Login or Register to Ask a Question and Join Our Community


IP Networking

DNS and Authoritative Servers

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums IP Networking DNS and Authoritative Servers
# 1  
Old 11-28-2013
DNS and Authoritative Servers
Hey everyone, I've noticed that when I do a dig command, I don't get any authoritative records back. For example a dig to cnn.com just yields:

Code:
;; QUESTION SECTION:
;cnn.com.            IN    A

;; ANSWER SECTION:
cnn.com.        300    IN    A    157.166.226.25
cnn.com.        300    IN    A    157.166.226.26


At first I thought it was because my caching server already had it, but I tried a multitude of sites, and none return any authoritative records. How is this?
Even with the +authority switch it doesn't return anything. Is it possible the ISP can block this ? That was my first thought, or is there something else at play?
Last edited by Scott; 11-29-2013 at 05:39 PM.. Reason: Code tags
# 2  
Old 11-29-2013
I recall seeing all sorts of records using nslookup, especially with debug 2. You have to do query type SOA for start of authority. (You get details on your default or specified DNS server, too, first.)
Code:
$ nslookup -query=SOA -d2 bankofamerica.com

Other nslookup versions use '-qt' for '-query'.
# 3  
Old 11-29-2013
Thanks for the response. I guess I"ll use nslookup. I was aware of this tool, but always assumed that dig had more functionality to cover stuff like this. I guess not...
# 4  
Old 11-30-2013
dig commands shows authoritative answer

Code:
                                                
dig cnn.com

; <<>> DiG 9.9.4 <<>> cnn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27430
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;cnn.com.            IN    A

;; ANSWER SECTION:
cnn.com.        300    IN    A    157.166.226.26
cnn.com.        300    IN    A    157.166.226.25

;; AUTHORITY SECTION:
cnn.com.        172800    IN    NS    ns1 .p42.dynect.net.
cnn.com.        172800    IN    NS    ns2 .p42.dynect.net.
cnn.com.        172800    IN    NS    ns3. timewarner.net.
cnn.com.        172800    IN    NS    ns1 .timewarner.net.

;; ADDITIONAL SECTION:
ns1.p42.dynect .net.    86400    IN    A    208.78.70.42
ns1.p42.dynect. net.    300    IN    AAAA    2001:500:90:1::42
ns1.timewarner. net.    172800    IN    A    204.74.108.238
ns2.p42.dynect. net.    86400    IN    A    204.13.250.42
ns3.timewarner. net.    172800    IN    A    199.7.68.238

;; Query time: 190 msec
;; SERVER: 10.30.74.3#53(10.30.74.3)
;; WHEN: Sat Nov 30 17:48:21 EET 2013
;; MSG SIZE  rcvd: 257

# 5  
Old 11-30-2013
that's so bizzare...this is my output..
Code:
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> cnn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60915
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;cnn.com.            IN    A

;; ANSWER SECTION:
cnn.com.        23    IN    A    157.166.226.25
cnn.com.        23    IN    A    157.166.226.26

;; Query time: 17 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Nov 30 13:14:22 2013
;; MSG SIZE  rcvd: 57

I don't know why we get two drastically different outputs
Last edited by Scott; 11-30-2013 at 04:32 PM.. Reason: Code tags, please...
# 6  
Old 11-30-2013
Quote:
Originally Posted by Lost in Cyberia
that's so bizzare...this is my output..

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> cnn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60915
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;cnn.com. IN A

;; ANSWER SECTION:
cnn.com. 23 IN A 157.166.226.25
cnn.com. 23 IN A 157.166.226.26

;; Query time: 17 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Nov 30 13:14:22 2013
;; MSG SIZE rcvd: 57


I don't know why we get two drastically different outputs
Probably because the dns server you are asking, isn't recursive.
# 7  
Old 11-30-2013
So how does one know they contact a recursive server? and how would you purposefully contact one instead of a non-recursive dns server?

Is it luck of the draw? because you did exactly the same command as I did, but got the dns results back with the authority..something i've tried multiple times, but just end up getting the basic return
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Ubuntu

Network Manager not setting correct DNS servers

Since a few weeks i use Ubuntu 16 on my laptop: # uname -a Linux xxxx 4.8.0-52-generic #55~16.04.1-Ubuntu SMP Fri Apr 28 14:36:29 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux Because i want to use a custom name server i set the properties in the "Edit Connections" dialogue to the following: ... (2 Replies)
Discussion started by: bakunin
2 Replies

2. Linux

Domain registrars & DNS servers

I have read many tutorials on bind and i understand the A,MX, CNAME records. Internally, on a LAN we can install bind and create all these records and we can tell all PC and servers to use this bind as DNS server.that's fine. On the Internet, when we have purchased a valid domain like... (5 Replies)
Discussion started by: coolatt
5 Replies

3. Red Hat

DHCP & DNS - Clients get IP but don't register in DNS

I am trying to setup a CentOS 6.2 server that will be doing 3 things DHCP, DNS & Samba for a very small office (2 users). The idea being this will replace a very old Win2k server. The users are all windows based clients so only the server will be Linux based. I've installed CentOS 6.2 with... (4 Replies)
Discussion started by: FireBIade
4 Replies

4. UNIX for Advanced & Expert Users

DNS server choice: Windows DNS vs Linux BIND

I'd like to get some opnions on choosing DNS server: Windows DNS vs Linux BIND comparrsion: 1) managment, easy of use 2) Security 3) features 4) peformance 5) ?? I personally prefer Windows DNS server for management, it supports GUI and command line. But I am not sure about security... (2 Replies)
Discussion started by: honglus
2 Replies

5. IP Networking

Select DNS Servers depending on the domain

Hello, I'm using CentOS 5.3, and I connect to a VPN in order to work. The problem is that I'm constantly accessing things on the local network and the remote network. But once I'm connected to the VPN I can't access local addresses by name, I have to use the ip-address. What I'd like is to... (4 Replies)
Discussion started by: martincastell
4 Replies

6. AIX

Servers still querying old DNS server?

Hello, I've created new DNS servers and changed all of the clients /etc/resolv.conf to point to them, but when I check the old DNS logs, I see that the clients are still querying it. Does anybody know why? thanks, (2 Replies)
Discussion started by: ctcuser
2 Replies

7. AIX

Dns Servers

My only question is Can we have two auteritative Name servers for a single domain? Just a question. (1 Reply)
Discussion started by: vjm
1 Replies

8. UNIX for Dummies Questions & Answers

DNS servers

I am supposed to setup a Domain Name Server, and I don't really know how to do this, can someone either help me, or point me in the direction of a site that has a good explination of how to do this. Thanks, Ronnie (5 Replies)
Discussion started by: ignus7
5 Replies

9. UNIX for Advanced & Expert Users

How can I use DNS Server to Load Balancing my Web Servers ??

Anyone can give me some idea about DNS Server Configuration that I want to load balancing my Web Servers . (1 Reply)
Discussion started by: ottobian
1 Replies
Login or Register to Ask a Question