Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Non-Authoritative DNS responses - Need a fix.

Posted on 2008-11-15
Medium Priority
Last Modified: 2012-05-05
This is a two-part inquiry that likely one person can solve.

I currently use two BIND servers for Primary and Secondary DNS. They both answer requests fine and good, have done so for many months. Today, I'm trying to resolve a quirk. Any queries to these BIND servers come back as non-authoritative. How do I go about resolving this? I own this and many, many other domains.

Second, I'm fixing to move one domain to AD. Would I actually be better off leaving that domain on BIND, then use a .local domain for AD?
Question by:jmicorp

Expert Comment

ID: 22969120
1. Do your servers have SOA records? The name servers may reply, but if the SOA is not pointing to them the result would be non authorative.

2. I never bother with the .local extension, but it would be a good idea not to use a domain name that you intend to publish to the Internet. (especially if it's automatically updating records in AD) Here in the UK I use the .ltd extension as no one can buy a .ltd domain extension unless one ownes the company. There is nothing wrong with using the .local but I just don't like the name convention.

Hope this helps

All the best
Sci-Fi Si

Assisted Solution

H_Harry earned 200 total points
ID: 22969328
I would use seperate \DNS servers too - ti sounds like your current ones server internet domain names - it is not good security practise to use these server for your Internal AD Dns servers.
Non-authoritative responses come from DNS servers that have cached an answer for a given host, but received that information from a server that is not authoritative for the domain.
So in other words your DNS servers only hold cached information for certain hosts - it is getting its information from a different DNS server for the domain name(s)  - probably your ISP's or whomever you registered you domain name with.
Try the following (apologies if you know this already)
set type=any
If the results have the records for the entire domain (SOA, NS etc) then there is something wrong.
If you querey WHOIS it will normally tell you the authoritive DNS server for the domain name.

Author Comment

ID: 22985719

Thanks for your responses.

when I perform a whois for my domain, i see my (old) name server addresses. These addresses are still pointed to my current name servers by DNS, but the hosts themselves have different names. I suppose this causes the problem.

How do I go about "authorizing" these new DNS servers so that I can use them with my domain name provider (in this case, godaddy.com)

As for AD

We want to deploy Exchange -- how can this be done.
Also, what can I do to rename the domain I already have?
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Expert Comment

ID: 22986153
When ever you change name servers, especially for a .com the process can take 72 hours before the records are updated, a .co.uk is normally about 24 hours.

You might not need to change anything apart from playing the waiting game.

When a validation check takes place it is very important that the new server or server name responds in a timely fashion or the update will not be validated.


Author Comment

ID: 22987503
Sci-Fi-Si --
thats almost what I'm talkinga bout.

I'll try to get the best example i can without identifying any of my many domain names in question

Say i operate www.abc.com and host several domains using this company to do so.
Then say after many years, i close www.abc.com and intend to sell the domain to someone else once i rid myself of any use of it.
So I start a new name or even just assume some business aspects under another name, say www.defghijkl.com. How do I make the dns server(s) at defghijkl.com able to be listed with say, godaddy.com? Do I simply need to enter them in at godaddy and continue on with my life? or is there some sort of authorization process?

Any suggestions on changing my domain name? I dont have alot of users entered, but those that do have passwords and such-- it would be VERY critical for me to be able to transfer this information rather than have to change it and involve the user.

Accepted Solution

Sci-Fi-Si earned 1600 total points
ID: 22988426
The short answer is yes.

The explanation is as follows:
It depends if you're changing hosting companies. If you're having any problems with a hosting company or for whatever reason there are issues. You would want to shift the domain out to a private account.

On every domain name's control panel there is always an option to transfer the domain to another host.
In order to do this - and I must stress that you have to be the owner of the domain to do this - If you own abc.com all you would have to do to transfer that domain to someone else would be to login to the control panel where the domain name is currently hosted, change the 'TAG' for example in the UK a very popular web hosting company is fasthosts.com, their ISP tag is FASTHOSTS.

Each hosting company will have an incoming and outgoing domain transfer process, It's pretty easy once you've transfered a few domains, but you will need the control panel login details for the account where the domain name is currently hosted.

You can find this out if you can't remember by going to http://who.is and entering your domain name, the resualt of the search will always have the name servers listed there.

Setting up a new domain is easy. If done correctly - a way which I now know, it is possible to buy any domain name (even a .com) and have your web server actively serving pages within seconds!

If you need any points further clarifying just ask...

All the best
Sci-Fi Si

Author Comment

ID: 22990609
Well, I'm the host! I've taken over a previous operation (as described) and the domain exchange is similar to as described.

What I need to know is how to sell a site registrar that as new DNS server is "OK" for use. The last time i tried this, it failed and i dont recall why. I suppose that'd be helpful, aye?

As for renaming domains in AD, got any ideas?


Assisted Solution

macker- earned 200 total points
ID: 23001161
Usually this involves logging into the registrar's control panel, and editing information for the domain, telling them

1) Use my own DNS servers, not theirs
2) Use the following DNS servers...

This should all be simple and easy to do thru the web-UI

As for AD, try the Windows area?

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hyper-convergence systems have taken the IT world by storm and have quickly started to change our point of view of how the data center should and could be architected. In this article, I’ll explain the benefits of employing a hyper-converged system …
Often times it's very very easy to extend a volume on a Linux instance in AWS, but impossible to shrink it. I wanted to contribute to the experts-exchange community a way of providing a procedure that works on an AWS instance. It can also be used on…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month11 days, 22 hours left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question