When setting up custom name servers like ns1.example.com, developers need to verify their registration status with the TLD registry independently from their registrar interface. This becomes particularly important when automating DNS configuration or troubleshooting.
The most reliable method is to query the registry's WHOIS service directly. Here's a Python implementation using the python-whois library:
import whois
def check_nameserver_registration(nameserver):
try:
w = whois.whois(nameserver)
return {
'registered': True,
'ip': w.name_servers,
'registrar': w.registrar
}
except Exception as e:
return {'error': str(e)}
# Example usage
result = check_nameserver_registration('ns1.example.com')
print(result)
Important limitations to be aware of:
- Most registries only expose name server information when they're actively used by domains
- Some TLDs have custom WHOIS servers (e.g., Verisign for .com)
- Rate limits often apply to WHOIS queries
When WHOIS data isn't available, you can attempt DNS resolution:
import socket
def dns_lookup(nameserver):
try:
ip = socket.gethostbyname(nameserver)
return {'resolved': True, 'ip': ip}
except socket.gaierror:
return {'resolved': False}
# Example
print(dns_lookup('ns1.example.com'))
Some registries offer REST APIs for more reliable queries. Here's an example for Verisign's Enterprise DNS API:
import requests
def verisign_nameserver_check(nameserver):
url = f"https://api.verisign.com/enterprise-dns/v1/nameservers/{nameserver}"
headers = {"Authorization": "Bearer YOUR_API_KEY"}
response = requests.get(url, headers=headers)
return response.json()
For production systems, consider:
- Caching WHOIS results to avoid rate limiting
- Implementing retry logic for temporary failures
- Handling TLD-specific edge cases (e.g., .co.uk has different requirements)
When setting up custom nameservers like ns1.example.com for your domain, verifying their registration status at the TLD registry level is crucial before DNS delegation. Here's a technical deep dive into verification methods:
For most TLDs, these methods work programmatically:
# Python example using whois
import whois
def check_nameserver_registration(nameserver):
try:
w = whois.whois(nameserver)
return bool(w.name_servers)
except Exception as e:
print(f"WHOIS lookup failed: {e}")
return False
# Usage:
ns_registered = check_nameserver_registration("ns1.example.com")Different TLDs handle nameserver visibility differently:
- COM/NET (VeriSign): WHOIS returns nameserver details only when attached to a live domain
- Country-code TLDs: Many ccTLDs expose nameserver records directly
Here's a robust verification script combining multiple methods:
#!/bin/bash
# Verify nameserver registration with multiple fallbacks
NAMESERVER="ns1.example.com"
TLD=$(echo $NAMESERVER | awk -F. '{print $NF}')
# Method 1: WHOIS direct query
whois -h whois.verisign-grs.com "$NAMESERVER" | grep "Name Server" &> /dev/null
if [ $? -eq 0 ]; then
echo "Verified via WHOIS"
exit 0
fi
# Method 2: DNS glue record check
dig +trace $NAMESERVER | grep "Received .* bytes from" &> /dev/null
if [ $? -eq 0 ]; then
echo "Verified via DNS trace"
exit 0
fi
# Method 3: Registry API (example for .com)
curl -s "https://api.verisign.com/ns-api?ns=$NAMESERVER" | jq .registered
When nameservers aren't yet attached to domains:
- Query the parent domain's WHOIS for glue records
- Check registry RDAP endpoints (newer than WHOIS)
- Use registrar APIs if available
For production systems, implement continuous verification:
// Node.js monitoring example
const dns = require('dns');
const whois = require('whois-json');
setInterval(async () => {
const nsStatus = await Promise.all([
verifyViaWHOIS('ns1.example.com'),
verifyViaDNS('ns1.example.com')
]);
if (!nsStatus.some(Boolean)) {
alertAdmin('Nameserver verification failed');
}
}, 3600000);
async function verifyViaWHOIS(ns) {
const data = await whois(ns);
return data?.nameservers?.includes(ns);
}