Where to get authoritative DNS information and is whois accurate

Question

I've been told that there is a problem with the DNS records for for the following domain: horoscope-feeds.com, but I'm not yet convinced there is a problem with it.

When I do

host -C -a horoscope-feeds.com

I get the response

Trying "horoscope-feeds.com"
Received 184 bytes from 127.0.0.1#53 in 46 ms
Trying "horoscope-feeds.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21074
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;horoscope-feeds.com.       IN  SOA

;; ANSWER SECTION:
horoscope-feeds.com.    86400   IN  SOA ns.horoscope-feeds.com. peter.ward33.btopenworld.com. 1341590337 10800 3600 604800 10800

;; AUTHORITY SECTION:
horoscope-feeds.com.    86400   IN  NS  ns.horoscope-feeds.com.

;; ADDITIONAL SECTION:
ns.horoscope-feeds.com. 86400   IN  A   109.228.2.80

Received 131 bytes from 109.228.2.80#53 in 44 ms

Which I understand as meaning that the authoritative name server for this domain is ns.horoscope-feeds.com. However a whois lookup for the domain yeilds two nameservers:

Nameserver:     ns1.horoscope-feeds.com
Nameserver:     ns2.horoscope-feeds.com

I thought that whois information is not guaranteed to be accurate and that domain information should not be taken from this source.

Can anyone tell me if the DNS set up for this domain is wrong in any way and if so how? Also where is the final authority on the DNS records for a domain and how do I get that information?

Thanks

Answer 1

The DNS setup inconsistent because the registry (".com" - managed by Verisign) says that the authoritative nameservers are ns1.horoscope-feeds.com and ns2.horoscope-feeds.com, but if you query one of these servers, they answer that the authoritative server is ns.horoscope-feeds.com (having the same IP as ns2).

This may sound confusing, but it's important to understand that the main record type that a resolving client jump from the root down to your domain is the NS resource record type. For any given delegated domain, such as "horoscope-feeds.com", there are two sets of such NS records -- one published by the parent zone (registry) and one published by the zone itself. These two sets should match:

Ask the registry for the set of nameservers authoritative for your domain:

$ dig +noall +authority +add @a.gtld-servers.net horoscope-feeds.com
horoscope-feeds.com.    172800  IN  NS  ns1.horoscope-feeds.com.
horoscope-feeds.com.    172800  IN  NS  ns2.horoscope-feeds.com.
ns1.horoscope-feeds.com. 172800 IN  A   109.228.2.79
ns2.horoscope-feeds.com. 172800 IN  A   109.228.2.80

Ask one of those nameservers:

$ dig +noall +answer +add @109.228.2.79 horoscope-feeds.com ns
horoscope-feeds.com.    86400   IN  NS  ns.horoscope-feeds.com.
ns.horoscope-feeds.com. 86400   IN  A   109.228.2.80

A similar diagnosis can be seen here.

Generally, the information published by Whois also comes from the TLD registry (if you query the right whois server). However, there is a possibility that the registry whois database is out of sync with what is published at the DNS. Since we're dealing with DNS problems, it's best to query the DNS, i.e. ask one of dig com. NS for domains that end with ".com") :)

As for fixing this inconsistency, you should either edit your zone (at your DNS provider) to match the registry.