nslookup DNS query won't display authoritative answer

6

1

I am trying to get the authoritative DNS servers for a server in Europe per my assignment instructions. I looked up how to do it and got two different ways.

One is:

nslookup -type=soa ox.ac.uk

And the other is:

nslookup -type=ns ox.ac.uk

Both give me this for the authoritative answer part:

Authoritative answers can be found from:

At first I thought it might be a security feature on Oxford's part that perhaps they hide their DNS address from nslookup so as to avoid attacks on those servers. But I learned that's a dumb conclusion and I tried those commands with every university that Google gave me for "university in Europe", and all of them gave me non-responses for authoritative answers. Am I entering the wrong command, is my computer messed up, or is it my ISP that is messing me up?

Full command and output here:

Sat Apr 08 23:06 user_name:/Users/user_name $nslookup -type=soa ox.ac.uk
Server:     192.168.1.254
Address:    192.168.1.254#53

Non-authoritative answer:
ox.ac.uk
    origin = nighthawk.dns.ox.ac.uk
    mail addr = hostmaster.ox.ac.uk
    serial = 2017040772
    refresh = 3600
    retry = 1800
    expire = 1209600
    minimum = 900

Authoritative answers can be found from:

Sat Apr 08 23:06 user_name:/Users/user_name $nslookup -type=NS ox.ac.uk
Server:     192.168.1.254
Address:    192.168.1.254#53

Non-authoritative answer:
ox.ac.uk    nameserver = dns2.ox.ac.uk.
ox.ac.uk    nameserver = dns1.ox.ac.uk.
ox.ac.uk    nameserver = dns0.ox.ac.uk.
ox.ac.uk    nameserver = ns2.ja.net.

Authoritative answers can be found from:

modernNeo

Posted 2017-04-09T08:34:06.237

Reputation: 71

Answers

3

To get guaranteed authoritative (and up-to-date) answers from a domain with nslookup, you should query the authoritative servers directly. For example, to get the authoritative DNS name servers for the domain ox.ac.uk, in nslookup run:

> set query=ns
> ox.ac.uk

The set query=ns command tells nslookup we want to know what DNS servers are authoritative for the domain. You'll get output that includes the authoritative name servers for the ox.ac.uk domain:

ox.ac.uk    nameserver = dns2.ox.ac.uk.
ox.ac.uk    nameserver = dns1.ox.ac.uk.
ox.ac.uk    nameserver = dns0.ox.ac.uk.
ox.ac.uk    nameserver = ns2.ja.net.

Now, these results are coming from whatever DNS server your system is currently configured to use, which means these records may possibly be cached. If you really want to be sure you're getting the most current information, you need to query one of the domain's authoritative name servers directly, as follows:

In nslookup run:

> server dns2.ox.ac.uk

This tells nslookup to send subsequent DNS lookups to the specified server, which is authoritative for this domain. (Any one of the DNS servers listed in our above query should work.) Now switch from Nameserver record query mode back to "any" record mode with:

> set query=any

And issue a query for whatever record you want. In this case, we'll query the domain itself with:

> ox.ac.uk

The result includes the authoritative name servers for the domain:

Server:  dns1.ox.ac.uk
Address:  129.67.1.191



ox.ac.uk        internet address = 129.67.242.154
ox.ac.uk        internet address = 129.67.242.155
ox.ac.uk        nameserver = dns0.ox.ac.uk
ox.ac.uk        nameserver = dns1.ox.ac.uk
ox.ac.uk        nameserver = dns2.ox.ac.uk
ox.ac.uk        nameserver = ns2.ja.net


    primary name server = nighthawk.dns.ox.ac.uk
    responsible mail addr = hostmaster.ox.ac.uk
    serial  = 2017040772
    refresh = 3600 (1 hour)
    retry   = 1800 (30 mins)
    expire  = 1209600 (14 days)
    default TTL = 900 (15 mins)

The primary name server is the "Master" DNS server. This is typically where the domain's administrator will perform updates to DNS records. The remaining nameservers are "Slave" DNS servers. They're job is to simply keep a copy of the zone file provided by the Master server. Having multiple DNS servers ensures the zone is still accessible should one of the servers go down.

Any one of the listed DNS servers should be able to respond (authoritatively) to DNS queries, unless the domain administrator has configured them otherwise.

I say Reinstate Monica

Posted 2017-04-09T08:34:06.237

Reputation: 21 477

https://pastebin.com/HkjdNk3K thats the response i got.. so which is the authoritative server for DNS queries? – modernNeo – 2017-04-09T21:24:41.800

There can be (and in this case, are) more than one authoritative DNS server for a zone. In this case, they are nighthawk.dns.ox.ac.uk, and all the servers listed as nameserver = [servername] – I say Reinstate Monica – 2017-04-09T22:26:45.050

can you answer me why the output from my school server is different from the output of my home computer? specifically when my school server does display info for authoritative answer and my home computer doesn't?

– modernNeo – 2017-04-10T01:00:12.340

The only difference I see in the output is that the order of the DNS servers is different. This is due to DNS Round-robin technique. Since most clients will talk with the first server in the list, changing the order of servers provides a basic method to achieve load balancing.

– I say Reinstate Monica – 2018-02-01T03:11:34.737

@modernNeo Please mark this answer accepted if it answered your question. – I say Reinstate Monica – 2019-03-25T11:51:49.550

there is also a difference in the outputs where my school server listed servers under the "Authoritative answers can be found from:" section and my home internet does not.

– modernNeo – 2019-04-04T03:55:37.543

The answer above already addresses the fact that the only results you can trust are those obtained from the authoritative DNS servers. The fact you're getting differing results proves the point: unless you use authoritative servers, you might get incorrect answers. – I say Reinstate Monica – 2019-04-04T13:19:56.003

yes, its already been established that my computer may not be obtaining the results from authoritative servers and therefore the results may not be trustworthy. But what I want to know is how to make my computer obtain the result from authoritative so that the output of the command from my computers lists authoritative server when running nslookup -type=NS ox.ac.uk – modernNeo – 2019-04-07T02:20:03.777

I see. For that you should ask a new question and link back to this one for context. – I say Reinstate Monica – 2019-04-07T12:14:57.223

what would the new question be though? cause I thought that the existing question cover it – modernNeo – 2019-04-07T23:29:17.403

I think your new question would be, "How to force my computer to only use authoritative name servers when performing DNS lookups." – I say Reinstate Monica – 2019-04-08T00:40:14.460

Asked: 2017-04-09T08:34:06.237

Viewed: 13 318 times

Active: 2017-04-17T00:26:18.127