How do I find the authoritative name-server for a domain name?
How can I find the origins of conflicting DNS records?
-
An easy way is to use an online domain tool. My favorite is Domain Tools (formerly whois.sc). I'm not sure if they can resolve conflicting DNS records though. As an example, the DNS servers for stackoverflow.com are
NS51.DOMAINCONTROL.COM NS52.DOMAINCONTROL.COM讨论(0) -
You'll want the SOA (Start of Authority) record for a given domain name, and this is how you accomplish it using the universally available nslookup command line tool:
command line> nslookup > set querytype=soa > stackoverflow.com Server: 217.30.180.230 Address: 217.30.180.230#53 Non-authoritative answer: stackoverflow.com origin = ns51.domaincontrol.com # ("primary name server" on Windows) mail addr = dns.jomax.net # ("responsible mail addr" on Windows) serial = 2008041300 refresh = 28800 retry = 7200 expire = 604800 minimum = 86400 Authoritative answers can be found from: stackoverflow.com nameserver = ns52.domaincontrol.com. stackoverflow.com nameserver = ns51.domaincontrol.com.The origin (or primary name server on Windows) line tells you that ns51.domaincontrol is the main name server for stackoverflow.com.
At the end of output all authoritative servers, including backup servers for the given domain, are listed.
讨论(0) -
You can use the whois service. On a UNIX like operating system you would execute the following command. Alternatively you can do it on the web at http://www.internic.net/whois.html.
whois stackoverflow.com
You would get the following response.
...text removed here...
Domain servers in listed order: NS51.DOMAINCONTROL.COM NS52.DOMAINCONTROL.COM
You can use nslookup or dig to find out more information about records for a given domain. This might help you resolve the conflicts you have described.
讨论(0) -
SOA records are present on all servers further up the hierarchy, over which the domain owner has NO control, and they all in effect point to the one authoritative name server under control of the domain owner.
The SOA record on the authoritative server itself is, on the other hand, not strictly needed for resolving that domain, and can contain bogus info (or hidden primary, or otherwise restricted servers) and should not be relied on to determine the authoritative name server for a given domain.
You need to query the server that is authoritative for the top level domain to obtain reliable SOA information for a given child domain.
(The information about which server is authoritative for which TLD can be queried from the root name servers).
When you have reliable information about the SOA from the TLD authoritative server, you can then query the primary name server itself authoritative (the one thats in the SOA record on the gTLD nameserver!) for any other NS records, and then proceed with checking all those name servers you've got from querying the NS records, to see if there is any inconsistency for any other particular record, on any of those servers.
This all works much better/reliable with linux and dig than with nslookup/windows.
讨论(0) -
On *nix:
$ dig -t ns <domain name>讨论(0) -
We've built a dns lookup tool that gives you the domain's authoritative nameservers and its common dns records in one request.
Example: https://www.misk.com/tools/#dns/stackoverflow.com
Our tool finds the authoritative nameservers by performing a realtime (uncached) dns lookup at the root nameservers and then following the nameserver referrals until we reach the authoritative nameservers. This is the same logic that dns resolvers use to obtain authoritative answers. A random authoritative nameserver is selected (and identified) on each query allowing you to find conflicting dns records by performing multiple requests.
You can also view the nameserver delegation path by clicking on "Authoritative Nameservers" at the bottom of the dns lookup results from the example above.
Example: https://www.misk.com/tools/#dns/stackoverflow.com@f.root-servers.net
讨论(0)
加载中...
- 热议问题