Why do some TLD have an MX record on the zone root? e.g. .ai

I have no idea why the following TLD have a MX record on the root level of the zone. This does not make sense at all.

Does this show the technical incompetence of the NIC? Please comment If I'm wrong.

(At least Postfix looks not to be able to send to postmaster@ai because it automatically appends localdomain.)

Test it yourself with "dig mx ai" for example.

.AI   =>   mail.offshore.AI.
.AS   =>   dca.relay.gdns.net.
.BJ   =>   mail6.domain-mail.com.
.CF   =>   mail.intnet.CF.
.DJ   =>   smtp.intnet.DJ.
      =>   relais2.intnet.DJ.
.DM   =>   mail.nic.DM.
.GP   =>   ns1.nic.GP.
      =>   ns34259.ovh.net.
      =>   manta.outremer.com.
.HR   =>   alpha.carnet.HR.
.IO   =>   mailer2.IO.
.KH   =>   ns1.dns.net.KH.
.KM   =>   mail1.comorestelecom.KM.
.MH   =>   imap.pwke.twtelecom.net.
.MQ   =>   mx1-mq.mediaserv.net.
.NE   =>   bow.rain.fr.
      =>   bow.intnet.NE.
.PA   =>   ns.PA.
.TD   =>   mail.intnet.TD.
.TT   =>   66-27-54-142.san.rr.com.
      =>   66-27-54-138.san.rr.com.
.UA   =>   mr.kolo.net.
.VA   =>   proxy2.urbe.it.
      =>   john.vatican.VA.
      =>   paul.vatican.VA.
      =>   lists.vatican.VA.
.WS   =>   mail.worldsite.WS.
.TD   =>   mail.intnet.TD
.YE   =>   mail.yemen.net.YE.

It's perfectly legal - it means the zone operator can just use <address>@<cctld> for their NIC operations. Any software that doesn't support it is broken- search path resolution should only be attempted once an initial DNS lookup has failed.

Note that your nomenclature isn't quite correct - these records exist at the apex of the zone. There's only one root, and it's the one at the top of the tree.

You can send the mail to "postmaster@ai." and it should get there (I don't run Postfix, but if it can't handle that address it's a shortcoming of Postfix, not the DNS system).

It is valid, though as you pointed out, some e-mail applications and servers will not take kindly to an e-mail address formatted like that.