3

I am trying to understand why the name servers for a domain occurs in both whois information and DNS information.

For example, the following whois output shows that ns1.google.com, ns2.google.com, ns3.google.com and ns4.google.com are the name servers for google.com.

$ whois google.com | grep Server
Whois Server Version 2.0
   Whois Server: whois.markmonitor.com
   Name Server: NS1.GOOGLE.COM
   Name Server: NS2.GOOGLE.COM
   Name Server: NS3.GOOGLE.COM
   Name Server: NS4.GOOGLE.COM
Registrar WHOIS Server: whois.markmonitor.com
Name Server: ns4.google.com
Name Server: ns3.google.com
Name Server: ns1.google.com
Name Server: ns2.google.com

The same information occurs in the DNS information as NS records.

$ dig google.com +trace ANY

; <<>> DiG 9.10.3-P4-Debian <<>> google.com +trace ANY
;; global options: +cmd
.           44313   IN  NS  c.root-servers.net.
.           44313   IN  NS  a.root-servers.net.
.           44313   IN  NS  e.root-servers.net.
.           44313   IN  NS  k.root-servers.net.
.           44313   IN  NS  f.root-servers.net.
.           44313   IN  NS  g.root-servers.net.
.           44313   IN  NS  h.root-servers.net.
.           44313   IN  NS  i.root-servers.net.
.           44313   IN  NS  d.root-servers.net.
.           44313   IN  NS  l.root-servers.net.
.           44313   IN  NS  j.root-servers.net.
.           44313   IN  NS  b.root-servers.net.
.           44313   IN  NS  m.root-servers.net.
;; Received 239 bytes from 172.30.93.117#53(172.30.93.117) in 2 ms

com.            172800  IN  NS  a.gtld-servers.net.
com.            172800  IN  NS  b.gtld-servers.net.
com.            172800  IN  NS  c.gtld-servers.net.
com.            172800  IN  NS  d.gtld-servers.net.
com.            172800  IN  NS  e.gtld-servers.net.
com.            172800  IN  NS  f.gtld-servers.net.
com.            172800  IN  NS  g.gtld-servers.net.
com.            172800  IN  NS  h.gtld-servers.net.
com.            172800  IN  NS  i.gtld-servers.net.
com.            172800  IN  NS  j.gtld-servers.net.
com.            172800  IN  NS  k.gtld-servers.net.
com.            172800  IN  NS  l.gtld-servers.net.
com.            172800  IN  NS  m.gtld-servers.net.
com.            86400   IN  DS  30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com.            86400   IN  RRSIG   DS 8 1 86400 20170723050000 20170710040000 15768 . DxDCk0ODJBzRqA78LQkZr2U1UKQszfF3U4Wl0MeW20kAceK5Xj4KoUSu ouy/H01wK8t2r6gMBjj8npOq/+oktlFqdf0jiB8+P7D6DJLZZ/zL/fy8 NP9PkDDWYddx9SMhtKvg/anFcDrBKzzjk4KOr3s4viHlcLC1SalxdndG 3gjaSZ3KoUOMxTi+/qHQ35RsnGxsW7gJ01a7RKsJLDaNOjBSWtvyL8RW 5WsaTVof3YmxXPQd5a7vErkOEM6CuPOuvBZdN3m1wTED5zM3cNUInq59 ELN/K9TcbCU6tnXFn6YItCyjMZDmP3MRFprYeKYw6+LwLB3OhwZdmxZF PTzFuw==
;; Received 1170 bytes from 198.41.0.4#53(a.root-servers.net) in 241 ms

google.com.     172800  IN  NS  ns2.google.com.
google.com.     172800  IN  NS  ns1.google.com.
google.com.     172800  IN  NS  ns3.google.com.
google.com.     172800  IN  NS  ns4.google.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20170716044736 20170709033736 27302 com. dPL5un6VGsc3VD1fU/VGsKtTvXx2SLYXr7XwG0I1hMhPxLgSu06jTwri bi8HEbBDR8K6LZLsf/PnbAM0dkpgYn+0zAsJnpvjy3BCaCDvIGFzTKme IJ/vLjMCP3cfP/Jy2tQp5xBDCPUjwM1YR+7IfWC4kyPh8d51o5dgfHMX Zp8=
S848JI1TS2RCEPV5SPG2RJA2T711BO8H.com. 86400 IN NSEC3 1 1 0 - S84C439C9HACCNUVH6CBPPTUS93VLTUG NS DS RRSIG
S848JI1TS2RCEPV5SPG2RJA2T711BO8H.com. 86400 IN RRSIG NSEC3 8 2 86400 20170717045200 20170710034200 27302 com. i1YnEA/ddnve8DUIOiFfEWBr5j8TOu60ehJexxzMxCG6ei8jAK+x1gqy BwtlmV6bnv/rjV52LOC58IJD2nBi4LcOLD4ggCVuKpAYLntAcOkdiDQ6 fELXSYFlDdh/vZCpSivUE9K6JCWVBNXBAosY6EBqrPU7BJoymsnGkrw/ VQQ=
;; Received 660 bytes from 192.41.162.30#53(l.gtld-servers.net) in 306 ms

