DNS Behavior

Mon Oct 15 17:33:14 UTC 2007

Hello everyone. It's probably a common behavior, but I cound't find any answer to this, even reading all RFC docs.
If I query google.com for NS records (and only NS records), the AA answer comes from a root server
If I query google.com for NS records (or any other country specific domain), the AA answer comes from the AA NS of that domain.

As you will see, this are both results:

;; Received 177 bytes from 216.239.36.10#53(ns3.google.com) in 160 ms < this is google's NS server

;; Received 164 bytes from 192.52.178.30#53(K.GTLD-SERVERS.NET) in 206 ms < this is a root server

See this examples: (I removed all unrelated information from the output)

QUERYING google.com.ar

[root at postfix root]# dig google.com.ar -t NS +trace

; <<>> DiG 9.2.2-P3 <<>> google.com.ar -t NS +trace
;; global options:  printcmd
.                       513960  IN      NS      B.ROOT-SERVERS.NET.
.                       513960  IN      NS      C.ROOT-SERVERS.NET.
.                       513960  IN      NS      D.ROOT-SERVERS.NET.
.                       513960  IN      NS      E.ROOT-SERVERS.NET.
.                       513960  IN      NS      F.ROOT-SERVERS.NET.
.                       513960  IN      NS      G.ROOT-SERVERS.NET.
.                       513960  IN      NS      H.ROOT-SERVERS.NET.
.                       513960  IN      NS      I.ROOT-SERVERS.NET.
.                       513960  IN      NS      J.ROOT-SERVERS.NET.
.                       513960  IN      NS      K.ROOT-SERVERS.NET.
.                       513960  IN      NS      L.ROOT-SERVERS.NET.
.                       513960  IN      NS      M.ROOT-SERVERS.NET.
.                       513960  IN      NS      A.ROOT-SERVERS.NET.
;; Received 276 bytes from 190.2.55.4#53(190.2.55.4) in 0 ms

ar.                     172800  IN      NS      UUCP-GW-1.PA.DEC.COM.
ar.                     172800  IN      NS      UUCP-GW-2.PA.DEC.COM.
ar.                     172800  IN      NS      NS.UU.NET.
ar.                     172800  IN      NS      NS1.RETINA.ar.
ar.                     172800  IN      NS      ATHEA.ar.
ar.                     172800  IN      NS      CTINA.ar.
ar.                     172800  IN      NS      NS-AR.RIPE.NET.
ar.                     172800  IN      NS      MERAPI.SWITCH.CH.
;; Received 388 bytes from 192.228.79.201#53(B.ROOT-SERVERS.NET) in 182 ms

com.ar.                 86400   IN      NS      athea.ar.
com.ar.                 86400   IN      NS      ctina.ar.
com.ar.                 86400   IN      NS      merapi.switch.ch.
com.ar.                 86400   IN      NS      relay1.mecon.gov.ar.
com.ar.                 86400   IN      NS      ns.UU.NET.
com.ar.                 86400   IN      NS      ns1.retina.ar.
;; Received 244 bytes from 204.123.2.18#53(UUCP-GW-1.PA.DEC.COM) in 189 ms

google.com.ar.          14400   IN      NS      ns3.google.com.
google.com.ar.          14400   IN      NS      ns4.google.com.
google.com.ar.          14400   IN      NS      ns1.google.com.
google.com.ar.          14400   IN      NS      ns2.google.com.
;; Received 113 bytes from 200.16.98.2#53(athea.ar) in 6 ms

google.com.ar.          345600  IN      NS      ns4.google.com.
google.com.ar.          345600  IN      NS      ns1.google.com.
google.com.ar.          345600  IN      NS      ns2.google.com.
google.com.ar.          345600  IN      NS      ns3.google.com.
;; Received 177 bytes from 216.239.36.10#53(ns3.google.com) in 160 ms

QUERYING google.com.ar

[root at postfix root]# dig google.com -t NS +trace

; <<>> DiG 9.2.2-P3 <<>> google.com -t NS +trace
;; global options:  printcmd
.                       513884  IN      NS      B.ROOT-SERVERS.NET.
.                       513884  IN      NS      C.ROOT-SERVERS.NET.
.                       513884  IN      NS      D.ROOT-SERVERS.NET.
.                       513884  IN      NS      E.ROOT-SERVERS.NET.
.                       513884  IN      NS      F.ROOT-SERVERS.NET.
.                       513884  IN      NS      G.ROOT-SERVERS.NET.
.                       513884  IN      NS      H.ROOT-SERVERS.NET.
.                       513884  IN      NS      I.ROOT-SERVERS.NET.
.                       513884  IN      NS      J.ROOT-SERVERS.NET.
.                       513884  IN      NS      K.ROOT-SERVERS.NET.
.                       513884  IN      NS      L.ROOT-SERVERS.NET.
.                       513884  IN      NS      M.ROOT-SERVERS.NET.
.                       513884  IN      NS      A.ROOT-SERVERS.NET.
;; Received 292 bytes from 190.2.55.4#53(190.2.55.4) in 0 ms

com.                    172800  IN      NS      K.GTLD-SERVERS.NET.
com.                    172800  IN      NS      L.GTLD-SERVERS.NET.
com.                    172800  IN      NS      M.GTLD-SERVERS.NET.
com.                    172800  IN      NS      A.GTLD-SERVERS.NET.
com.                    172800  IN      NS      B.GTLD-SERVERS.NET.
com.                    172800  IN      NS      C.GTLD-SERVERS.NET.
com.                    172800  IN      NS      D.GTLD-SERVERS.NET.
com.                    172800  IN      NS      E.GTLD-SERVERS.NET.
com.                    172800  IN      NS      F.GTLD-SERVERS.NET.
com.                    172800  IN      NS      G.GTLD-SERVERS.NET.
com.                    172800  IN      NS      H.GTLD-SERVERS.NET.
com.                    172800  IN      NS      I.GTLD-SERVERS.NET.
com.                    172800  IN      NS      J.GTLD-SERVERS.NET.
;; Received 488 bytes from 192.228.79.201#53(B.ROOT-SERVERS.NET) in 182 ms

google.com.             172800  IN      NS      ns1.google.com.
google.com.             172800  IN      NS      ns2.google.com.
google.com.             172800  IN      NS      ns3.google.com.
google.com.             172800  IN      NS      ns4.google.com.
;; Received 164 bytes from 192.52.178.30#53(K.GTLD-SERVERS.NET) in 206 ms

Any exaplanation on why DNS behavies this way? I mean:

Why for google.com.ar (or any other .com.xx domain) the answer doesn't comes from "athea.ar" (country specific root server) for example? 

Thank you!
Pablo