For some domains
nslookup gives me a
Non-authoritative answer section. What does this mean?
Got answer: HEADER: opcode = QUERY, id = 3, rcode = NXDOMAIN header flags: response, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = QUESTIONS: www.ssss.com.SME, type = AAAA, class = IN AUTHORITY RECORDS: -> (root) ttl = 1787 (29 mins 47 secs) primary name server = a.root-servers.net responsible mail addr = nstld.verisign-grs.com ------------ Non-authoritative answer: ------------ ------------ Name: example.com Address: 22.214.171.124 Aliases: www.example.com
It's essentially what it says An authoritative answer comes from a nameserver that is considered authoritative for the domain which it's returning a record for (one of the nameservers in the list for the domain you did a lookup on), and a non-authoritative answer comes from anywhere else (a nameserver not in the list for the domain you did a lookup on).
It's basically a distinction between a nameserver that's an official nameserver for the domain you're querying and a nameserver that's not Nameservers that aren't authoritative are getting their answers second (or third or fourth...) hand - just relaying the information along from somewhere else.
So, for example, If I did an nslookup of
maps.google.com right now, I would get a response from one of my configured nameservers. (Either from my ISP, or my domain.) It would come back as non-authoritative because neither my ISP's nameservers, nor my own are in the list of nameservers for
google.com . They aren't google's nameservers, so they're not the authoritative source that creates the ns records.
The list of authoritative nameservers for Google is below (from whois.internic.net).
Domain Name: GOOGLE.COM
Registrar: markmonitor inc.
Whois Server: whois.markmonitor.com
Name Server: NS1.GOOGLE.COM
Name Server: NS2.GOOGLE.COM
Name Server: NS3.GOOGLE.COM
Name Server: NS4.GOOGLE.COM
Updated Date: 20-jul-2011
Creation Date: 15-sep-1997
Expiration Date: 14-sep-2020
If I changed my configured DNS server to one of the ones in that list, and then did an
maps.google.com , I'd get an authoritative answer back. Those servers are the authority, (or source) for what are valid names in google's domains, and what aren't. All other nameservers non-authoritative nameservers get their records from authoritative server somewhere down the line