20
3
Normally, after a domain name is registered, it has some DNS records. But recently, I found some registered domain names that have no DNS records.
For example, I ran dig 00000onlinecasino.com any but it did not return any DNS records, not even the NS record, despite the fact this is a registered domain.
Is it possible to have no DNS records, or is there some error in the DNS system?
peter
Posted 2018-03-27T11:22:10.077
Reputation: 223
31
TL;DR It's extremely unlikely (though not technically impossible) that a properly registered domain would have zero* DNS records. The existence of the domain must be announced to the global DNS system by an update provided by the domain registrar. Failure by the Registrar to provide this update would constitute failure to perform the duty delegated to them by the IANA.
When a domain is registered, the Domain Registrar sends an update to the generic Top-Level Domain (gTLD) servers responsible for the TLD in question. For example, registering the domain example.com triggers an update to the .com gTLD servers, which are operated by VeriSign.
This update includes the authoritative name server (NS) records from the domain's WHOIS data. The gTLD server then creates a DNS glue record for the domain pointing to the authoritative name servers. These glue records are what enable the gTLD servers to refer incoming queries to the authoritative name servers for the domain.
Therefore, unless the domain registrar fails to perform the duty delegated to them by IANA, a lookup against any registered domain will return the authoritative name server records for that domain.
00000onlinecasino.com returning any records?It appears that everything has taken place as described above; in other words, this domain's registrar (NameBright.com) has created the required WHOIS entry and submitted the NS records to the .COM gTLD servers. I confirmed this as follows by running nslookup set to query for NS records:
C:\> nslookup -q=ns 00000onlinecasino.com
Server: my-dns-server.internal.local
Address: 192.168.168.1
Non-authoritative answer:
00000onlinecasino.com nameserver = n2.juming.com
00000onlinecasino.com nameserver = n1.juming.com
n2.juming.com internet address = 112.253.3.26
n2.juming.com internet address = 121.14.157.13
n1.juming.com internet address = 121.14.157.13
n1.juming.com internet address = 220.181.135.142
I also used this handy Glue Record checker from MeBSD.com which confirmed the results:
However, the same query when performed against any of these name servers is returning an error:
C:\> nslookup -q=ns 00000onlinecasino.com n1.juming.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 220.181.135.142
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
Since these servers are authoritative for this domain, they should at least know about it and identify themselves as the NS records for the domain! Given this, it's clear that these NS servers have been mis-configured.
*I must allow that the definition of "zero DNS records" is open to interpretation. As demonstrated by this question's test case, the authoritative name servers aren't responding, giving cause to the argument that the domain has no records. However, I prefer the view that a domain's glue records are essentially the "other half" of a domain's NS records. After all without the glue records, any attempts to look up the authoritative name servers for a domain would result in the circular instruction to, "go ask [insert name server here]."
I say Reinstate Monica
Posted 2018-03-27T11:22:10.077
Reputation: 21 477
Not necessarily consistent with my experience lo these many years ago when I first registered my domain - will a registrar assign a 'dummy' NS address to a brand new domain that doesn't have a host ready yet? – Jeff Zeitlin – 2018-03-27T12:13:06.077
I'm unsure what you mean by "dummy NS address", though it feels like you may be unclear on what NS records do. In short, they tell the Internet which DNS server is authoritative for DNS lookup requests for said domain. The concept of a dummy record doesn't make sense here. – I say Reinstate Monica – 2018-03-27T12:23:15.220
Example: My hosting company is not my registrar, and my hosting company's name servers provide the authoritative answers for the addresses of my domain's web and mail server. Before I activated my hosting, but after I'd paid my money to my registrar for the domain name, what would the NS records have pointed to? – Jeff Zeitlin – 2018-03-27T12:27:34.303
3They would have pointed to the registrar's name servers. That's always where they point unless changed. – I say Reinstate Monica – 2018-03-27T12:31:16.487
2You have to supply NS records in your whois registration. Those NS servers are free then to say "as far as we know this domain doesn't exist" but because they are authoritative, this is then the authoritative answer. – tripleee – 2018-03-27T12:46:07.857
By definition the existence of authoritative DNS NS records for a domain makes the domain exist, at least as far as DNS is concerned, since NS records are DNS records like any other. – I say Reinstate Monica – 2018-03-27T19:34:15.153
@twisty-impersonator In your example, there are no glue records. If the nameserver is not in the domain, no glue record is required. If they are in the domain, the parent domain needs A records for them to prevent a circular dependency. Those A records are the glue records. – Isvara – 2018-03-27T22:01:06.303
@TwistyImpersonator Do you have a reference to NS records meaning a domain exists? I was under the impression that a domain didn't exist unless it had an SOA record. NS records can point to a non-existent domain, in which case they are lame delegations. – Isvara – 2018-03-27T22:03:05.857
@Derecho I included in my answer data demonstrating the existence of glue records for this domain. As for a reference, I'm not aware of an official (i.e. RFC-defined) definition of a domain's existence being established by the presence/absence of DNS records. My answer shouldn't be considered canonical for such a definition. – I say Reinstate Monica – 2018-03-27T22:08:50.873
@TwistyImpersonator If you do a non-recursive query on, say, a.gtld-servers.net for n1.juming.com's A record, you'll see that it doesn't have it. Therefore, no glue. – Isvara – 2018-03-28T02:06:07.840
Try using this tool to query for the glue records. It's finding them just fine.
