DNS – NSLOOKUP what is the meaning of the non-authoritative answer

domain-name-systemnslookup

For some domains nslookup gives me a Non-authoritative answer section. What does this mean?

Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional =

    QUESTIONS:
        www.example.com.SME, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  (root)
        ttl = 1787 (29 mins 47 secs)
        primary name server = a.root-servers.net
        responsible mail addr = nstld.verisign-grs.com

------------
Non-authoritative answer:
------------

------------
Name:    example.com
Address:  93.184.216.34
Aliases:  www.example.com

Best Answer

Basically, it's what the name says it is. An authoritative answer comes from a nameserver that is considered authoritative for the domain which it's returning a record for (one of the nameservers in the list for the domain you did a lookup on), and a non-authoritative answer comes from anywhere else (a nameserver not in the list for the domain you did a lookup on).

It's basically a distinction between a nameserver that's an official nameserver for the domain you're querying, and a nameserver that isn't. Nameservers that aren't authoritative are getting their answers second (or third or fourth...) hand - just relaying the information along from somewhere else.

So, for example, If I did an nslookup of maps.google.com right now, I would get a response from one of my configured nameservers. (Either from my ISP, or my domain.) It would come back as non-authoritative because neither my ISP's nameservers, nor my own are in the list of nameservers for google.com. They aren't Google's nameservers, so they're not the authoritative source that creates the NS records.

The list of authoritative nameservers for Google is below (from whois.internic.net).

Domain Name: GOOGLE.COM

Registrar: MARKMONITOR INC.

Whois Server: whois.markmonitor.com

Name Server: NS1.GOOGLE.COM

Name Server: NS2.GOOGLE.COM

Name Server: NS3.GOOGLE.COM

Name Server: NS4.GOOGLE.COM

Updated Date: 20-jul-2011

Creation Date: 15-sep-1997

Expiration Date: 14-sep-2020

If I changed my configured DNS server to one of the ones in that list, and then did an nslookup against maps.google.com, I'd get an authoritative answer back. Those servers are the authority, (or source) for what are valid names in Google's domains, and what aren't. All other nameservers, non-authoritative nameservers, get their NS records from the authoritative servers somewhere down the line.

Best Answer

Related Solutions

CNAME to another domain fails on some office networks, why

Firewall – nslookup: non-authoritative answer

About the non-authoritative response

About the site not being accessible

Related Topic