How do I find the authoritative name-server for a domain name

Question

How can I find the origins of conflicting DNS records

User · Answer

An easy way is to use an online domain tool  My favorite is Domain Tools  formerly whois sc   I m not sure if they can resolve conflicting DNS records though  As an example  the DNS servers for stackoverflow com are    NS51 DOMAINCONTROL COM   NS52 DOMAINCONTROL COM

User · Answer

You can use the whois service  On a UNIX like operating system you would execute the following command  Alternatively you can do it on the web at http   www internic net whois html   whois stackoverflow com  You would get the following response      text removed here     Domain servers in listed order  NS51 DOMAINCONTROL COM NS52 DOMAINCONTROL COM  You can use nslookup or dig to find out more information about records for a given domain  This might help you resolve the conflicts you have described

User · Answer

Unfortunately  most of these tools only return the NS record as provided by the actual name server itself  To be more accurate in determining which name servers are actually responsible for a domain  you d have to either use  whois  and check the domains listed there OR use  dig  domain  NS   root name server   and run that recursively until you get the name server listings     I wish there were a simple command line that you could run to get THAT result dependably and in a consistent format  not just the result that is given from the name server itself  The purpose of this for me is to be able to query about 330 domain names that I manage so I can determine exactly which name server each domain is pointing to  as per their registrar settings    Anyone know of a command using  dig  or  host  or something else on  nix

User · Answer

On  nix     dig -t ns  lt domain name gt

User · Answer

I have found that for some domains  the above answers do not work   The quickest way I have found is to first check for an NS record   If that doesn t exist  check for an SOA record   If that doesn t exist  recursively resolve the name using dig and take the last NS record returned   An example that fits this is analyticsdcs ccs mcafee com    Check for an NS record   host -t NS analyticsdcs ccs mcafee com    If no NS found  check for an SOA record   host -t SOA analyticsdcs ccs mcafee com    If neither NS or SOA  do full recursive and take the last NS returned   dig  trace analyticsdcs ccs mcafee com    grep -w  IN   space    NS    tail -1   Test that the name server returned works   host analyticsdcs ccs mcafee com  gtm2 mcafee com

User · Answer

The term you should be googling is  authoritative   not  definitive    On Linux or Mac you can use the commands whois  dig  host  nslookup or several others  nslookup might also work on Windows   An example     whois stackoverflow com          Domain servers in listed order        NS51 DOMAINCONTROL COM       NS52 DOMAINCONTROL COM   As for the extra credit  Yes  it is possible     aryeh is definitely wrong  as his suggestion usually will only give you the IP address for the hostname  If you use dig  you have to look for NS records  like so   dig ns stackoverflow com   Keep in mind that this may ask your local DNS server and thus may give wrong or out-of-date answers that it has in its cache

User · Answer

You used the singular in your question but there are typically several authoritative name servers  the RFC 1034 recommends at least two   Unless you mean  primary name server  and not  authoritative name server   The secondary name servers are authoritative   To find out the name servers of a domain on  Unix       dig  short NS stackoverflow com  ns52 domaincontrol com   ns51 domaincontrol com    To find out the server listed as primary  the notion of  primary  is quite fuzzy these days and typically has no good answer      dig  short  SOA stackoverflow com   cut -d    -f1 ns51 domaincontrol com    To check discrepencies between name servers  my preference goes to the old check soa tool  described in Liu  amp  Albitz  DNS  amp  BIND  book  O Reilly editor   The source code is available in http   examples oreilly com dns5     check soa stackoverflow com ns51 domaincontrol com has serial number 2008041300 ns52 domaincontrol com has serial number 2008041300   Here  the two authoritative name servers have the same serial number  Good

User · Answer

I found that the best way it to add always the  trace option   dig SOA  trace stackoverflow com   It works also with recursive CNAME hosted in different provider   trace trace imply  norecurse so the result is just for the domain you specify

User · Answer

SOA records are present on all servers further up the hierarchy  over which the domain owner has NO control  and they all in effect point to the one authoritative name server under control of the domain owner    The SOA record on the authoritative server itself is  on the other hand  not strictly needed for resolving that domain  and can contain bogus info  or hidden primary  or otherwise restricted servers  and should not be relied on to determine the authoritative name server for a given domain   You need to query the server that is authoritative for the top level domain to obtain reliable SOA information for a given child domain    The information about which server is authoritative for which TLD can be queried from the root name servers    When you have reliable information about the SOA from the TLD authoritative server  you can then query the primary name server itself authoritative  the one thats in the SOA record on the gTLD nameserver   for any other NS records  and then proceed with checking all those name servers you ve got from querying the NS records  to see if there is any inconsistency for any other particular record  on any of those servers   This all works much better reliable with linux and dig than with nslookup windows

User · Answer

We ve built a dns lookup tool that gives you the domain s authoritative nameservers and its common dns records in one request   Example  https   www misk com tools  dns stackoverflow com  Our tool finds the authoritative nameservers by performing a realtime  uncached  dns lookup at the root nameservers and then following the nameserver referrals until we reach the authoritative nameservers  This is the same logic that dns resolvers use to obtain authoritative answers  A random authoritative nameserver is selected  and identified  on each query allowing you to find conflicting dns records by performing multiple requests   You can also view the nameserver delegation path by clicking on  Authoritative Nameservers  at the bottom of the dns lookup results from the example above   Example  https   www misk com tools  dns stackoverflow com f root-servers net

User · Answer

You could find out the nameservers for a domain with the  quot host quot  command   davidp supernova     host -t ns stackoverflow com stackoverflow com name server ns51 domaincontrol com  stackoverflow com name server ns52 domaincontrol com

User · Answer

You ll want the SOA  Start of Authority  record for a given domain name  and this is how you accomplish it using the universally available nslookup command line tool   command line gt  nslookup  gt  set querytype soa  gt  stackoverflow com Server          217 30 180 230 Address         217 30 180 230 53  Non-authoritative answer  stackoverflow com         origin   ns51 domaincontrol com     primary name server  on Windows          mail addr   dns jomax net           responsible mail addr  on Windows          serial   2008041300         refresh   28800         retry   7200         expire   604800         minimum   86400 Authoritative answers can be found from  stackoverflow com       nameserver   ns52 domaincontrol com  stackoverflow com       nameserver   ns51 domaincontrol com    The origin  or primary name server on Windows  line tells you that ns51 domaincontrol is the main name server for stackoverflow com   At the end of output all authoritative servers  including backup servers for the given domain  are listed

[dns] How do I find the authoritative name-server for a domain name?

Examples related to dns