When we inspect the DNS response after trackroute a website, in Wireshark, which section reflected "the information about nameservers"?
Authority RRS?
Additional RRS?
or within the Answers section (name, type, class, time, data)
Sorry, new to English and Wireshark.
Thank you
The authority section will contain the information about the nameservers. The "authority" section tells you just that: what servers are "authoritative" for that information.
Example query to .com's name servers for information about www.google.com:
> dig @f.gtld-servers.net. www.google.com A
; <<>> DiG 9.7.6-P2 <<>> @f.gtld-servers.net. www.google.com A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62133
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.google.com. IN A
;; AUTHORITY SECTION:
google.com. 172800 IN NS ns2.google.com.
google.com. 172800 IN NS ns1.google.com.
google.com. 172800 IN NS ns3.google.com.
google.com. 172800 IN NS ns4.google.com.
;; ADDITIONAL SECTION:
ns2.google.com. 172800 IN A 216.239.34.10
ns1.google.com. 172800 IN A 216.239.32.10
ns3.google.com. 172800 IN A 216.239.36.10
ns4.google.com. 172800 IN A 216.239.38.10
The above answer shows that there is no ANSWER section because .com doesn't know the address for google's A record. But it does know where you should go next: you should go talk to google's NS records, and those are listed in the authority section. And the additional section contains information about the addresses for google's name servers.