finding authoritative nameservers
cbuxton at menandmice.com
Mon May 19 18:31:33 UTC 2008
If I were going to write such code, my algorithm would be as follows:
- Determine the zone that contains, or should contain, the answer.
This can be done by querying any handy resolving name server for the
target name, type SOA. You should get back either a positive or
negative answer. The negative answer will usually contain the SOA
record of the containing zone; if it does not, remove a label from the
left (up to and including the first dot), and then try again,
recursing until a response containing an SOA record is received.
- Query the parent zone to retrieve the target zone's delegation NS
records. For example, for "example.com", you would query the "com"
zone. For "2.0.192.in-addr.arpa", the parent zone might be either
"0.192.in-addr.arpa" or "192.in-addr.arpa". You can determine the
parent zone's identity using the same algorithm as above, after
removing the leftmost label from the target zone's name.
- Query all of the zone's servers, as identified by the delegation
records from the parent, for the zone's NS records. Discard any
results that do not have the AA flag set. Also query any name servers
revealed in this process that were not listed in the referral from the
- The list of servers that were queried that returned an authoritative
response is most likely your final result. However, some special-
purpose DNS appliances will return an error or negative answer (not
necessarily with AA set) when queried for anything but an A record;
therefore, for all of the servers discarded in the previous step,
query them again for the A or PTR record you're concerned with, to see
if the return an authoritative answer to that query. If they do, add
them to the final list.
Men & Mice
On May 18, 2008, at 1:18 PM, Ronald F. Guilmette wrote:
> This question has probably been asked and answered a zillion times
> already, but I hope I will be forgiven for feeling less-then-eager
> about searching through that past 20 years worth of bind-users list
> archives for the answer.
> I'd just like to know if there is any "sure fire" (or mostly sure
> way of getting a list of the real, true, and actual authoritative name
> servers for one or both of:
> (*) A fully-qualified domain name, which is believed to be
> associated with at least one A record, or...
> (*) some proper sort of ...in-addr.arpa name that is believed to
> be associated with at least one PTR record.
> I've tried all sorts of things, in my abundant ignorance, and nothing
> seems to work entirely reliably 100% of the time. (Maybe its just
> an impossible goal?)
> I've written code (both Perl and C) to perform simple querying for the
> applicable A and PTR records, and then tried to fish out the right-
> sides of all of the type NS AUTHORITY records contained in the
> but this often gives what, in the context of what I want to do, are
> results. (I am presuming that this is probably because some name
> _other than_ one of the authoritative ones cached an answer and is
> giving that to me, along with its own identity in the AUTHORITY
> yes? If I have misunderstood the situation entirely, then please do
> straighten me out.)
> To get a list of the _actually authoritative_ name servers
> to a given A or PTR record, I have also tried the approach of querying
> first for some obscure type of record (e.g. MG and/or ISDN) that isn't
> used a lot... and that thus is highly unlikely to be in anybody's
> and _then_ performing an ANY query for the FQDN or the ...in-addr.arpa
> name, and _then_ looking at the AUTHORITY section of the response to
> second query, and this approach does seem to produce the true and
> list of authoritative nameserver names that I want about 99.99% of
> the time.
> But there are still rare occasional ``glitches'', i.e. cases where
> AUTHORITY section of the response to the second query mentions one
> or more
> of the *.gtld-servers.net nameservers (for FQDNs) or else where the
> section of the response to the second query mentions one or more of
> *.arin.net nameservers (for ...in-addr.arpa names) and these
> AUTHORITY RRs
> are quite definitely NOT what I want, because they are _not_ telling
> names of any of the actually authoritative nameservers for the FQDNs
> or IP
> addresses that I want information about.
> Before anybody begins to beat me (verbally) about the head and neck
> for my
> failure to adequately RTFM, let me just say that I _did_ try to read
> up on
> topic of AUTHORITY sections (in RFC 1035) before posting here, but
> both RFC 1035 and Cricket Liu's book were rather entirely
> about AUTHORITY sections generally, so I'm still ignorant about what
> sections are even _supposed_ to contain, even when everything is
> going right...
> which, as we all know, on the Internet things don't always.
> Thanks in adance for any enlightenment/assistance.
More information about the bind-users