I am trying to get the authoritative DNS servers for a server in Europe per my assignment instructions. I looked up how to do it and got two different ways.
One is:
nslookup -type=soa ox.ac.uk
And the other is:
nslookup -type=ns ox.ac.uk
Both give me this for the authoritative answer part:
Authoritative answers can be found from:
At first I thought it might be a security feature on Oxford's part that perhaps they hide their DNS address from nslookup so as to avoid attacks on those servers. But I learned that's a dumb conclusion and I tried those commands with every university that Google gave me for "university in Europe", and all of them gave me non-responses for authoritative answers. Am I entering the wrong command, is my computer messed up, or is it my ISP that is messing me up?
Full command and output here:
Sat Apr 08 23:06 user_name:/Users/user_name $nslookup -type=soa ox.ac.uk
Server: 192.168.1.254
Address: 192.168.1.254#53
Non-authoritative answer:
ox.ac.uk
origin = nighthawk.dns.ox.ac.uk
mail addr = hostmaster.ox.ac.uk
serial = 2017040772
refresh = 3600
retry = 1800
expire = 1209600
minimum = 900
Authoritative answers can be found from:
Sat Apr 08 23:06 user_name:/Users/user_name $nslookup -type=NS ox.ac.uk
Server: 192.168.1.254
Address: 192.168.1.254#53
Non-authoritative answer:
ox.ac.uk nameserver = dns2.ox.ac.uk.
ox.ac.uk nameserver = dns1.ox.ac.uk.
ox.ac.uk nameserver = dns0.ox.ac.uk.
ox.ac.uk nameserver = ns2.ja.net.
Authoritative answers can be found from:
Best Answer
To get guaranteed authoritative (and up-to-date) answers from a domain with nslookup, you should query the authoritative servers directly. For example, to get the authoritative DNS name servers for the domain
ox.ac.uk
, in nslookup run:The
set query=ns
command tells nslookup we want to know what DNS servers are authoritative for the domain. You'll get output that includes the authoritative name servers for theox.ac.uk
domain:Now, these results are coming from whatever DNS server your system is currently configured to use, which means these records may possibly be cached. If you really want to be sure you're getting the most current information, you need to query one of the domain's authoritative name servers directly, as follows:
In nslookup run:
This tells nslookup to send subsequent DNS lookups to the specified server, which is authoritative for this domain. (Any one of the DNS servers listed in our above query should work.) Now switch from Nameserver record query mode back to "any" record mode with:
And issue a query for whatever record you want. In this case, we'll query the domain itself with:
The result includes the authoritative name servers for the domain:
The primary name server is the "Master" DNS server. This is typically where the domain's administrator will perform updates to DNS records. The remaining nameservers are "Slave" DNS servers. They're job is to simply keep a copy of the zone file provided by the Master server. Having multiple DNS servers ensures the zone is still accessible should one of the servers go down.
Any one of the listed DNS servers should be able to respond (authoritatively) to DNS queries, unless the domain administrator has configured them otherwise.