A domain has nameservers and ns records. These should not, but can theoretically be different. There are multiple ways to see the ns records of a domain:
dig:
➜ ~ dig +short NS stackoverflow.com
cf-dns01.stackoverflow.com.
cf-dns02.stackoverflow.com.
nslookup:
➜ ~ nslookup -type=any stackoverflow.com
Server: 195.186.1.111
Address: 195.186.1.111#53
Non-authoritative answer:
stackoverflow.com nameserver = cf-dns01.stackoverflow.com.
stackoverflow.com nameserver = cf-dns02.stackoverflow.com.
Both these commands give the nsrecords of a domain. Via whois, you can see the real nameservers (which in this case are the same). But since most whois outputs are formatted different for almost every tld, it would be difficult to parse them out of the whois.
Is there any way to see the nameservers of a domain (not the nsrecords) without exeucting a whois?
Best Answer
If you want to see the nameservers listed by the registrar, those are available in the DNS system via the root servers.
For example:
If you modify the name servers listed in your registrar account, those servers will be reflected in the root / gtld servers. When you modify your DNS zones that your nameservers serve, they have no effect on the results returned by the root servers. Additionally, the only records the root servers will return are NS and A/AAAA defined by the registrar for the listed NS records. These are just pointers to find the authoritative (per the registrar) name servers for a domain to send your queries to.