– I say Reinstate Monica – 2018-03-28T02:11:40.603The german registry for .de domains DeNIC has another way of doing this: https://www.denic.de/en/domains/de-domains/registration/nameserver-and-nsentry-data/ You can actually directly pass records in the domain registration commands, and use the domain without having to operate own nameservers at all.
– Tobias Mädel – 2018-03-28T09:32:34.680Thanks, @TwistyImpersonator, and all! Your answer is very informative. To summarize what I read from your answer, the answers from others, and the related posts: all registered domains must have ns-type records in gTLD's name server indicating their authoritative name servers. If the authoritative name server is rooted under the domain, glue records must be added to the gTLD's name server as well. Correct me if I am wrong. BTW, your local DNS server seems superior to mine and can retrieve the NS records from gTLD's name server:-) – peter – 2018-03-28T16:56:58.660
@peter you are correct on all points. I wondered too about my DNS server. All I could figure was that it uses root hints, though I find that explanation lacking. – I say Reinstate Monica – 2018-03-28T17:14:59.397
This answer is completely wrong starting with " At minimum, every domain has one or more DNS glue records" which is false. Domains with glue records are a minority, and domains can have no nameservers also. – Patrick Mevzek – 2018-04-06T05:16:51.223
The definition of "glue records" here and associated tools added is completely wrong. A parent zone lists nameservers of each of its children domain, that is NS records. In the rare case that one of the nameserver is in-bailiwick of its own domain, then the parent zone will need to list extra A/AAAA records for the nameserver. Those are glue records. It is a very specific case, and certainly the minority. – Patrick Mevzek – 2018-04-06T05:19:38.987
A registrar sends an EPP domain:create command to register a domain name. This command can include nameservers, but they are optional. Nameservers can be changed at anytime later. Registrars do not create "Whois entry" this is completely wrong terminology. – Patrick Mevzek – 2018-04-06T05:25:00.633
Use dig instead of nslookup as troubleshooting tool. Also your example show nothing in fact because whatever tool you use you must specifiy explicitely the nameserver you query if you want to display exactly what this nameserver has. When troubleshooting, you should start by querying the authoritiative nameservers (dig +trace option can help) then the recursive ones. – Patrick Mevzek – 2018-04-06T05:26:32.457
"The existence of the domain must be announced to the global DNS system by an update provided by the domain registrar." False. The DNS does not prove if the domain exist or not, only if it is published or not. A non published domain name can still exist, as registered in the registry database, just without any nameservers. This is perflectly legit. – Patrick Mevzek – 2018-04-06T05:33:35.350
"Failure by the Registrar to provide this update would constitute failure to perform the duty delegated to them by the IANA." This is completely wrong, and IANA has nothing to do in that. In gTLDs, registry and registrars are accredited by ICANN. IANA is a very specific service/function that was conducted by ICANN but that may become independent in the future. – Patrick Mevzek – 2018-04-06T05:34:45.383
"They would have pointed to the registrar's name servers. That's always where they point unless changed. " Completely false. Some registrars may have the habit of putting, by default, their nameservers upon a domain name creation when no others are provided. But this is purely a local business policy and absolutely not a requirement. Other registrars can let you choose which nameservers to use, including none of them. – Patrick Mevzek – 2018-04-06T05:36:57.293
This domain does not come with glue records as its nameservers are not in-bailiwick. – Patrick Mevzek – 2018-04-06T05:37:56.783
@peter "all registered domains must have ns-type records in gTLD's name server indicating their authoritative name servers." This is false, again and again. In any TLD, a domain name can exist without any nameserver. This is legit and happens for various reasons. – Patrick Mevzek – 2018-04-06T05:39:07.397
8
Yes. There are multiple ways this can happen.
