On 3/28/23 16:39, Go Canes wrote:
On Tue, Mar 28, 2023 at 7:00 PM ToddAndMargo via users users@lists.fedoraproject.org wrote:
I was just wanting to see what DNS I was actually using.
dig and nslookup both display the IP address of the DNS resolver that you are querying. But if you are asking for which DNS resolver actually provided the answer, that would be more difficult as prior posts have indicated.
For example, if I do a DNS lookup of lists.fedoraproject.org, and assuming none of the DNS resolvers have the data cached, my local DNS server (my ISP router) will forward the request to a DNS resolver it has configured, that DNS server will do the same, etc., until we either get a cached answer, or we go all the way up to one of the root DNS servers which can forward to the authoritative DNS server for the domain. So if you are trying to determine which of the servers in the forward chain provided the answer, that is difficult (again as per prior answers).
You've got a good grasp of what it going on. Here are the missing bits.
This is a representation of a some url:
WWW.GOOGLE.COM. SUBDOMAIN.DOMAIN.TLD. (TLD = top level domain, beneath . )
Note the dot at the very end. All searches begin there. To make this easier we'll use google's name servers to start. Since dig is in wide use we'll use it for dns searches. (As for options to dig: the only one of use to any but very advanced, specialized users is +short -- +nssearch is of no use to us. Forget you ever heard of it.)
There are only a few types of dns records:
SOA start of authority - primary ns, contact email, timestamp, various ttls (I'm not going to include timestamps and ttls here)
NS name servers
MX mail exchangers
A ipv4 IP addresses
AAAA ipv6 IP addresses
CNAME aliases for domain names
TXT text records used for all sorts of things, even random comments
There are others that, for the most part, are irrelevant to mere mortals.
Who is the Start Of Authority for "." ?
dig +short @8.8.8.8 . SOA a.root-servers.net. nstld.verisign-grs.com.
Ask the SOA who their name servers are
dig @a.root-servers.net. root-servers.net. NS a.root-servers.net. 3600000 IN A 198.41.0.4 a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30 ( + 12 more )
Ask a root-server who are the name servers for COM.
dig @k.root-servers.net. com. NS
a.gtld-servers.net. 172800 IN A 192.5.6.30 a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30 ( + 12 more )
Ask a gtld-server who are the name servers for GOOGLE.COM.
dig @f.gtld-servers.net. google.com. NS ns1.google.com. 172800 IN A 216.239.32.10 ns1.google.com. 172800 IN AAAA 2001:4860:4802:32::a ( + 3 more )
Ask a google name server for the IP for www.google.com.
dig @ns3.google.com. www.google.com. A
www.google.com. 193 IN A 142.250.189.228
And that is the AUTHORITATIVE answer provided by google's dns authority.
As you can see, in every case, from the top down, each level points to the authority for the next level down by answering a request for an NS record. It isn't random. Those are the facts on the ground at the time the request was made.
And that's how you find out who the authoritative name server for a domain is.
PS. There is a special top level domain (arpa.) that handles lookups for IP addresses. Its domain is in-addr.arpa. It matches IPs to the associated host name by returning a PTR (pointer) record. This is how mailservers prove they are not fraudulent. Look up the MX record, it gives a host name. Lookup the host name, get an IP. Lookup up the PTR for that IP. It should match the original MX host name lookup.