I created a dns server with dnsmasq, to do some tests trying to redirect the awnsers to other sites, and i'm using tcpdump on client and server to capture the requests and responses.
According with tcpdump manual the output format to UDP Name Server Responses is:
src > dst: id op rcode flags a/n/au type class data (len)
Looking on client side and analyzing the tcpdump output i got:
00:00:00.012374 IP 192.168.2.106.domain > 192.168.2.117.55997: 23473* 1/0/0 A 186.237.194.225 (45)
What is the meaning of the (*) located right before 1/0/0
From the tcpdump man page (tcpdump-4.7.4-3.fc23):
The '*' indicates that the authoritative answer bit was set
See also the ns_print() function in https://github.com/the-tcpdump-group/tcpdump/blob/master/print-domain.c