Reputation: 131
dig NS and nslookup give outdated nameservers; +trace or whois are correct
Some time ago (months), I updated the nameservers for a number of domains I control; both the old and new nameservers are run by the same hosting company.
The NS records are correct with the registrar, and the correct records are shown by a whois request, and a dig +trace
However, a dig NS and an nslookup for soa both show the old records.
Recently the old nameserver was retired (it no longer responds to dig requests), and I'm concerned that this might impact the websites.
Please forgive a slight scattershot of related questions – I'm trying to work out what's happening, but I'm not entirely sure what I should be asking:
Why are these tools returning the old nameserver? How is the old nameserver still held by any systems, months after the change?
How do I find the canonical answer? Is that a valid question? What does 'canonical' mean in this sense – I'm assuming it should mean the setting at the registrar?
What tool gives me the pragmatically correct answer (i.e. the answer that most of the internet is using to resolve my domains)? I'm assuming that the internet at large isn't actually using the info provided by dig's source.
Here's an example:
Dig shows the old nameserver ns1.OLDNAMESERVER.net
$ dig ns EXAMPLE.co.uk
; ANSWER SECTION:
EXAMPLE.co.uk. 600 IN NS ns2.OLDNAMESERVER.net.
EXAMPLE.co.uk. 600 IN NS ns1.OLDNAMESERVER.net.
as does nslookup:
$ nslookup
> set querytype=soa
> EXAMPLE.co.uk
Server: 1.2.3.4
Address: 1.2.3.4#53
Non-authoritative answer:
EXAMPLE.co.uk
origin = ns1.OLDNAMESERVER.net
whereas whois shows the correct nameserver ns1.NEWNAMESERVER.co.uk as set in the registrar:
$ whois EXAMPLE.co.uk
Name servers:
ns1.NEWNAMESERVER.co.uk 5.6.7.8
ns2.NEWNAMESERVER.co.uk 1.6.7.9
as does dig +trace:
$ dig +trace EXAMPLE.co.uk
EXAMPLE.co.uk. 172800 IN NS ns1.NEWNAMESERVER.co.uk.
EXAMPLE.co.uk. 172800 IN NS ns2.NEWNAMESERVER.co.uk.
Upvotes: 2
Views: 2371
Answers (1)
Reputation: 1132
You have NS records at your new name servers, pointed to the old ones. Go to the DNS settings of the domain (the DNS zone) and change the NS records, not the name servers. Dig +trace should be showing you that:
EXAMPLE.co.uk. 172800 IN NS ns2.NEWNAMESERVER.co.uk.
EXAMPLE.co.uk. 172800 IN NS ns1.NEWNAMESERVER.co.uk.
;; Received 643 bytes from 156.154.103.3#53(nsd.nic.uk) in 26 ms
EXAMPLE.co.uk. 86400 IN NS ns1.OLDNAMESERVER.net.
EXAMPLE.co.uk. 86400 IN NS ns2.OLDNAMESERVER.net.
;; Received 124 bytes from 5.6.7.8#53(ns2.NEWNAMESERVER.co.uk) in 43 ms
Upvotes: 3
Related Questions
- *Name Server* is not a valid nameserver?
- DNS issue on macOS
- Checking domain name availability with DNS records
- BIND . Registrar says it cant find the nameserver. nslookup shows the domain is being handled by bind
- WHOIS command not returning useful information?
- Mismatched NS records at DNS server
- DNS resolution problems; dig SERVFAIL error
- What does it mean when a "dig" command with "+nssearch" option returns nothing?
- DNS not resolving
- Where to get authoritative DNS information and is whois accurate