I'm using nslookup
to find the DNS name that has the a given IP address as one of its associated addresses. So, I use nslookup interactively...
command line > nslookup -
set query=ptr
24.248.56.68
Non-authoritative answer:
68.56.248.24.in-addr.arpa name = wsip-24-248-56-68.ri.ri.cox.net.
Authoritative answers can be found from:
24.in-addr.arpa nameserver = x.arin.net.
24.in-addr.arpa nameserver = u.arin.net.
24.in-addr.arpa nameserver = t.arin.net.
24.in-addr.arpa nameserver = v.arin.net.
24.in-addr.arpa nameserver = dill.arin.net.
24.in-addr.arpa nameserver = y.arin.net.
24.in-addr.arpa nameserver = z.arin.net.
24.in-addr.arpa nameserver = w.arin.net.
t.arin.net internet address = 199.253.249.63
u.arin.net internet address = 204.61.216.50
u.arin.net has AAAA address 2001:500:14:6050:ad::1
v.arin.net internet address = 63.243.194.2
v.arin.net has AAAA address 2001:5a0:10::2
w.arin.net internet address = 72.52.71.2
w.arin.net has AAAA address 2001:470:1a::2
x.arin.net internet address = 199.71.0.63
x.arin.net has AAAA address 2001:500:31::63
y.arin.net internet address = 192.42.93.32
z.arin.net internet address = 199.212.0.63
z.arin.net has AAAA address 2001:500:13::63
dill.arin.net internet address = 192.35.51.32
Now I want to find what name servers were contacted to do that lookup. I think I'm supposed to set query=ns
but that returns the same answer. How can I find what name servers were contacted?
The server that processed your query should be displayed along with the result, e.g.
Typically this is the default nameserver configured for your workstation. To select a different nameserver use the nslookup "server" command.
Since your query returned a non-authoritative answer that means your nameserver is not authoritative for that pointer. It had to query other nameserver(s) in order to respond. As far as I know, there is no nslookup option to show the lookup sequence performed by your nameserver.
If your objective is to determine the authoritative nameserver for the pointer then you need to do one or more additional nslookup queries based on the authoritative 'hints'. In your example, the first hint is "x.arin.net" (one of the internet root servers). Using this hint, your next step would be send the same query to that server, e.g.
This response shows x.arin.net isn't authoritative either but the new hint indicates the next server to query is "ns.cox.net" (or "ns.west.cox.net" or "ns.east.cox.net"). Set your server to the new hint, execute the query again and repeat the process until you get an authoritative answer, e.g.
This result shows the authoritative nameserver for the pointer is "ns2.coxmail.com". Depending on how your nameserver is configured, it may have gone through the same series of queries you did. However if your nameserver is set up for caching, the next time you make the same query it may answer from its cache rather than go through the same process.
I hope this helps. Keep in mind this may not be exactly how it works for you because a lot depends on the configuration of your workstation, the configuration of your nameserver as well as the configuration of the additional nameservers that are queried.
Other tools more sophisticated than nslookup may make this process easier for you.