If you are not familiar with, or do not have access to the djbdns command-line client tools, please note that dnsq TYPE NAME SERVER is mostly equivalent to dig @SERVER NAME TYPE +norecurse.
Using a.root-servers.net (198.41.0.4) to start my lookups.
$ dnsq a starship.python.net 198.41.0.4 1 starship.python.net: 506 bytes, 1+0+13+14 records, response, noerror query: 1 starship.python.net authority: net 172800 NS a.gtld-servers.net [...snip...] additional: a.gtld-servers.net 172800 A 192.5.6.30 additional: a.gtld-servers.net 172800 AAAA 2001:503:a83e::2:30 [...snip...]
Okay, let's ask a .net TLD server.
$ dnsq a starship.python.net 192.5.6.30 1 starship.python.net: 102 bytes, 1+0+3+0 records, response, noerror query: 1 starship.python.net authority: python.net 172800 NS centera.de authority: python.net 172800 NS egal3.de authority: python.net 172800 NS sdrees.de
And now, we select centera.de.
Start at the root again:
$ dnsq a centera.de 198.41.0.4 1 centera.de: 286 bytes, 1+0+6+8 records, response, noerror query: 1 centera.de authority: de 172800 NS a.nic.de [...snip...] additional: a.nic.de 172800 A 193.0.7.3 [...snip...]
Let's pick a.nic.de.
$ dnsq a centera.de 193.0.7.3 1 centera.de: 101 bytes, 1+0+2+1 records, response, noerror query: 1 centera.de authority: centera.de 86400 NS ns4.your-server.de authority: centera.de 86400 NS ns.second-ns.de additional: ns.second-ns.de 86400 A 213.133.105.2
We'll try ns4.your-server.de. We can start at a.nic.de this time, because we still have the records cached from the previous lookup.
$ dnsq a ns4.your-server.de 193.0.7.3 1 ns4.your-server.de: 177 bytes, 1+0+4+2 records, response, noerror query: 1 ns4.your-server.de authority: your-server.de 86400 NS ns2.your-server.de authority: your-server.de 86400 NS ns.second-ns.de authority: your-server.de 86400 NS www.hos-ext1.de authority: your-server.de 86400 NS sql1a.your-server.co.za additional: ns2.your-server.de 86400 A 213.133.106.251 additional: ns.second-ns.de 86400 A 213.133.105.2
Now let's pick ns2.your-server.de. As it so happens, picking sql1a.your-server.co.za here would be even more ridiculously painful, but we'll save ourselves a little pain, and stick with the pattern using the first option each time. In theory, a client should choose randomly...
We can trust the glue from 193.0.7.3 for ns2.your-server.de, because we know it is authoritative for names in .de from the cached results of our earlier query to the root nameservers.
$ dnsq a ns4.your-server.de 213.133.106.251 1 ns4.your-server.de: 225 bytes, 1+1+4+4 records, response, authoritative, weird ra, noerror query: 1 ns4.your-server.de answer: ns4.your-server.de 7200 A 213.133.106.251 [...snip...]
Okay, now we can ask ns4.your-server.de about centera.de.
$ dnsq a centera.de 213.133.106.251 1 centera.de: 133 bytes, 1+1+2+2 records, response, authoritative, weird ra, noerror query: 1 centera.de answer: centera.de 86400 A 213.133.98.72 authority: centera.de 86400 NS ns4.your-server.de authority: centera.de 86400 NS ns.second-ns.de additional: ns.second-ns.de 86400 A 213.133.105.2 additional: ns4.your-server.de 7200 A 213.133.106.251
And now we can finally ask centera.de about starship.python.net...
$ dnsq a starship.python.net 213.133.98.72 1 starship.python.net: temporary failure
Oh hell. Well, we have two other servers for python.net, let's try egal3.de instead. We can start at a.nic.de again:
$ dnsq a egal3.de 193.0.7.3 1 egal3.de: 78 bytes, 1+0+1+0 records, response, authoritative, nxdomain query: 1 egal3.de authority: de 10800 SOA f.nic.de ops.denic.de 2007042005 10800 7200 3600000 10800
Yixes! egal3.de doesn't even exist! That leaves us sdrees.de as our last resort. We start at a.nic.de again:
$ dnsq a sdrees.de 193.0.7.3 1 sdrees.de: 108 bytes, 1+0+2+2 records, response, noerror query: 1 sdrees.de authority: sdrees.de 86400 NS ns9.schlundtech.de authority: sdrees.de 86400 NS ns10.schlundtech.de additional: ns9.schlundtech.de 86400 A 62.116.129.129 additional: ns10.schlundtech.de 86400 A 62.116.163.100
Let's try ns9.schlundtech.de; as before, we can trust the glue.
$ dnsq a sdrees.de 62.116.129.129 1 sdrees.de: 43 bytes, 1+1+0+0 records, response, authoritative, noerror query: 1 sdrees.de answer: sdrees.de 86400 A 212.227.85.98
Hooray! Now let's ask sdrees.de about starship.python.net:
$ dnsq a starship.python.net 212.227.85.98 1 starship.python.net: 98 bytes, 1+1+2+0 records, response, authoritative, weird ra, noerror query: 1 starship.python.net answer: starship.python.net 600 A 87.106.17.236 authority: python.net 600 NS centera.de authority: python.net 600 NS sdrees.de
Yay! 87.106.17.236! We're done, after 12 lookups.