why cannot I get the authority information with dnspython while nslookup is useful

Question

#code like this
import dns
import dns.resolver
import dns.name
import dns.message
import dns.query

request = dns.message.make_query("google.com",dns.rdatatype.NS)
response = dns.query.udp(request,"216.239.32.10")
print response.authority

but it's null

and then when use " nslookup google.com 216.239.32.10 "

can get

Server: 216.239.32.10 Address: 216.239.32.10#53

Name: google.com Address: 216.58.221.238 Obviously,it's an authority answer but why can't I get the authority section when use dnspython?

No it is not an "authority answer. It is an authoritative reply, without an AUTHORITY section. Authority is used for delegations. `dig @216.239.32.10 google.com NS` will clearly show you both the ANSWER and ADDITIONAL sections. There is not AUTHORITY section because `216.239.32.10` is authoritative on `google.com`, (hence the `aa` flag in reply) so it does not need to give you new NS to query, it has directly the answer, which is in the ANSWER section, with some extra IPs in the ADDITIONAL section for help. — Patrick Mevzek, Mar 27 '19 at 22:07

score 1 · Answer 1 · answered Jan 25 '16 at 09:43

Are you sure?

c:\srv>nslookup google.com 216.239.32.10
Server:  ns1.google.com
Address:  216.239.32.10

Name:    google.com
Addresses:  2a00:1450:400f:805::200e
          178.74.30.16
          178.74.30.49
          178.74.30.37
          178.74.30.24
          178.74.30.26
          178.74.30.59
          178.74.30.57
          178.74.30.48
          178.74.30.46
          178.74.30.27
          178.74.30.53
          178.74.30.35
          178.74.30.20
          178.74.30.42
          178.74.30.31
          178.74.30.38

c:\srv>python
Python 2.7.10 (default, May 23 2015, 09:40:32) [MSC v.1500 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import dns
>>> import dns.resolver, dns.name
>>> import dns.message, dns.query
>>> r = dns.message.make_query('google.com', dns.rdatatype.NS)
>>> resp = dns.query.udp(r, '216.239.32.10')
>>> print resp.authority
[]
>>> print resp
id 63079
opcode QUERY
rcode NOERROR
flags QR AA RD
;QUESTION
google.com. IN NS
;ANSWER
google.com. 345600 IN NS ns3.google.com.
google.com. 345600 IN NS ns4.google.com.
google.com. 345600 IN NS ns2.google.com.
google.com. 345600 IN NS ns1.google.com.
;AUTHORITY
;ADDITIONAL
ns3.google.com. 345600 IN A 216.239.36.10
ns4.google.com. 345600 IN A 216.239.38.10
ns2.google.com. 345600 IN A 216.239.34.10
ns1.google.com. 345600 IN A 216.239.32.10
>>>

thank you for your answer,but when I use "nslookup google.com 8.8.8.8" it get a Non-authoritative answer , however when use dnspython,it's authority section must be null whatever the nameserver is .so what's wrong with me? thanks a lot! — Nigel Lee, Jan 25 '16 at 11:55

score 0 · Answer 2 · answered Aug 08 '18 at 23:50

I also encountered the same problem. It turned out to be that some DNS resolvers do not reply with authority or additional sections (Check the packets using Wireshark).

Change the IP address to 127.0.1.1 in your python code and make sure that you have configured your DNS resolver is not pointing to your original resolver (Check cat /etc/resolv.conf).

You should see the authority section in you result.

why cannot I get the authority information with dnspython while nslookup is useful

but it's null

2 Answers2