0

If I understand the following Linux command correctly, the query only starts at the given nameserver, but if it doesn't find a dns-zone there it sends the request on to the tld-nameserver.

dig mydomain.example @ns.mynameserver.example

My problem is I do also get a response if the dns zone doesn't exist on the my nameserver directly. Is there a way to check if the dns-zone exists on a given nameserver without having direct access to it?

Patrick Mevzek
  • 10,995
  • 16
  • 38
  • 54
Florian Weder
  • 1
  • 1
  • SO is a question and answer page for professional and enthusiastic programmers. – Cyrus Nov 14 '19 at 09:26
  • @Cyrus and you're trying to imply that I am neither of those things? – Florian Weder Nov 14 '19 at 09:57
  • That was the hint that your question has nothing to do with software development and is better placed with [Unix & Linux Stack Exchange](http://unix.stackexchange.com/tour). – Cyrus Nov 14 '19 at 10:06
  • @Cyrus Ok, fair game, you're right, but there are tons of DNS- or even Bash-related-questions posted on SO. Thanks for the tip though - am going to consider it the next time I have a question. – Florian Weder Nov 14 '19 at 10:23

1 Answers1

0

I think I figured out the answer to my (quite stupid) question:

I can just dig for the ns records starting at my nameserver:

dig NS mydomain.example @ns.mynameserver.example +short

If the response contains ns.mynameserver.tld the dns-zone exists on this nameserver. This way, also if other nameservers are actually used for the domain, if the dns-zone exists on ns.mynameserver.tld I get ns.mynameserver.tld back.

Feel free to add anything to this, if you for example see any problems with my solution.

Patrick Mevzek
  • 10,995
  • 16
  • 38
  • 54
Florian Weder
  • 1
  • 1
  • SOA would be a better record type to query for that need. Also you need to make sure you get the "AA" (Authoritative Answer) flag in the reply, as authoritative nameservers for a zone should enable it. But you will need to remove `+short` to see it. You should also do your query with `+norecurse` that makes sure to send the query with the no recurse flag activated which is asafeguard. Same for `+aaonly` – Patrick Mevzek Nov 17 '19 at 16:05