• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1289
  • Last Modified:

DNS/DIG lookup questions and GTLD servers question

I have a question about the G-TLD servers.  Do they cache dns information?

When I do a dig on for  microsoft.com (dig microsoft.com +trace) the final answer is:

microsoft.com.          3600    IN      A       207.46.245.214
microsoft.com.          3600    IN      A       207.46.245.222
;; Received 63 bytes from 207.46.138.20#53(dns1.cp.msft.net) in 65 ms

If I am reading this correctly it is saying that  dns1.cp.msft.net gave the answer of 207.46.245.214 and 222....

What does it mean if I do a dig and it says that  (dig example.com +trace) the GTLD gave the answer????

example.com.      172800  IN      A       XXX.XXX.XXX.225
example.com.      172800  IN      NS      ns1.example.com.
;; Received 124 bytes from 192.5.6.30#53(A.GTLD-SERVERS.NET) in 33 ms


0
atebit
Asked:
atebit
1 Solution
 
chicagoanCommented:
>G-TLD servers.  Do they cache dns information?
If a DNS server is authoritative for a domain, the zone record is read and cached when BIND is loaded.
If a DNS server is not authoritative, it queries the authoritative server and caches the record until the TTL expires.
When tracing is enabled, dig makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
Your query led dig to dns1.cp.msft.net, which is the authority for microsoft.com

>What does it mean if I do a dig and it says that  (dig example.com +trace) the GTLD gave the answer????
It means A.GTLD-SERVERS.NET is authoritative for example.com

When tracing is disabled (the default), dig queries the default name server or the server specified in the command line.

0
 
andyalderSaggar makers bottom knockerCommented:
>G-TLD servers.  Do they cache dns information?

No, the root servers just look after "." and .com, they don't cache or resolve for anything else, the problem is that dig returns additional information that you may be misinterpreting as coming from them when it has resolved it by doing additional queries to the authoritative server.

>If I am reading this correctly it is saying that  dns1.cp.msft.net gave the answer of 207.46.245.214 and 222....
Yes.


What does it mean if I do a dig and it says that  (dig example.com +trace) the GTLD gave the answer????

example.com.      172800  IN      A       XXX.XXX.XXX.225
example.com.      172800  IN      NS      ns1.example.com.
;; Received 124 bytes from 192.5.6.30#53(A.GTLD-SERVERS.NET) in 33 ms

It means example.com's DNS registration is well screwed up!
The root servers have returned ns1.example.com as being the authoratitive nameserver for that domain but haven't returned the IP address of ns1.example.com presumably because someone filled a form in wrong. Nobody will be able to get to ns1.example.com so www.example.com, mail.example.com etc won't be resolvable.

dig has also returned any A records it can find for that domain (through a zone-file transfer) and it's had an A record returned, not for the nameserver, but just for example.com so if you put a webserver at xx.xx.xx.225 that could just work.

Example.com need to get the example.com A record off the root servers and ns1.example.com put in it's place, probably using the same IP address. Can't do that change through DNS but only through the registrar's website.
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now