Why do I sometimes (but not always) see "internet address" data for an MX record in output for nslookup queries?

Question

CentOS 5.x

I've noticed that sometimes I'll see "internet address" for an MX record in the output of nslookup. This doesn't happen all the time though.

For example, let's say that foo.com uses Microsoft for their mail service. In that case, when I'm running nslookup -q=mx foo.com I will see:

foo.com       MX preference = 10, mail exchanger = mail.messaging.microsoft.com

foo.com                          nameserver = ns71.worldnic.com
foo.com                          nameserver = ns72.worldnic.com
mail.messaging.microsoft.com     internet address = 216.32.180.190
mail.messaging.microsoft.com     internet address = 207.46.163.30
ns71.worldnic.com                internet address = 205.178.190.36
ns72.worldnic.com                internet address = 206.188.198.36

Othertimes, when I run the same query, I'll get:

foo.com       MX preference = 10, mail exchanger = mail.messaging.microsoft.com

foo.com                 nameserver = ns71.worldnic.com
foo.com                 nameserver = ns72.worldnic.com
ns71.worldnic.com       internet address = 205.178.190.36
ns72.worldnic.com       internet address = 206.188.198.36

Why is mail.messaging.microsoft.com sometimes missing from the bottom section? It seems like nslookup tries to be clever and go one step further to provide the A records (even though I didn't explicitly ask for it) but this doesn't happen all the time.

Answer 1

I'm pretty sure this happens when the resolver you are performing the lookups against has the A records in its cache. It returns the extra records as part of the additional section in the response. It's not nslookup that's doing anything different.

If you're looking up a record that contains a hostname (CNAME/MX/etc), the chances are you'll probably want the address associated with those records, but the resolver is not going to go out of its way to look them up if they're not already in its cache. (It's entirely possible you don't need the actual addresses depending on why your asking, so actually looking up the addresses could be doing more than it needs. However returning the addresses if it has them requires no extra queries and may save your computer from having to doing more, reducing DNS traffic overall.)