Is nslookup a Good Tool?
Interactive Versus Noninteractive
Avoiding the Search List
Less Common Tasks
Troubleshooting nslookup Problems
Best of the Net
"Don't stand chattering to yourself like that," Humpty Dumpty said, looking at her for the first time, "but tell me your name and your business."
"My name is Alice, but - "
"It's a stupid name enough!" Humpty Dumpty interrupted impatiently. "What does it mean?"
"Must a name mean something?" Alice asked doubtfully.
"Of course it must," Humpty Dumpty said with a short laugh...
To be proficient at troubleshooting name server problems, you'll need a special tool to make DNS queries, one that gives you complete control. We'll cover nslookup in this chapter because it's distributed with BIND and with many vendors' systems. If you're the explorer type, you might also check out dig; it provides similar functionality, and some people like its user interface better. You can pick up source for dig from the tools directory (BIND 4) or src/bin directory (BIND 8) of the BIND distribution.
Note that this chapter isn't comprehensive; there are aspects of nslookup - mostly obscure and seldom used - that we won't cover. You can always consult the manual pages for those.
Much of the time you'll use nslookup to make queries, in the same way the resolver makes them. Sometimes, though, you'll use nslookup to query other name servers as a name server would, instead. Which one you emulate will depend on the problem you're trying to debug. You might wonder, "How accurately does nslookup emulate a resolver or a name server? Does nslookup actually use the BIND resolver library routines?" No, nslookup uses its own routines for querying name servers, but those routines are based on the resolver routines. Consequently, nslookup's behavior is very similar to the resolver's behavior, but it does differ slightly. We'll point out some of those differences. As for emulating name server behavior, nslookup allows us to query another server with the same query packet that a name server would use, but the retransmission scheme is quite different. Like a name server, though, nslookup can pull a copy of the zone data. So nslookup does not exactly emulate either the resolver or the name server, but it does emulate them well enough to make a good troubleshooting tool. Let's delve into those differences we alluded to.
nslookup only talks to one name server at a time. This is the biggest difference between nslookup's behavior and the resolver's behavior. The resolver makes use of each nameserver entry in resolv.conf. If there are two nameserver lines in resolv.conf, the resolver tries the first name server, then the second, then the first, then the second, until it receives a response or it gives up. The resolver does this for every query. On the other hand, nslookup tries the first name server in resolv.conf and keeps retrying until it finally gives up on the first name server and tries the second. Once it gets a response, it locks onto that server and doesn't try the other. But, you want your troubleshooting tool to talk only with one name server, so you can reduce the number of variables when analyzing a problem. If nslookup used more than one name server, you wouldn't have as much control over your troubleshooting session. So, talking to only one server is the right thing for a troubleshooting tool to do.
The nslookup timeouts match the resolver timeouts when the resolver is only querying one name server. A name server's timeouts, however, are based on how quickly the remote server answered the last query, a dynamic measure. nslookup will never match name server timeouts, but that's not a problem either. When you're querying remote name servers with nslookup, you probably only care what the response was, not how long it took.
nslookup implements the search list just as the resolver code does. Name servers don't implement search lists, so, to act like a name server, the nslookup search function must be turned off - more on that later.
nslookup will do zone transfers just like a name server. Unlike the name server, nslookup does not check SOA serial numbers before pulling the zone data; you'll have to do that manually, if you want to.
This last point doesn't compare nslookup to the resolver or name server but to ways of looking up names in general. nslookup, as distributed from the Internet Software Consortium, only uses DNS; it won't use NIS or /etc/hosts. Most applications will use DNS, NIS, or /etc/hosts. Don't look to nslookup to help you find your lookup problem unless your host is really configured to use name servers.