finding authoritative nameservers

[Ronald F. Guilmette]

In message <AFB3CCEB-9310-4CD2-89B3-EE302AF0B850 at menandmice.com>, 
Chris Buxton <cbuxton at menandmice.com> wrote:

>On May 19, 2008, at 3:09 PM, Ronald F. Guilmette wrote:
>> In message <ADA073C8-E7F4-4144-ACDA-3CED0669470A at menandmice.com>,
>> Chris Buxton <cbuxton at menandmice.com> wrote:
>>
>>> - Query the parent zone to retrieve the target zone's delegation NS
>>> records.
>>
>> That would be one approach.  But as I noted in my immediately prior  
>> post,
>> I elected to just force a type `ANY' query (for the original FQDN I  
>> was
>> interested in) to be sent to the primary name server, whose name I  
>> grabbed
>> from the SOA record.  Then I just grab the list of relevant NSes out  
>> of
>> the AUTHORITY section of the response to that ANY query.
>>
>> This seems to work OK.  Good enough for my purposes anyway.
>
>Actually, many DNS server implementations don't return anything in the  
>Authority section for a positive answer. Such records are not required  
>by RFC. An example is MS DNS - not exactly an uncommon name server  
>version.

Yeabut even in those (degenerate?) cases, I still do at least have the
name of the primary... which is something.  (And for my purposes, it is
more than enough to hang my hat on.)

>Therefore, you should actually query for the NS records, since any  
>standards-compliant authoritative name server will return those if  
>explicitly asked.

OK, sorry, I've lost context.  Can you run this part by me again please?
How exactly do I do what you're saying I should do?

Assume that I stared with foobar.example.com.  Now assume that I've already
learned (from some SOA record) that the primary NS for that is called
ns1.example.com.  Tell me what to do next.

Are you saying that I should send a type NS query to ns1.example.com for
the name foobar.example.com?

Won't that only produce useful results in cases where foobar.example.com
itself has one or more NS records associated with that specific and complete
FQDN?