ms

google.com.     300 IN  A   172.217.6.78
google.com.     300 IN  AAAA    2607:f8b0:4005:80a::200e
google.com.     345600  IN  NS  ns4.google.com.
google.com.     345600  IN  NS  ns2.google.com.
google.com.     345600  IN  NS  ns3.google.com.
google.com.     86400   IN  CAA 0 issue "pki.goog"
google.com.     600 IN  MX  30 alt2.aspmx.l.google.com.
google.com.     60  IN  SOA ns4.google.com. dns-admin.google.com. 161347549 900 900 1800 60
google.com.     600 IN  MX  50 alt4.aspmx.l.google.com.
google.com.     86400   IN  CAA 0 issue "symantec.com"
google.com.     600 IN  MX  20 alt1.aspmx.l.google.com.
google.com.     600 IN  MX  10 aspmx.l.google.com.
google.com.     600 IN  MX  40 alt3.aspmx.l.google.com.
google.com.     3600    IN  TXT "v=spf1 include:_spf.google.com ~all"
google.com.     345600  IN  NS  ns1.google.com.
;; Received 404 bytes from 216.239.34.10#53(ns2.google.com) in 248 ms

The NS records above contain ns1.google.com, ns2.google.com, ns3.google.com and ns4.google.com.

Two questions.

  1. When are the name server fields in whois used and when are the NS records used?
  2. What happens if the name server fields in whois does not match the NS records in DNS?
Lone Learner
  • 103
  • 1
  • 8
  • I'm not sure why you're setting a bounty looking for citations on this. It's sorta like asking why you can find your physical mailing address in a telephone directory. Can I dial your postbox with my phone? No, but it's still useful indexed information. – Andrew B Jul 13 '17 at 05:26
  • @AndrewB The telephone directory analogy doesn't work. If the directory doesn't provide the mailing address, we have to consult another source of data that maps the name and/or phone number to address. The presence of mailing address also helps me to differentiate between John Smith of Bakers Street from John Smith of Washington Street. However, the "Name Server" fields in whois records serve no such purpose. It is also really easy to lookup the actual nameserver information without having to go hunting for another source of information because the nslookup/dig command is readily available. – Lone Learner Jul 13 '17 at 06:58
  • Hi Lone Learner I have added an extra comment and have expanded my answer massively. hope it helps. – Michael Brown Jul 14 '17 at 13:59
  • 1
    Hi Lone Learner, Andrew B makes very good points. we have possibly reached and impasse with this question. But also we have moved beyond the original question the one with the bounty. The original question asked: When are the name server fields in whois used and when are the NS records used? AND What happens if the name server fields in whois does not match the NS records in DNS? I think both of those questions have been answered. by me and Andrew B. we have now moved on to a new question. Why was registration information designed that way? do you need more info to answer original question? – Michael Brown Jul 16 '17 at 19:45
  • I agree with Michael, it is not fair to the participants of this Q&A to have the scope of the question constantly shifting. Please accept an answer and open a new question if there are closely related topics that you are still uncertain about. If this question is still open when the bounty ends I will be putting it to a close vote for being too broad.. – Andrew B Jul 17 '17 at 03:24

3 Answers3

4

Whois sends a query to nominet to find the currently listed Name Servers (NS) for a domain. This list is updated when a Domain Name is registered. So when I registered my domain name with GOdaddy they registered that domain name with Nominet on my behalf, they also told nominet which DNS servers would be hosting my domain (the NS server Nominet list). Think of nominet as a list of Registered Domains and the current Name servers hosting that domain.

The NS Servers on Whois are only used during queries like the one you did. in order to find A records, CNAME records, MX records etc. that your domain name hosts we use DNS.

In other words for any other query using a browser, NSLookup, ping etc it is the DNS NS records that are used to find NS servers that host your domain, these are then queried to find the record you are looking for.

When the list of NS servers that host a domain are updated / changeed (Which I recently did for my domain) then the records are Nominet are changed as well. they should be out of sync but if they are as long as the NS record in DNS are correct then your records can be found.

https://www.nominet.uk/

to expand further and building on my comment above here are a couple more links. both are direct links to ICANN. also here is some information form the ICANN site:

**The Domain Name System (DNS) is a hierarchical distributed database to lookup information from unique names, i.e. to help people connect to resources like websites and email servers on the Internet. To explain it in simple terms, every computer has a unique number called an Internet Protocol (IP) address, e.g. 2620:0:2d0:200::7, which is like a phone number. One computer can contact another as long as it knows its IP address. Because these numbers are difficult to remember, we tend to use domain names, e.g. www.icann.org, instead. DNS is used to translate between domain names and IP addresses.

