When dealing with domain name system (DNS) errors, you might come across the message ‘The server with this IP is not authoritative.’ This message can appear when trying to resolve a domain name, configure a DNS server, or troubleshoot connectivity issues.
Understanding what authoritative and non-authoritative servers are, why this error occurs, and how to fix it is essential for ensuring smooth internet communication and server reliability.
This topic explains the meaning of authoritative DNS servers, the reasons behind this error, and the best ways to resolve it.
What Does ‘The Server with This IP Is Not Authoritative’ Mean?
Definition of an Authoritative DNS Server
An authoritative DNS server is a server that holds official and verified records for a specific domain. When a user requests a domain name, authoritative servers provide the correct IP address mapping.
Non-Authoritative Servers
A non-authoritative DNS server does not have the official records but relies on cached information from other DNS servers. These servers provide DNS resolutions but are not responsible for the original domain records.
Why This Error Appears
The error ‘The server with this IP is not authoritative’ usually means that:
-
The DNS server queried is not responsible for the domain.
-
The requested domain is not properly configured on the server.
-
There is a misconfiguration in the DNS settings.
Causes of the Error
1. Misconfigured DNS Server
If a server is not set up to be authoritative for a domain, it will not return valid responses.
2. Querying the Wrong Server
If you send a DNS query to a server that does not manage the requested domain, it will return a non-authoritative response or an error.
3. Missing or Incorrect Zone Files
DNS zone files contain domain-to-IP mappings. If the zone file is missing or incorrect, the server cannot provide an authoritative response.
4. Incorrect NS (Name Server) Records
If the name server (NS) records are pointing to the wrong DNS servers, queries might go to a non-authoritative server, causing this error.
5. Propagation Delays
When DNS records are updated, changes can take up to 48 hours to propagate across the internet. During this time, some servers may not recognize the updated authoritative DNS settings.
6. Cache Issues
If a DNS resolver relies on outdated cached data, it may not recognize the current authoritative server, leading to errors.
7. Server-Side Restrictions
Some DNS servers are configured to reject external queries, meaning they will not return authoritative responses to requests from unknown sources.
How to Fix ‘The Server with This IP Is Not Authoritative’
For DNS Administrators
1. Verify the DNS Server Configuration
Check if the server is properly configured as authoritative for the domain:
-
On Linux, use:
dig @your-server-ip example.comIf the response includes ‘AUTHORITY SECTION’, the server is authoritative.
-
On Windows, use:
nslookup example.com your-server-ipIf the response states ‘Non-authoritative answer,’ the server is not authoritative.
2. Update the Zone Files
Ensure that the DNS zone file exists and is correctly configured:
-
Open the zone file and verify entries like:
$TTL 86400@ IN SOA ns1.example.com. admin.example.com. (2024032801 ; Serial3600 ; Refresh1800 ; Retry604800 ; Expire86400 ; Minimum TTL) -
Ensure the NS records point to the correct authoritative servers.
3. Check and Update NS Records
Use the following command to check NS records:
dig NS example.comIf the NS records do not match the correct authoritative servers, update them in your domain registrar’s DNS settings.
4. Restart the DNS Server
After making changes, restart the DNS service:
-
On Linux (BIND DNS Server):
systemctl restart named -
On Windows DNS Server:
Restart-Service DNS
This ensures new configurations take effect.
5. Allow External Queries (If Necessary)
If the server is not responding to external requests, modify the configuration file to allow queries from other networks.
For BIND DNS servers, add the following to named.conf.options:
allow-query { any; };Then restart the service.
For End Users and IT Support
1. Use Public DNS Servers
If a local DNS server is not authoritative, try using a public DNS resolver, such as:
-
Google DNS:
8.8.8.8and8.8.4.4 -
Cloudflare DNS:
1.1.1.1 -
OpenDNS:
208.67.222.222and208.67.220.220
To change DNS settings on Windows:
-
Open Network and Internet Settings.
-
Select Change adapter options.
-
Right-click your connection and choose Properties.
-
Select Internet Protocol Version 4 (TCP/IPv4) > Properties.
-
Choose Use the following DNS server addresses and enter a public DNS.
2. Clear DNS Cache
If the error is caused by cached data, clearing the DNS cache can help.
On Windows, use:
ipconfig /flushdnsOn macOS, use:
sudo dscacheutil -flushcacheOn Linux, restart the nscd service:
sudo systemctl restart nscdThis forces the system to retrieve updated DNS records.
3. Check with the Domain Registrar
If the issue persists, verify with the domain registrar to ensure that:
-
The correct authoritative DNS servers are set.
-
DNS records have propagated globally.
Preventing Future Issues
1. Maintain Accurate DNS Records
Keep zone files updated and ensure NS records point to the correct servers.
2. Monitor DNS Server Health
Use tools like Nagios, Zabbix, or PRTG Network Monitor to track DNS uptime and performance.
3. Enable DNSSEC for Security
DNSSEC helps prevent DNS spoofing and ensures valid DNS responses.
4. Regularly Test DNS Resolution
Periodically check your domain’s resolution using:
dig example.comnslookup example.comIf any issues arise, address them promptly.
The error ‘The server with this IP is not authoritative’ typically occurs when a DNS server is not configured to manage a specific domain. It can be caused by misconfigured zone files, incorrect NS records, propagation delays, or caching issues.
For administrators, ensuring that DNS settings are correct and servers are authoritative can resolve the issue. For end users, using alternative DNS resolvers and clearing cache can help bypass temporary errors.
By following best practices in DNS configuration and monitoring, businesses and individuals can maintain stable and secure domain resolution.