To start, let's review how DNS lookup works for a record like www.example.com:
The DNS resolver contacts a root nameserver, which responds with a delegation to the com TLD nameservers.
The resolver contacts a com TLD nameserver, which responds with a delegation to the registered nameservers for example.com.
The resolver contacts one of the registered nameservers for example.com, which responds with the records for www.example.com.
First: the nameservers for example.com could have deleted all records for example.com. While domain servers are supposed to always have certain records (including SOA and NS records) available for a domain, there is nothing in practice which forces them to do so. A domain missing these records may not work properly with some resolvers, but if the domain has no DNS records anyways there's no practical difference.
Second: the nameservers for example.com could reject or fail to respond to queries. The DNS records only exist within these nameservers, so if the nameservers aren't responding with the records, the records effectively don't exist.
Third: the com registry could suspend the registration for example.com, e.g. if the domain registration lapsed. This would cause the com nameservers to stop returning a delegation to the example.com nameservers, making any records there unavailable. Just as before, if the records aren't accessible, they might as well not exist.
duskwuff -inactive-
Posted 2018-03-27T11:22:10.077
Reputation: 3 824
4
There are 2 parts to registering the domain - getting it allocated by the registry and setting up DNS.
For most (all?) domains, DNS entries need to be provided for the domain to be registered (different tlds have different requirements but most require a minimum of 2 dns servers be specified). Often, however, there is no requirement that these nameservers are valid, do you can get away with putting anything in these fields.
The second part is setting up the zone on nameservers. Generally it's possible to leave this step out when registering a domain name, but most registrars will set something up here as part of your registration.
So, no, it's not possible to not specify any nameservers in most cases, but the specified nameservers font need to work. In this case, whois (which queries the registrar database) will generally show the nameservers but dig/nslookup (which relies on DNS working) won't.
davidgo
Posted 2018-03-27T11:22:10.077
Reputation: 49 152
1Yes, just now, I tried to change the name servers of one of my domains from the default ones to empty but failed. That means providing name servers to registry is a mandatory step in registering domains. Thank you for your answer,@davidgo! – peter – 2018-03-28T17:06:41.580
"whois (which queries the registrar database)" this is false. Each registry has a whois server and any whois client first query the registry whois server and in some cases, specifically .COM/.NET as they are thin (still), there is a need to contact the registrar whois server to get all the missing data, mostly the contact details. – Patrick Mevzek – 2018-04-06T05:28:29.350
@peter "That means providing name servers to registry is a mandatory step in registering domains." This is completely false. No technical standard nor policy enforce this. You are completely free to register domain names without nameservers. – Patrick Mevzek – 2018-04-06T05:29:20.330
@PatrickMevzek Which registrar will allow you to register a domain name with entries for DNS, and for what TLDs? – davidgo – 2018-04-06T05:39:24.587
@davidgo Sorry I do not parse your question. Any competent registrar will let you register a domain name in any TLD it manages without putting nameservers. This is a basic feature. – Patrick Mevzek – 2018-04-06T05:41:33.543
"Often, however, there is no requirement that these nameservers are valid, do you can get away with putting anything in these fields." not 100% true. First there are minimum syntax checks, if not on the registrar level than on the registry one. So nameservers should be nameservers not any garbage string. Then, some registries (but less and less of them) do conduct tests and check that the given nameservers correctly reply for the domain name they are associated with. If they do not, the registration can be canceled. – Patrick Mevzek – 2018-04-06T05:55:07.693
2
It would help if you could join some screenshots of what you are getting.
But without this information, I theorize that you are looking in the wrong place.
When a specific name server is not specified in the command invocation,
dig will look in your /etc/resolv.conf file and will query the DNS servers
that are listed in there.
