1

To get the authoritative A record for the apex of a domain I'm using:

$ nslookup -q=ns example.com
Server:     194.168.4.100
Address:    194.168.4.100#53

Non-authoritative answer:
example.com nameserver = a.iana-servers.net.
example.com nameserver = b.iana-servers.net.

Authoritative answers can be found from:
b.iana-servers.net  internet address = 199.43.133.53
a.iana-servers.net  internet address = 199.43.135.53

$ dig -t a +noall +answer example.com @a.iana-servers.net
example.com.        86400   IN  A   93.184.216.34

Is there a better way? Also not all name servers are created equally so b.iana-servers.net takes much longer (x100, sometimes times out) to respond than a.iana-servers.net, it'd be very useful if there was an easy way to query them all and returned the result of the first to respond.

AJP
  • 143
  • 1
  • 7

1 Answers1

2

Your example is broken. The delegating name server information you fetch may be outdated, so the name server you query for the authoritative information may no longer be an actual authoritative server for the requested domain. In order to get as close as possible to having guaranteed authoritative-right-now information, you have to recurse from the root every single time, since every step on the way has the potential to change at any moment.

That said, why do you think you want this? You're trying to bypass the design of DNS, so it will never be easy or convenient. What reason do you have to go to all this extra effort?

Calle Dybedahl
  • 2,133
  • 13
  • 17
  • Thanks for the answer. The motivation is two fold. Firstly when I change a DNS record the original is almost always in my local cache so I want a second way to double check what will eventually be propagated out to the rest of the DNS. Secondly when I'm looking for the current TTL value of a record I get the time remaining when viewing the cache, where as I want to see what the current authoritative record has set for the TTL value. You mentioned you could recurse to the root, could you give me a pointer on a tutorial or tool that might explain / do that? Thanks. – AJP Nov 15 '16 at 14:25
  • 1
    The basic recursion algorithm is described in section 5.3.3 of RFC 1034. It's not really that complicated, it's just all the details that make it tricky to implement. The implementation I'm most familiar with is a somewhat odd one in Perl, which you can find [here](https://github.com/dotse/zonemaster-engine/blob/master/lib/Zonemaster/Recursor.pm). – Calle Dybedahl Nov 16 '16 at 10:01