Non-Authoritative DNS responses - Need a fix.

Posted on 2008-11-15
Last Modified: 2012-05-05
This is a two-part inquiry that likely one person can solve.

I currently use two BIND servers for Primary and Secondary DNS. They both answer requests fine and good, have done so for many months. Today, I'm trying to resolve a quirk. Any queries to these BIND servers come back as non-authoritative. How do I go about resolving this? I own this and many, many other domains.

Second, I'm fixing to move one domain to AD. Would I actually be better off leaving that domain on BIND, then use a .local domain for AD?
Question by:jmicorp
    LVL 9

    Expert Comment

    1. Do your servers have SOA records? The name servers may reply, but if the SOA is not pointing to them the result would be non authorative.

    2. I never bother with the .local extension, but it would be a good idea not to use a domain name that you intend to publish to the Internet. (especially if it's automatically updating records in AD) Here in the UK I use the .ltd extension as no one can buy a .ltd domain extension unless one ownes the company. There is nothing wrong with using the .local but I just don't like the name convention.

    Hope this helps

    All the best
    Sci-Fi Si
    LVL 3

    Assisted Solution

    I would use seperate \DNS servers too - ti sounds like your current ones server internet domain names - it is not good security practise to use these server for your Internal AD Dns servers.
    Non-authoritative responses come from DNS servers that have cached an answer for a given host, but received that information from a server that is not authoritative for the domain.
    So in other words your DNS servers only hold cached information for certain hosts - it is getting its information from a different DNS server for the domain name(s)  - probably your ISP's or whomever you registered you domain name with.
    Try the following (apologies if you know this already)
    set type=any
    If the results have the records for the entire domain (SOA, NS etc) then there is something wrong.
    If you querey WHOIS it will normally tell you the authoritive DNS server for the domain name.

    Author Comment


    Thanks for your responses.

    when I perform a whois for my domain, i see my (old) name server addresses. These addresses are still pointed to my current name servers by DNS, but the hosts themselves have different names. I suppose this causes the problem.

    How do I go about "authorizing" these new DNS servers so that I can use them with my domain name provider (in this case,

    As for AD

    We want to deploy Exchange -- how can this be done.
    Also, what can I do to rename the domain I already have?
    LVL 9

    Expert Comment

    When ever you change name servers, especially for a .com the process can take 72 hours before the records are updated, a is normally about 24 hours.

    You might not need to change anything apart from playing the waiting game.

    When a validation check takes place it is very important that the new server or server name responds in a timely fashion or the update will not be validated.


    Author Comment

    Sci-Fi-Si --
    thats almost what I'm talkinga bout.

    I'll try to get the best example i can without identifying any of my many domain names in question

    Say i operate and host several domains using this company to do so.
    Then say after many years, i close and intend to sell the domain to someone else once i rid myself of any use of it.
    So I start a new name or even just assume some business aspects under another name, say How do I make the dns server(s) at able to be listed with say, Do I simply need to enter them in at godaddy and continue on with my life? or is there some sort of authorization process?

    Any suggestions on changing my domain name? I dont have alot of users entered, but those that do have passwords and such-- it would be VERY critical for me to be able to transfer this information rather than have to change it and involve the user.
    LVL 9

    Accepted Solution

    The short answer is yes.

    The explanation is as follows:
    It depends if you're changing hosting companies. If you're having any problems with a hosting company or for whatever reason there are issues. You would want to shift the domain out to a private account.

    On every domain name's control panel there is always an option to transfer the domain to another host.
    In order to do this - and I must stress that you have to be the owner of the domain to do this - If you own all you would have to do to transfer that domain to someone else would be to login to the control panel where the domain name is currently hosted, change the 'TAG' for example in the UK a very popular web hosting company is, their ISP tag is FASTHOSTS.

    Each hosting company will have an incoming and outgoing domain transfer process, It's pretty easy once you've transfered a few domains, but you will need the control panel login details for the account where the domain name is currently hosted.

    You can find this out if you can't remember by going to and entering your domain name, the resualt of the search will always have the name servers listed there.

    Setting up a new domain is easy. If done correctly - a way which I now know, it is possible to buy any domain name (even a .com) and have your web server actively serving pages within seconds!

    If you need any points further clarifying just ask...

    All the best
    Sci-Fi Si

    Author Comment

    Well, I'm the host! I've taken over a previous operation (as described) and the domain exchange is similar to as described.

    What I need to know is how to sell a site registrar that as new DNS server is "OK" for use. The last time i tried this, it failed and i dont recall why. I suppose that'd be helpful, aye?

    As for renaming domains in AD, got any ideas?

    LVL 7

    Assisted Solution

    Usually this involves logging into the registrar's control panel, and editing information for the domain, telling them

    1) Use my own DNS servers, not theirs
    2) Use the following DNS servers...

    This should all be simple and easy to do thru the web-UI

    As for AD, try the Windows area?

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
    More or less everybody in the IT market understands the basics of Networking, however when we start talking about Storage Networks, things get a bit dizzier, and this is where I would like to help.
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
    Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now