Wireshark-users: Re: [Wireshark-users] Question regardingcapturing DNSpackets withtshark
From: Martin Visser <[email protected]>
Date: Fri, 6 Jul 2012 14:57:08 +1000
The response you received doesn't have *Answers*, because there were none to give. From the response flags, you didn't ask your DNS server to query recursively. It doesn't have the actual A record in it's cache, but it is able to tell you where to find it - look in the Authority and Additional RRs. 

If you had of queried recursively, it may have gone to get the actual answer.

You can use display filter fields like "dns.count.answers != 0 && dns.flags.response == 1"  to find DNS responses that do have answers.

Regards, Martin

[email protected]