WHOIS provides information sufficient to contact a responsible party for a particular Internet resource who can resolve, or reliably pass on data to a party who can resolve, issues related to the configuration of the records associated with the domain name or the DNS name servers. Unfortunately the term "WHOIS" is overloaded with meanings, referring to protocols, services, and data types associated various resources, i.e., domain names, IP addresses, and Autonomous System Numbers (ASNs). This WHOIS Portal is devoted to describing the WHOIS system for generic top level domain names only, and does not attempt to describe how WHOIS applies to country code top level domain names (ccTLDs), IP addresses or ASNs. The service offered by registrars and registries to provide WHOIS data is referred to as a "WHOIS Service" or alternatively, a "Registration Data Directory Service."**

https://whois.icann.org/en/technical-overview

https://whois.icann.org/en/dns-and-whois-how-it-works

Michael Brown
  • 3,204
  • 2
  • 9
  • 10
  • Thanks for the detailed answer. A follow-up question: Is there any good reason to update the "Name Server" field in the whois record? If the domain name resolution continues to function fine with an updated NS record in DNS, then why maintain or bother about the "Name Server" field in the whois record? – Lone Learner Jul 10 '17 at 10:35
  • Its about registration and accountability, plus I imagine that the Name Server records in WHois will be used to update the top level internet DNS servers as well. like I said though when you up date your NS records with your registrar (godaddy etc.) they will update the Nominet records for you. if my answer answers you question can you mark it as accepted please. Thanks. – Michael Brown Jul 10 '17 at 10:49
  • 1
    To simplify: when you modify nameservers in your registrar control panel, those changes are reflected both on the top level domain nameservers as well as in WHOIS. You do not update one independently of the other. DNS does not use WHOIS for anything, it's purely an administrative database for humans. – Andrew B Jul 11 '17 at 16:04
  • @AndrewB I regularly update one independently of the other. My whois information is maintained with my domain name reseller. However, my DNS information is managed in Linode DNS Manager. – Lone Learner Jul 15 '17 at 04:55
  • @Lone No, your domain's primary nameserver information is managed by the registry, and the registry is updated when you make changes in the registrar control panel. If the registry does not delegate to those DNS servers, the internet will never know to talk to Linode for your DNS data. – Andrew B Jul 15 '17 at 06:28
  • @AndrewB If I update the nameserver field in my registrar control panel to say NS1.DIGITALOCEAN.COM, then the whois record shows name server as NS1.DIGITALOCEAN.COM. But `dig` still shows the NS record for my domain to have NS1.LINODE.COM because the NS records are defined in the zone file managed via my Linode DNS manager. Isn't this an example of whois and DNS records being maintained independently of one another? – Lone Learner Jul 16 '17 at 09:38
  • What you're describing is a scenario known as a NS record mismatch, which occurs when the NS records on the child side of the referral do not agree with the parent. The parent side will *always* be used first, as there is no way to learn of the child nameservers otherwise. If you look at `+trace` for your domain, you will still see the registrar defined servers. Those records may end up being replaced by the NS records on the child side depending on how the software is written. This is a very complex scenario, but I've detailed it before [in this Q&A](https://serverfault.com/q/588244/152073). – Andrew B Jul 16 '17 at 23:42
2

Why do name servers occur in whois as well as DNS?

Because they can. WHOIS is not a tool for DNS administrators. It is a tool for domain administrators. While these roles may occasionally share the same IT personnel in a business, frequently they do not. In many cases the person who buys the domain simply plugs in a list of DNS servers provided to them by another department.

WHOIS provides all of the information needed to understand ownership of the domain, and details pertinent to its configuration with the registry itself. There is no need for people who are not DNS administrators to utilize a protocol that they are not familiar with.

