cname - What is the right way to get the list of DNS servers responsible for certain host? -

i use following steps:

1. query records host, servers return ns records in authority section, extract them section, if any.
2. query ns records, extract them answer section.

the problem "subdomains" (cname), example:

> dig www.microsoft.com a

;; answer section: www.microsoft.com.      696     in      cname   toggle.www.ms.akadns.net. toggle.www.ms.akadns.net. 119   in      cname   g.www.ms.akadns.net. g.www.ms.akadns.net.    263     in      cname   lb1.www.ms.akadns.net. lb1.www.ms.akadns.net.  31      in            65.55.12.249 

> dig www.microsoft.com ns

;; answer section: www.microsoft.com.      619     in      cname   toggle.www.ms.akadns.net. toggle.www.ms.akadns.net. 42    in      cname   g.www.ms.akadns.net. g.www.ms.akadns.net.    186     in      cname   lb1.www.ms.akadns.net.  ;; authority section: akadns.net.             174     in      soa     internal.akadns.net. hostmaster.akamai.com. 1304057105 90000 90000 90000 180 

> dig lb1.www.ms.akadns.net a

;; answer section: lb1.www.ms.akadns.net.  79      in            65.55.12.249 

> dig lb1.www.ms.akadns.net ns

;; authority section: akadns.net.             176     in      soa     internal.akadns.net. hostmaster.akamai.com. 1304057402 90000 90000 90000 180 

as can see, there no ns records returned. how overcome problem?

your algorithm wrong. here's right one.

for each successively shorter superdomain s of target domain name t, starting t itself:

1. perform ns lookup on s. if answer not non-empty resource record set, go step 3. otherwise have set of intermediate domain names d[].
2. perform a , aaaa lookups on each name in d[]. give set of ip addresses. have answer. end.
3. optionally perform soa lookup on s. if answer non-empty resource record set, cross administrative boundary having found no non-empty ns resource record set far. may choose, according trying find out, abend.

remember have make queries own resolving proxy dns server, not external content dns servers, complete answer rather partial one. remember have follow cname chains when inspecting responses. response dig www.microsoft.com. ns query above, example, cname chain leading empty ns resource record set lb1.www.ms.akadns.net..