> Somehow I managed to add the details into my DNS server (windows) and itâ s resolving too.
Did you make your Windows DNS server authoritative for xyz.com? If so, did you make it a slave of the real xyz.com master DNS server (so your server gets a full, up-to-date copy of xyz.com DNS records)?
Or did you just make it a rogue fake-master server for xyz.com, with records that may or may not match the true xyz.com records, and are unlikely to be updated when the true xyz.com is? That would be a stupid thing to do.
If your Windows DNS server is allowed to contact other DNS servers on the Internet, you should not need to do anything special to resolve xyz.com (assuming that the xyz.com domain really exists).
If xyz.com is totally unknown to your DNS server, your server will first contact the Internet root nameservers to get the list of .com top-level domain nameservers. When it gets that list, it picks one of the servers from the list and sends that server a request for xyz.com domain nameservers. All these intermediate answers are cached, so if you later need information on some other .com domain, there will be no need to consult the root nameservers again.
If there are more domain levels, this process can repeated for every domain level as necessary. Eventually your DNS server will know the address of the authoritative name server(s) for xyz.com, and will ask them the information you originally requested (the IP address of xyz.com). As this information is received directly from the authoritative server, it is known as an "authoritative answer". It comes with a Time-To-Live value, which works like an expiration date, although it's measured in seconds, not days.
Your Windows DNS server will cache this answer, in case you need it later.
When you request the IP address of xyz.com again, your Windows DNS server will already have the data in its cache. It checks the TTL value: if the data is still valid, the DNS server can just give you the answer without making any requests to any other DNS server. This improves response time and saves network bandwidth. In this case, the answer will be labelled a "non-authoritative answer", because it came from a cache.
If the data in the cache was expired, your DNS server would request it again from the xyz.com nameserver.
So, the lack of "Non-authoritative answer" in nslookup output even when the query is repeated can mean one of two things:
a) Your local DNS server is configured as a slave of the xyz.com DNS zone. This is "premium service" (if done correctly) and a good thing for you.
b) Your local DNS server is unable to cache the xyz.com DNS information for some reason, and it must always request it from the authoritative xyz.com server. This means your local DNS server is overloaded or fails in some other way. This is bad.
If the application is not specifically related to the maintenance of the xyz.com DNS zone, checking for "non-authoritative answer" is pretty silly. It probably doesn't work like the author of the application thought it would.
What would happen if the application got a non-authoritative answer? What happens if it does not get it?
MK
MK
