DNS response and nameservers

Question

When we inspect the DNS response after trackroute a website, in Wireshark, which section reflected "the information about nameservers"?

Authority RRS?

Additional RRS?

or within the Answers section (name, type, class, time, data)

Sorry, new to English and Wireshark.

Thank you

Answer 1

The authority section will contain the information about the nameservers. The "authority" section tells you just that: what servers are "authoritative" for that information.

Example query to .com's name servers for information about www.google.com:

> dig @f.gtld-servers.net. www.google.com A

; <<>> DiG 9.7.6-P2 <<>> @f.gtld-servers.net. www.google.com A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62133
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.google.com.                        IN      A

;; AUTHORITY SECTION:
google.com.             172800  IN      NS      ns2.google.com.
google.com.             172800  IN      NS      ns1.google.com.
google.com.             172800  IN      NS      ns3.google.com.
google.com.             172800  IN      NS      ns4.google.com.

;; ADDITIONAL SECTION:
ns2.google.com.         172800  IN      A       216.239.34.10
ns1.google.com.         172800  IN      A       216.239.32.10
ns3.google.com.         172800  IN      A       216.239.36.10
ns4.google.com.         172800  IN      A       216.239.38.10

The above answer shows that there is no ANSWER section because .com doesn't know the address for google's A record. But it does know where you should go next: you should go talk to google's NS records, and those are listed in the authority section. And the additional section contains information about the addresses for google's name servers.

Answer 2

The Authority Section reflects the information of nameservers.

If you using UNIX like operating systems, you can use Dig to traceroute a website.