finding authoritative nameservers

Ronald F. Guilmette rfg at
Tue May 20 00:03:54 UTC 2008

In message <9778278B-1072-4F82-A367-D43E88EE1362 at>, 
Chris Buxton <cbuxton at> wrote:

>On May 19, 2008, at 4:26 PM, Ronald F. Guilmette wrote:
>> Yeabut even in those (degenerate?) cases, I still do at least have the
>> name of the primary... which is something.  (And for my purposes, it  
>> is more than enough to hang my hat on.)
>You're assuming the SOA record actually contains the primary master  
>server's name, or indeed the name of any of the authoritative name  

Assuming is too strong a word.  "Hoping" would be a more accurate characteri-
(1/2 :-)

> This is not a safe assumption, since it's subject to user  
>error and such an error often does not cause any operational problems  
>for the zone.
>>> Therefore, you should actually query for the NS records, since any
>>> standards-compliant authoritative name server will return those if
>>> explicitly asked.
>> OK, sorry, I've lost context.  Can you run this part by me again  
>> please?
>> How exactly do I do what you're saying I should do?
>> Assume that I stared with  Now assume that I've  
>> already
>> learned (from some SOA record) that the primary NS for that is called
>>  Tell me what to do next.
>> Are you saying that I should send a type NS query to  
>> for
>> the name
>Probably not. The query name should match the name of the SOA record  
>you've previously discovered - the name of the containing zone.
>> Won't that only produce useful results in cases where  
>> itself has one or more NS records associated with that specific and  
>> complete
>> FQDN?
>Yes, it would. But the name of an SOA record is always the name of a  
>zone, which ought to therefore have NS records.

Sorry.  You lost me.  Let's start again.

I want to know the nameservers for "".  So I send a
query for name="" and type=SOA to my own friendly &
helpful local name server.  So far so good?

I get back some SOA record, either in the ANSWER or in the AUTHORITY
section.  I fish out of that SOA record (a) a new `name' value... presumably
the name of a highly relevant zone... and also (b) the name of an (alleged)
primary for the zone (in the "mname" field).

So now what?  Are you saying that I should send a query with name set equal
to the zone-name to the purported/alleged primary name server?  OK, I can do
that.  But there's one thing that I still don't understand... What should
I be setting the query type to in this query?  NS?  SOA?  ANY?  OTHER?

Like they say in the SATs/GREs, ``Justify your answer.''

(OK, sorry.  No.  Not trying to put pressure on you, but I _would_ rather
like to fully understand what I'm doing.)

More information about the bind-users mailing list