Why nslookup or dig doesn't return nameservers for certain domains?

Question

Example:

dig @8.8.8.8 NS zzy.pl

; <<>> DiG 9.9.5-9+deb8u10-Raspbian <<>> @8.8.8.8 NS zzy.pl
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9801
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;zzy.pl.                                IN      NS

;; AUTHORITY SECTION:
pl.                     1724    IN      SOA     ns1.dropped.net.pl. kontakt.dropped.pl. 2008121404 3600 1800 1209600 3600

;; Query time: 101 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Nov 30 19:15:36 UTC 2017
;; MSG SIZE  rcvd: 103

.

nslookup -type=ANY -timeout=10 zzy.pl 8.8.8.8

Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   zzy.pl
Address: 212.91.7.33
Name:   zzy.pl
Address: 212.91.6.58

Authoritative answers can be found from:

From whois:

DOMAIN NAME:    
zzy.pl

registrant type:    
organization

nameservers:    
ns1.aftermarket.pl.    
ns2.aftermarket.pl.

(...)

How he didn't configure it when whois shows nameservers and nslookup returns A record? — Flash Thunder, Nov 30 '17 at 20:20
I should say that he didn't configure DNS _correctly_. I have no idea where the A records are coming from. The zone doesn't appear to have proper NS or even SOA records. — Michael Hampton, Nov 30 '17 at 20:35

score 3 · Accepted Answer · answered Nov 30 '17 at 20:40

TL;WR, the main takeaway from this is that when someone sets things up incorrectly, you get strange results.

The zzy.pl domain is delegated to

ns1.aftermarket.pl.
ns2.aftermarket.pl.

These nameservers are misconfigured, rather than having a zone for zzy.pl (expected) they have a zone for pl (incorrect).

So when you ask these nameservers about zzy.pl IN NS, they have no NS records (as a direct result o the above mentioned misconfiguration) and answer with a NODATA response (meaning that the requested name exists, but has no records of the requested type) with the SOA record from their version of a pl zone.
Any zone should have at least SOA and NS at the apex, so zzy.pl is broken in this regard.

For reference:

Delegation (normal) from the pl TLD nameservers:

$ dig @a-dns.pl zzy.pl NS +norec

; <<>> DiG 9.11.1-P3-RedHat-9.11.1-3.P3.fc26 <<>> @a-dns.pl zzy.pl NS +norec
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51524
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zzy.pl.                                IN      NS

;; AUTHORITY SECTION:
zzy.pl.                 86400   IN      NS      ns2.aftermarket.pl.
zzy.pl.                 86400   IN      NS      ns1.aftermarket.pl.

;; Query time: 25 msec
;; SERVER: 2001:a10:121:1::156#53(2001:a10:121:1::156)
;; WHEN: Thu Nov 30 20:29:50 UTC 2017
;; MSG SIZE  rcvd: 83
$

Authoritative response (expected to match the above, but is instead NODATA and looks as if response is from pl zone, which we just moved on from in the previous step):

$ dig @ns1.aftermarket.pl. zzy.pl NS +norec

; <<>> DiG 9.11.1-P3-RedHat-9.11.1-3.P3.fc26 <<>> @ns1.aftermarket.pl. zzy.pl NS +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20464
;; flags: qr aa ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zzy.pl.                                IN      NS

;; AUTHORITY SECTION:
pl.                     3600    IN      SOA     ns1.dropped.net.pl. kontakt.dropped.pl. 2008121404 3600 1800 1209600 3600

;; Query time: 23 msec
;; SERVER: 212.91.6.36#53(212.91.6.36)
;; WHEN: Thu Nov 30 20:24:23 UTC 2017
;; MSG SIZE  rcvd: 103

$

Querying them for pl confirms this:

$ dig @ns1.aftermarket.pl. pl NS +norec

; <<>> DiG 9.11.1-P3-RedHat-9.11.1-3.P3.fc26 <<>> @ns1.aftermarket.pl. pl NS +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63021
;; flags: qr aa ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pl.                            IN      NS

;; ANSWER SECTION:
pl.                     3600    IN      NS      ns2.dropped.net.pl.
pl.                     3600    IN      NS      ns1.dropped.net.pl.

;; ADDITIONAL SECTION:
ns1.dropped.net.pl.     86400   IN      A       212.91.6.36
ns2.dropped.net.pl.     86400   IN      A       212.91.7.38

;; Query time: 23 msec
;; SERVER: 212.91.6.36#53(212.91.6.36)
;; WHEN: Thu Nov 30 20:24:29 UTC 2017
;; MSG SIZE  rcvd: 111

$

thanx, that explained a lot :-) – Flash Thunder Nov 30 '17 at 21:37 — Flash Thunder, Nov 30 '17 at 21:37

Why nslookup or dig doesn't return nameservers for certain domains?

1 Answers1