[BUG] invalid JSON output (ADDITIONNAL SECTION parsed as target domain records)

### dnsx version:



DNSX Version: 1.2.2

### Current Behavior:
Some dns resolvers (e.g: 84.53.242.102) provide more than just ANSWER SECTION. Indeed, many resolvers provide AUTHORITY SECTION and ADDITIONAL SECTION.

Example:
`$ dig @84.53.242.102 anyinvaliddomain.ticketing.cm.com`
```
; <<>> DiG 9.20.16 <<>> @84.53.242.102 anyinvaliddomain.ticketing.cm.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62158
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13

;; QUESTION SECTION:
;anyinvaliddomain.ticketing.cm.com. IN	A

;; AUTHORITY SECTION:
.			79449	IN	NS	g.root-servers.net.
.			79449	IN	NS	h.root-servers.net.
.			79449	IN	NS	i.root-servers.net.
.			79449	IN	NS	j.root-servers.net.
.			79449	IN	NS	k.root-servers.net.
.			79449	IN	NS	l.root-servers.net.
.			79449	IN	NS	m.root-servers.net.
.			79449	IN	NS	a.root-servers.net.
.			79449	IN	NS	b.root-servers.net.
.			79449	IN	NS	c.root-servers.net.
.			79449	IN	NS	d.root-servers.net.
.			79449	IN	NS	e.root-servers.net.
.			79449	IN	NS	f.root-servers.net.

;; ADDITIONAL SECTION:
g.root-servers.net.	77741	IN	A	192.112.36.4
h.root-servers.net.	77741	IN	A	198.97.190.53
i.root-servers.net.	77741	IN	A	192.36.148.17
j.root-servers.net.	77741	IN	A	192.58.128.30
k.root-servers.net.	77741	IN	A	193.0.14.129
l.root-servers.net.	79739	IN	A	199.7.83.42
m.root-servers.net.	77741	IN	A	202.12.27.33
a.root-servers.net.	81186	IN	A	198.41.0.4
b.root-servers.net.	81186	IN	A	170.247.170.2
c.root-servers.net.	77741	IN	A	192.33.4.12
d.root-servers.net.	77741	IN	A	199.7.91.13
e.root-servers.net.	77741	IN	A	192.203.230.10
f.root-servers.net.	77741	IN	A	192.5.5.241

;; Query time: 258 msec
;; SERVER: 84.53.242.102#53(84.53.242.102) (UDP)
;; WHEN: Thu Dec 04 15:26:53 CET 2025
;; MSG SIZE  rcvd: 470
```

The problem with dnsx (and also its json output), si that it seems to parse records from EVERY section instead of just considering the ANSWER section (when available).

As a result, when automating subdomain resolutions, many false positive appear with IPs of root DNS servers (and sometimes others servers returned in ADDITIONAL SECTION) as if they were valid A records for the FQDN.

### Expected Behavior:
Only records from ANSWER SECTION are considered. An alternative would consist in adding a json entry 'other_sections' to collect alternative section informations. 

### Steps To Reproduce:

1. Run `echo anyinvaliddomain.ticketing.cm.com | dnsx -disable-update-check -silent -no-color -retry 1 -resolver 84.53.242.102 -stream -resp -a -cname -json -omit-raw | jq`
2. Observe that root-servers a records have been added to json 'a' section at top of the tree,as if the domain resolved to these IPs:
```json
{
  "host": "anyinvaliddomain.ticketing.cm.com",
  "ttl": 77076,
  "resolver": [
    "84.53.242.102:53"
  ],
  "a": [
    "192.203.230.10",
    "192.5.5.241",
    "192.112.36.4",
    "198.97.190.53",
    "192.36.148.17",
    "192.58.128.30",
    "193.0.14.129",
    "199.7.83.42",
    "202.12.27.33",
    "198.41.0.4",
    "170.247.170.2",
    "192.33.4.12",
    "199.7.91.13"
  ],
...
```


### Anything else:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[BUG] invalid JSON output (ADDITIONNAL SECTION parsed as target domain records) #923

dnsx version:

Current Behavior:

Expected Behavior:

Steps To Reproduce:

Anything else:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[BUG] invalid JSON output (ADDITIONNAL SECTION parsed as target domain records) #923

Description

dnsx version:

Current Behavior:

Expected Behavior:

Steps To Reproduce:

Anything else:

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions