Authoritative Versus Nonauthoritative Answers
If you’ve used nslookup before, you might have noticed that it sometimes precedes its answers with the phrase “Non-authoritative answer”:
C:\>nslookupDefault Server: terminator.movie.edu Address: 192.249.249.3 >slate.mines.colorado.edu.Server: terminator.movie.edu Address: 192.249.249.3 Non-authoritative answer: Name: slate.mines.colorado.edu Address: 138.67.1.38
This phrase indicates that the name server is not authoritative for the data in the answer. (Recall that a name server is authoritative for data when it’s a primary or secondary for the zone containing the data.) You’ll see a nonauthoritative response for one of two reasons. The first is that the name server you queried didn’t have the data you were looking for and had to query a remote name server to get it. The remote name server is authoritative for the data (that’s the reason it was queried!) and returns it with the “authoritative answer” bit set in the DNS message header. The Microsoft DNS Server you queried puts this data in its cache and returns it to you marked nonauthoritative. If you ask for the same data again, this time the name server can answer from its cache and will mark the data nonauthoritative: that’s the second reason you’ll see a nonauthoritative answer.
Authoritative answers are not announced by nslookup: the absence of the nonauthoritative message means the answer is authoritative.
Notice that we ended the domain name with a trailing dot. The response ...
Get DNS on Windows Server 2003, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