If the domain you are searching for is not listed with the DNS servers in your copy of resolv.conf, then it will not be found.
You should add to the file a DNS server for that domain, or specify it on the dig command, by preference one that can give an authoritative answer.
harrymc
Posted 2018-03-27T11:22:10.077
Reputation: 306 093
It used 8.8.8.8 as the name server. dig command does not return any DNS record. I even used the authority name server as seen in the sceenshot provided by @Twisty Impersonator, but that server seems dead("connection timed out; no servers could be reached"). That might explain why 8.8.8.8 could not return DNS records as well. – peter – 2018-03-27T16:02:37.437
1Yes, that's the likeliest supposition : The records were not available on any reachable DNS server. – harrymc – 2018-03-27T16:56:26.573
-1
It's entirely possible for a domain to be registered, but not have a DNS entry - if I've registered a domain, but haven't actually purchased hosting and activated the site that will be associated with the domain, there's nothing for it to resolve to.
Jeff Zeitlin
Posted 2018-03-27T11:22:10.077
Reputation: 2 918
4-1 because its not entirely true. – LPChip – 2018-03-27T11:53:38.177
1@LPChip - Would you care to elaborate on that? It certainly matches my experience when I first got my hobby domain... – Jeff Zeitlin – 2018-03-27T11:54:49.837
See my answer. :) – LPChip – 2018-03-27T11:55:16.647
@LPChip - Now please explain how a SRV record can exist if I don't have a place to host yet. – Jeff Zeitlin – 2018-03-27T11:56:40.597
Actually I mistaken SRV with NS. Twisty Impersonator has it correct, so I deleted my answer. – LPChip – 2018-03-27T11:59:50.560
1@JeffZeitlin: 1) Not all domain registrar sell domains + web hosting in a semi-package. DNS hosting is a completely independent service from web hosting (or mail hosting or other hosting). 2) DNS records of your domain are not required to point to your web server. They can point to a server which doesn't host websites; or to someone else's; or to a nonexistent server. 3) DNS does more than just "pointing to a server": there are plenty of DNS record types with different purposes than that. For example all correctly configured domains have SOA and NS records linking the domain with its parent. – user1686 – 2018-03-28T04:49:12.790
This post makes loads of assumptions. @grawity is correct. To expand on his answer, whether DNS entries exist after registering (but before pointing to hosting) is completely dependent upon the registrar. GoDaddy, for example, sets up @ A records pointing to themselves for free advertising. Furthermore, as stated, the registrar is entirely different from the host -- you're lumping them in the same category. This answer is uninformative and largely incorrect. – Nate I – 2018-03-28T18:28:44.177
This is in fact the only correct answer. The act of registering a domain name and publishing it are two different things, the second one being a possible consequence of the first one, but you can as well register a domain name (it will appear in whois and noone else will be able to register it), but not associate nameservers to it, hence it would not resolve. This also happens in case of disputes or serverHold/clientHold statuses. In total it is surely only a few percent max of the total number of domain names. – Patrick Mevzek – 2018-04-06T05:22:31.200
3How did you find these domains? – I say Reinstate Monica – 2018-03-27T12:03:18.390
For example, "dig 00000onlinecasino.com any" can not return any DNS record, even the NS record, although it is a registered domain. In theory, are the domain registration and the DNS two separated systems(although usually they are connected together)? – peter – 2018-03-27T14:26:42.853
To see the NS records (which indeed exist for that domain) I think you need to use
dig +short NS 00000onlinecasino.com– I say Reinstate Monica – 2018-03-27T14:31:29.190Maybe I'm in bad luck, but that command does not output anything on my machine:-) – peter – 2018-03-27T14:38:26.640
Sorry, I'm not a *nix user. On my machine I used nslookup and got these results.
– I say Reinstate Monica – 2018-03-27T14:42:12.4703"any" might not be as reliable for that purpose as you think - it certainly is not meant to give you a complete copy of a zone. That's what "axfr" is for, and most DNS servers will reject that query for good reasons. – rackandboneman – 2018-03-27T19:37:15.193
Do not use the
ANYrecord type, it will become deprecated as it does not do what you think it does. Also when you usedigalways specify which nameserver you query. – Patrick Mevzek – 2018-04-06T05:31:43.857