DNS authoritative name server

Question

I use Wireshark to capture the DNS-packets. In the response packets I can see the line - authoritative nameservers. The question: Why sometimes the server responses with 4 or 5 authoritative nameservers, and sometimes there is only 1 of those? If there is a list of authoritative nameservers, how can I know from which one exactly the information about IP address has come? And how to find the total list of authoritative nameservers which contain the information about particular domain name?

Answer 1

Are you talking about the authority section in the DNS response? If that section contains any servers (it need not contain any) then they all all supposed to be able to give you authoritative answers to the query in question. The (recursive) nameserver that generated the response need not (can not) guarantee that, though, nor does it tell you which one it queried to get the response: it might even have queried more than one, or none at all (if it answered from its cache).

If you just want to get a list of authoritative servers for a domain, query that domain for NS records and look at the answer section (not the authority section). That's the published information prescribed by the zone's author about which nameservers one is supposed to use to get authoritative responses for that domain.