When i query the domain RepublicOfKoffee.com (This comes from a tryhackme room) , there are two name server listed in the raw data of the response. My question was, what does these two name servers refer to?
RepublicOfKoffee.com whois query
From what i understood, these are the name servers that answered the query.
That's pretty much what it is, The name servers hold the actual DNS records for a domain.
In this case, you're looking at the name servers that manage that domain, for example: if you buy a domain using google domains then your name server might be:
Name Server: NS-CLOUD-B1.GOOGLEDOMAINS.COM
Name Server: NS-CLOUD-B2.GOOGLEDOMAINS.COM
Name Server: NS-CLOUD-B3.GOOGLEDOMAINS.COM
Name Server: NS-CLOUD-B4.GOOGLEDOMAINS.COM
because those are a set of Google's name servers that manage their domains.
However now let's say your website is on hostgater, but you don't want to transfer ownership of the domain you bought on google to hostgater.
You can then change the name server configured to hostgator's name servers and that will allow you to make edits to your DNS records using hostgator's name servers i.e. their UI interface on their site.
The name server is the actual server that performs resource record edits/ zone transfers/ answer queries.
They work in an hierarchical structure in which the recursive name servers query from the root server, then top level domain name server (.com/.net) and down the subdomains (..example.com) until they find the authoritative name server, the one that holds the ip value for the given domain and has access to the resource records.