google.com.     300 IN  A   172.217.6.78
google.com.     300 IN  AAAA    2607:f8b0:4005:80a::200e
google.com.     345600  IN  NS  ns4.google.com.
google.com.     345600  IN  NS  ns2.google.com.
google.com.     345600  IN  NS  ns3.google.com.
google.com.     86400   IN  CAA 0 issue "pki.goog"
google.com.     600 IN  MX  30 alt2.aspmx.l.google.com.
google.com.     60  IN  SOA ns4.google.com. dns-admin.google.com. 161347549 900 900 1800 60
google.com.     600 IN  MX  50 alt4.aspmx.l.google.com.
google.com.     86400   IN  CAA 0 issue "symantec.com"
google.com.     600 IN  MX  20 alt1.aspmx.l.google.com.
google.com.     600 IN  MX  10 aspmx.l.google.com.
google.com.     600 IN  MX  40 alt3.aspmx.l.google.com.
google.com.     3600    IN  TXT "v=spf1 include:_spf.google.com ~all"
google.com.     345600  IN  NS  ns1.google.com.
;; Received 404 bytes from 216.239.34.10#53(ns2.google.com) in 248 ms

The NS records above contain ns1.google.com, ns2.google.com, ns3.google.com and ns4.google.com.

Two questions.

  1. When are the name server fields in whois used and when are the NS records used?
  2. What happens if the name server fields in whois does not match the NS records in DNS?
Lone Learner
  • 123

3 Answers3

4

Whois sends a query to nominet to find the currently listed Name Servers (NS) for a domain. This list is updated when a Domain Name is registered. So when I registered my domain name with GOdaddy they registered that domain name with Nominet on my behalf, they also told nominet which DNS servers would be hosting my domain (the NS server Nominet list). Think of nominet as a list of Registered Domains and the current Name servers hosting that domain.

The NS Servers on Whois are only used during queries like the one you did. in order to find A records, CNAME records, MX records etc. that your domain name hosts we use DNS.

In other words for any other query using a browser, NSLookup, ping etc it is the DNS NS records that are used to find NS servers that host your domain, these are then queried to find the record you are looking for.

When the list of NS servers that host a domain are updated / changeed (Which I recently did for my domain) then the records are Nominet are changed as well. they should be out of sync but if they are as long as the NS record in DNS are correct then your records can be found.

https://www.nominet.uk/

to expand further and building on my comment above here are a couple more links. both are direct links to ICANN. also here is some information form the ICANN site:

**The Domain Name System (DNS) is a hierarchical distributed database to lookup information from unique names, i.e. to help people connect to resources like websites and email servers on the Internet. To explain it in simple terms, every computer has a unique number called an Internet Protocol (IP) address, e.g. 2620:0:2d0:200::7, which is like a phone number. One computer can contact another as long as it knows its IP address. Because these numbers are difficult to remember, we tend to use domain names, e.g. www.icann.org, instead. DNS is used to translate between domain names and IP addresses.

WHOIS provides information sufficient to contact a responsible party for a particular Internet resource who can resolve, or reliably pass on data to a party who can resolve, issues related to the configuration of the records associated with the domain name or the DNS name servers. Unfortunately the term "WHOIS" is overloaded with meanings, referring to protocols, services, and data types associated various resources, i.e., domain names, IP addresses, and Autonomous System Numbers (ASNs). This WHOIS Portal is devoted to describing the WHOIS system for generic top level domain names only, and does not attempt to describe how WHOIS applies to country code top level domain names (ccTLDs), IP addresses or ASNs. The service offered by registrars and registries to provide WHOIS data is referred to as a "WHOIS Service" or alternatively, a "Registration Data Directory Service."**

https://whois.icann.org/en/technical-overview

https://whois.icann.org/en/dns-and-whois-how-it-works

Michael Brown
  • 3,302
2

Why do name servers occur in whois as well as DNS?

Because they can. WHOIS is not a tool for DNS administrators. It is a tool for domain administrators. While these roles may occasionally share the same IT personnel in a business, frequently they do not. In many cases the person who buys the domain simply plugs in a list of DNS servers provided to them by another department.

WHOIS provides all of the information needed to understand ownership of the domain, and details pertinent to its configuration with the registry itself. There is no need for people who are not DNS administrators to utilize a protocol that they are not familiar with.

Andrew B
  • 33,868
1

Whois and DNS are both two "directories" and ways to access their data. They cater for different needs

  • whois has no operational consequences; it just lists data associated with a domain name, for human consumption and, typically, to know who to contact in case of problems
  • DNS is used for resolution, that is to find content associated with the domain name.

A registry manages both. Registrars send data (creations and updates) to registries, which in turn modify contents in whois & DNS systems.

So following my first point above, nameservers in whois are not used for anything, and especially not during resolution, and if there is a discrepancy (it can happen, both due to bugs or just due to the fact that both systems are not necessarily updated at the same frequency, in the past the typical delays where up to 24 hours for a change appearing in whois and a couple of hours for the DNS ; things are faster today) the information in the DNS "wins" in the sense that only this data is used during resolution.

Patrick Mevzek
  • 10,581
  • 7
  • 35
  • 45