finding authoritative nameservers

Chris Buxton cbuxton at
Mon May 19 22:48:16 UTC 2008

On May 19, 2008, at 3:09 PM, Ronald F. Guilmette wrote:
> In message <ADA073C8-E7F4-4144-ACDA-3CED0669470A at>,
> Chris Buxton <cbuxton at> wrote:
>> - Query the parent zone to retrieve the target zone's delegation NS
>> records.
> That would be one approach.  But as I noted in my immediately prior  
> post,
> I elected to just force a type `ANY' query (for the original FQDN I  
> was
> interested in) to be sent to the primary name server, whose name I  
> grabbed
> from the SOA record.  Then I just grab the list of relevant NSes out  
> of
> the AUTHORITY section of the response to that ANY query.
> This seems to work OK.  Good enough for my purposes anyway.

Actually, many DNS server implementations don't return anything in the  
Authority section for a positive answer. Such records are not required  
by RFC. An example is MS DNS - not exactly an uncommon name server  

Therefore, you should actually query for the NS records, since any  
standards-compliant authoritative name server will return those if  
explicitly asked. (HTTP load balancers are notably not usually RFC- 

Chris Buxton
Professional Services
Men & Mice

More information about the bind-users mailing list