How do I find the authoritative name-server for a domain name?

330

How can I find the origins of conflicting DNS records?

This question is tagged with dns

~ Asked on 2008-09-01 14:57:16

12 Answers


429

You'll want the SOA (Start of Authority) record for a given domain name, and this is how you accomplish it using the universally available nslookup command line tool:

command line> nslookup
> set querytype=soa
> stackoverflow.com
Server:         217.30.180.230
Address:        217.30.180.230#53

Non-authoritative answer:
stackoverflow.com
        origin = ns51.domaincontrol.com # ("primary name server" on Windows)
        mail addr = dns.jomax.net       # ("responsible mail addr" on Windows)
        serial = 2008041300
        refresh = 28800
        retry = 7200
        expire = 604800
        minimum = 86400
Authoritative answers can be found from:
stackoverflow.com       nameserver = ns52.domaincontrol.com.
stackoverflow.com       nameserver = ns51.domaincontrol.com.

The origin (or primary name server on Windows) line tells you that ns51.domaincontrol is the main name server for stackoverflow.com.

At the end of output all authoritative servers, including backup servers for the given domain, are listed.

~ Answered on 2008-09-01 15:04:19


178

You used the singular in your question but there are typically several authoritative name servers, the RFC 1034 recommends at least two.

Unless you mean "primary name server" and not "authoritative name server". The secondary name servers are authoritative.

To find out the name servers of a domain on Unix:

  % dig +short NS stackoverflow.com
 ns52.domaincontrol.com.
 ns51.domaincontrol.com.

To find out the server listed as primary (the notion of "primary" is quite fuzzy these days and typically has no good answer):

% dig +short  SOA stackoverflow.com | cut -d' ' -f1
ns51.domaincontrol.com.

To check discrepencies between name servers, my preference goes to the old check_soa tool, described in Liu & Albitz "DNS & BIND" book (O'Reilly editor). The source code is available in http://examples.oreilly.com/dns5/

% check_soa stackoverflow.com
ns51.domaincontrol.com has serial number 2008041300
ns52.domaincontrol.com has serial number 2008041300

Here, the two authoritative name servers have the same serial number. Good.

~ Answered on 2008-12-24 07:47:25


41

On *nix:

$ dig -t ns <domain name>

~ Answered on 2008-09-01 15:07:48


18

You could find out the nameservers for a domain with the "host" command:

[[email protected]:~]$ host -t ns stackoverflow.com
stackoverflow.com name server ns51.domaincontrol.com.
stackoverflow.com name server ns52.domaincontrol.com.

~ Answered on 2008-09-01 15:05:51


8

I found that the best way it to add always the +trace option:

dig SOA +trace stackoverflow.com

It works also with recursive CNAME hosted in different provider. +trace trace imply +norecurse so the result is just for the domain you specify.

~ Answered on 2016-10-10 14:30:45


6

The term you should be googling is "authoritative," not "definitive".

On Linux or Mac you can use the commands whois, dig, host, nslookup or several others. nslookup might also work on Windows.

An example:

$ whois stackoverflow.com
[...]
   Domain servers in listed order:
      NS51.DOMAINCONTROL.COM
      NS52.DOMAINCONTROL.COM

As for the extra credit: Yes, it is possible.


aryeh is definitely wrong, as his suggestion usually will only give you the IP address for the hostname. If you use dig, you have to look for NS records, like so:

dig ns stackoverflow.com

Keep in mind that this may ask your local DNS server and thus may give wrong or out-of-date answers that it has in its cache.

~ Answered on 2008-09-01 15:10:24


5

We've built a dns lookup tool that gives you the domain's authoritative nameservers and its common dns records in one request.

Example: https://www.misk.com/tools/#dns/stackoverflow.com

Our tool finds the authoritative nameservers by performing a realtime (uncached) dns lookup at the root nameservers and then following the nameserver referrals until we reach the authoritative nameservers. This is the same logic that dns resolvers use to obtain authoritative answers. A random authoritative nameserver is selected (and identified) on each query allowing you to find conflicting dns records by performing multiple requests.

You can also view the nameserver delegation path by clicking on "Authoritative Nameservers" at the bottom of the dns lookup results from the example above.

Example: https://www.misk.com/tools/#dns/[email protected]

~ Answered on 2013-12-30 21:21:44


2

You can use the whois service. On a UNIX like operating system you would execute the following command. Alternatively you can do it on the web at http://www.internic.net/whois.html.

whois stackoverflow.com

You would get the following response.

...text removed here...

Domain servers in listed order: NS51.DOMAINCONTROL.COM NS52.DOMAINCONTROL.COM

You can use nslookup or dig to find out more information about records for a given domain. This might help you resolve the conflicts you have described.

~ Answered on 2008-09-01 15:06:18


1

SOA records are present on all servers further up the hierarchy, over which the domain owner has NO control, and they all in effect point to the one authoritative name server under control of the domain owner.

The SOA record on the authoritative server itself is, on the other hand, not strictly needed for resolving that domain, and can contain bogus info (or hidden primary, or otherwise restricted servers) and should not be relied on to determine the authoritative name server for a given domain.

You need to query the server that is authoritative for the top level domain to obtain reliable SOA information for a given child domain.

(The information about which server is authoritative for which TLD can be queried from the root name servers).

When you have reliable information about the SOA from the TLD authoritative server, you can then query the primary name server itself authoritative (the one thats in the SOA record on the gTLD nameserver!) for any other NS records, and then proceed with checking all those name servers you've got from querying the NS records, to see if there is any inconsistency for any other particular record, on any of those servers.

This all works much better/reliable with linux and dig than with nslookup/windows.

~ Answered on 2018-02-20 20:46:44


1

I have found that for some domains, the above answers do not work. The quickest way I have found is to first check for an NS record. If that doesn't exist, check for an SOA record. If that doesn't exist, recursively resolve the name using dig and take the last NS record returned. An example that fits this is analyticsdcs.ccs.mcafee.com.

  1. Check for an NS record

host -t NS analyticsdcs.ccs.mcafee.com.

  1. If no NS found, check for an SOA record

host -t SOA analyticsdcs.ccs.mcafee.com.

  1. If neither NS or SOA, do full recursive and take the last NS returned

dig +trace analyticsdcs.ccs.mcafee.com. | grep -w 'IN[[:space:]]*NS' | tail -1

  1. Test that the name server returned works

host analyticsdcs.ccs.mcafee.com. gtm2.mcafee.com.

~ Answered on 2020-04-15 04:05:35


0

Unfortunately, most of these tools only return the NS record as provided by the actual name server itself. To be more accurate in determining which name servers are actually responsible for a domain, you'd have to either use "whois" and check the domains listed there OR use "dig [domain] NS @[root name server]" and run that recursively until you get the name server listings...

I wish there were a simple command line that you could run to get THAT result dependably and in a consistent format, not just the result that is given from the name server itself. The purpose of this for me is to be able to query about 330 domain names that I manage so I can determine exactly which name server each domain is pointing to (as per their registrar settings).

Anyone know of a command using "dig" or "host" or something else on *nix?

~ Answered on 2009-02-11 19:49:44


0

An easy way is to use an online domain tool. My favorite is Domain Tools (formerly whois.sc). I'm not sure if they can resolve conflicting DNS records though. As an example, the DNS servers for stackoverflow.com are

  NS51.DOMAINCONTROL.COM
  NS52.DOMAINCONTROL.COM

~ Answered on 2008-09-01 15:01:25


Most Viewed Questions: