The disgusting and useless nslookup

Bob Vance bobvance at alumni.caltech.edu
Tue May 29 13:09:04 UTC 2001 

>Indeed, that is precisely the situation where nslookup is the
>most useless, precisely because it avoids using the standard resolver
>routines, and doesn't go through /etc/nsswitch.conf, etc....
>If people want to argue this point, they really need to get their
>facts straight as to just exactly what nslookup does and how it does
>it.

I think the facts were fairly straight.
What you state, here, is true of the ISC version of 'nslookup', not the
vendor's, which is what I referred to.


>the probability is very
>high that it will be replaced with the latest version from the ISC,
>thus completely and totally invalidating the so-called "usefulness"
>of nslookup.

That has not been my experience.  For me, the vendor's 'nslookup' has
done a good job of emulating the resolver code.  However, I may have a
rather parochial view.  E.g., I don't work on Solaris at all :)


>if a new version of BIND (from the ISC site) is
>installed on the machine, then the version of nslookup that will be
>used will be the ISC version, which won't go through
>/etc/nsswitch.conf.

Only if you let it overlay the vendor's.
It is a very simple matter to avoid using the ISC 'nslookup'.  I've
managed to do it quite successfully for quite some time (for those who
care, see below).

However, this discussion does raise a point.

Someone earlier in the thread mentioned 'ping', which is the whole
point, after all -- what are the client programs receiving?
My experience has been that some 'ping's don't show the resolved IP
address when the target is unreachable, unlike the Linux version.  So I
coded a simple program, linked using the local libraries, that simply
does a "gethostbyname" for testing resolver issues.  Now I *can* avoid
'nslookup' for looking at most resolver issues.  For returns of multiple
addresses, I guess we're at the mercy of the particular program in
question as to which it uses, but I'd assume that most use the first
one.

--
As an admin, I avoid ISC 'nslookup' thusly:

Firstly, I don't let the BIND install into the vendor location at all.
Further, I immediately and simply move the BIND version to 'nslookup.9'
just in case I ever, for whatever remotely possible reason, would like
to use the ISC version.
Thus, the only 'nslookup' on the system would be the vendor version.

Thirdly, initially and after any vendor patch, I simply

  (cd /usr/bin; mv nslookup nslookup.orig)

to save it for future use (depending on vendor location).
Then I, of course do a 'nslookup.orig' to use it.

If I care about other users or perhaps scripts using 'nslookup', the
'mv', above, can become a 'cp'.  However anyone sophisticated enough to
need 'nslookup' could be trained to use 'nslookup.orig'.  Of course,
YMMV.

-------------------------------------------------
Tks        | <mailto:BVance at sbm.com>
BV         | <mailto:BobVance at alumni.caltech.edu>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430           11455 Lakefield Dr.
Fax 770-623-3429           Duluth, GA 30097-1511
=================================================





-----Original Message-----
From: Brad Knowles [mailto:brad.knowles at skynet.be]
Sent: Sunday, May 27, 2001 5:35 PM
To: bobvance at alumni.caltech.edu; bind-users at isc.org
Subject: RE: The disgusting and useless nslookup


At 8:02 PM -0400 5/26/01, Bob Vance wrote:

>  Ooops.  Yeah, actually you're right.  'nslookup''s logic generally
tries
>  to emulate resolver logic, but my experience has been that the
vendor's
>  version at least uses "nsswitch" if the local resolver libraries do.


	Right, but if a new version of BIND (from the ISC site) is
installed on the machine, then the version of nslookup that will be
used will be the ISC version, which won't go through
/etc/nsswitch.conf.

	Since virtually no vendors on Earth manage to keep anywhere
remotely close to reasonably up-to-date with the version of named
(and the DNS debugging tools) that they ship, the probability is very
high that it will be replaced with the latest version from the ISC,
thus completely and totally invalidating the so-called "usefulness"
of nslookup.

--
Brad Knowles, <brad.knowles at skynet.be>

/*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>
*/
/*       Represented as 1045 digit prime number by Phil Carmody
*/
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers
*/
/*
*/
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob
*/
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key
*/

dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'

More information about the bind-users mailing list