DNS response and nameservers

Question

When we inspect the DNS response after trackroute a website, in Wireshark, which section reflected "the information about nameservers"?

Authority RRS?

Additional RRS?

or within the Answers section (name, type, class, time, data)

Sorry, new to English and Wireshark.

Thank you

Wes Hardaker · Accepted Answer

The authority section will contain the information about the nameservers. The "authority" section tells you just that: what servers are "authoritative" for that information.

Example query to .com's name servers for information about www.google.com:

> dig @f.gtld-servers.net. www.google.com A

; <<>> DiG 9.7.6-P2 <<>> @f.gtld-servers.net. www.google.com A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62133
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.google.com.                        IN      A

;; AUTHORITY SECTION:
google.com.             172800  IN      NS      ns2.google.com.
google.com.             172800  IN      NS      ns1.google.com.
google.com.             172800  IN      NS      ns3.google.com.
google.com.             172800  IN      NS      ns4.google.com.

;; ADDITIONAL SECTION:
ns2.google.com.         172800  IN      A       216.239.34.10
ns1.google.com.         172800  IN      A       216.239.32.10
ns3.google.com.         172800  IN      A       216.239.36.10
ns4.google.com.         172800  IN      A       216.239.38.10

The above answer shows that there is no ANSWER section because .com doesn't know the address for google's A record. But it does know where you should go next: you should go talk to google's NS records, and those are listed in the authority section. And the additional section contains information about the addresses for google's name servers.

DNS response and nameservers

Answers (2)

Related Questions