DNS – NSLOOKUP what is the meaning of the non-authoritative answer?

Non-authoritative answer simply means the answer is not fetched from the authoritative DNS server for the queried domain name.

First you have to understand how DNS system works. DNS system can be divided into three tiers. They are:

  • root DNS servers
  • top-level domain DNS servers
  • authoritative DNS servers

There’s another class of DNS Server usually called local DNS server whose IP address is specified on your operating system.

When your browser connects to a website say example.com, the browser first queries your local DNS server to get the IP address of example.com.

  • If the local DNS server doesn’t have the A record of example.com, it will query one of the root DNS servers.
  • The root DNS server will say: I don’t have the A record but I know the top-level domain DNS server which is responsible for .com domains.
  • Then your local DNS server query the top-level domain DNS server which is responsible for .com domains. The TLD DNS server will respond: I don’t know either but I know which DNS server is authoritative for example.com.
  • So your local DNS server queries the authoritative DNS server. Because the actual DNS record is stored on that authoritative DNS server, so it will give your local DNS server an answer.

Then this query result is cached on your local DNS server but it can be outdated. When the TTL time has expired, your local DNS server will update the query result from the authoritative DNS server. Whenever you query a DNS record on your local DNS server, it returns a non-authoritative (unofficial) answer. If you want an authoritative answer, you must explicitly specify the authoritative DNS server when you use nslookup or other utilities. I think a local DNS server should be called caching DNS server.

When someone registers a domain name, he/she can specify which DNS server is the authoritative DNS server. This information is called an NS record. The NS record will tell a top-level domain DNS server which nameserver holds the domain’s A record, MX record, etc.

run nslookup and enter this;

The authoritative name servers for this domain are in red block.



FavoriteLoadingAdd to favorites
Spread the love

Author: Shahzad Khan

Software developer / Architect