I’m having problem trying to understand how Whois protocol works, in particular, the section related to the Name server information.
dig +short NS adtogroups.com
Returns nothing, which is expected since there is a ClientHold on the domain which prevent it from resolving
... Showing part of the output: Domain Status: clientHold https://icann.org/epp#clientHold
However, the name server section of whois answer returns a set of servers. I know that dig is the reliable source for resolving any domain since it’s built on sending DNS queries, while the name server information in whois is mirrored somehow from another source.
My question is, from where did whois get the name server information in the above example, knowing that the domain is under ClientHold (i.e. the DNS will not respond to resolving requests) and none of the NS output by whois appeared in passive DNS ?
I think I’m missing something on how Whois fetch the information related to NS.