Andrew B
  • 31,858
  • 12
  • 90
  • 128
  • "WHOIS is not a tool for DNS administrators." except that if the domain is on `clientHold` or `serverHold` EPP status, hence does not resolve, you can find this information (the domain statuses) only in whois output, nowhere else. The DNS queries will reply `NXDOMAIN` as it does for any other non registered domain name. – Patrick Mevzek Jan 15 '20 at 17:50
1

Whois and DNS are both two "directories" and ways to access their data. They cater for different needs

  • whois has no operational consequences; it just lists data associated with a domain name, for human consumption and, typically, to know who to contact in case of problems
  • DNS is used for resolution, that is to find content associated with the domain name.

A registry manages both. Registrars send data (creations and updates) to registries, which in turn modify contents in whois & DNS systems.

So following my first point above, nameservers in whois are not used for anything, and especially not during resolution, and if there is a discrepancy (it can happen, both due to bugs or just due to the fact that both systems are not necessarily updated at the same frequency, in the past the typical delays where up to 24 hours for a change appearing in whois and a couple of hours for the DNS ; things are faster today) the information in the DNS "wins" in the sense that only this data is used during resolution.

Patrick Mevzek
  • 9,273
  • 7
  • 29
  • 42
  • If the "Name Server" field in whois has no consequence and might be incorrect, why was this information included as part of whois in the first place? – Lone Learner Jul 14 '17 at 11:14
  • 1
    Hi Lone Learner, I agree there is some overlap in information stored, but the two databases are accessed by different protocols and for different purposes. WHOIS is the protocol used to query registrars. registrars need the info including the current list of Name Servers. lets say for example you wish to transfer your domain from one registrar to another. as part of that process the list of current name servers will need to be shared so that the new registrar has that information. if the Name Servers were not part of the Domain Registration then the transfer process would have to be changed... – Michael Brown Jul 14 '17 at 13:51
  • ....To include additional protocols and lookups of the DNS database. here are a couple of links to WHOIS protocol information and Domain Name Registrars https://en.wikipedia.org/wiki/WHOIS https://en.wikipedia.org/wiki/Domain_name_registrar – Michael Brown Jul 14 '17 at 13:52
  • You are mostly correct with regard to different protocols, but given that the referral and glue data is managed through the registry, it would not be necessary to rely on WHOIS to keep the nameservers for that domain intact during the ownership transfer process. I think we're at an impasse with this question regardless, as the fact that these are two unrelated protocols has been restated by three different people now. – Andrew B Jul 14 '17 at 17:13
  • @MichaelBrown It is very clear to me that they are two different protocol. What is not clear to me is why we need to have the "Name Server" information in whois when it doesn't serve any functional purpose. The registrar requiring that info does not seem to be a sound justification. The whois protocol and the transfer process could have been designed such that the "Name Server" information was not required. – Lone Learner Jul 15 '17 at 04:54
  • @Lone It's only redundant if you're a DNS administrator. Keep in mind that not everyone who manages a registrar control panel works with DNS outside of defining the DNS servers. Many have those people have no idea what an `A` record even is. WHOIS is an information database containing information relative to the ownership of the domain itself...no more, no less. The text fields are freeform. The fact that the nameservers are listed is an *informational* detail, not a *functional* one. – Andrew B Jul 15 '17 at 06:42
  • @AndrewB Why is the nameserver information considered to be a part of the ownership information worth capturing in WHOIS. Why isn't name, email address, physical address and phone number sufficient as ownership information? These four should be sufficient to offer information and settle any disputes regarding ownership. – Lone Learner Jul 16 '17 at 13:46
  • It's a setting configured at the registry level, and pertinent to the work that domain admins do. It's not that obvious unless you've been exposed to domain admins who are not also DNS admins. Whether you personally find it useful is not relevant to the questions being asked. – Andrew B Jul 17 '17 at 03:17
  • @MichaelBrown : registrars do not need whois to operate, EPP access is enough ; specifically a transfer is done without change of nameservers so the new registrar does not even need to know what there are before starting the transfer – Patrick Mevzek Jul 27 '17 at 10:14
  • @LoneLearner : if the resolution fails for whatever reason at whatever level, whois would still be useful to find the person to contact... either because some individial is explicitely listed in whois output, or because you see the nameservers and hence the relevant DNS administrator. – Patrick Mevzek Jul 27 '17 at 10:17