The disgusting and useless nslookup

Bob Vance bobvance at alumni.caltech.edu
Tue May 29 16:40:33 UTC 2001 

>how many admins around the world do you
>expect will actually follow the same kind process

I guess every one -- at least those who want to avoid the ISC version ;>)


>and how many users of nslookup around the world do you expect will
>understand these kinds of differences?

If they have good admins, they don't have to :)


>But you're better off to start using as a regular course a much
>more generally dependable tool, such as dig.

Again, I agree, for DNS problems.
But, we were (lately in the thread) talking about resolver issues -- at
least that's what I (and some others) pointed out as a use for 'nslookup'.
Otherwise, using 'dig', then *you* have to emulate the resolver code :)

Of course, if Jim had his way, then there would be no "resolver code",
everyone would be using FQDNs, and then all admins could throw away
everything except 'dig' -- and the world would be a simpler, better place
for all :)


-----------------------------------------------
Tks          |  BVance at sbm.com
BV           |  BobVance at alumni.caltech.edu
Sr. Tech. Consultant,    SBM
Vox 770-623-3430         11455 Lakefield Dr.
Fax 770-623-3429         Duluth, GA 30097-1511
===============================================

-----Original Message-----
From: Brad Knowles [mailto:brad.knowles at skynet.be]
Sent: Tuesday, May 29, 2001 9:41 AM
To: bobvance at alumni.caltech.edu; bind-users at isc.org
Subject: RE: The disgusting and useless nslookup


At 9:09 AM -0400 5/29/01, Bob Vance wrote:

>  As an admin, I avoid ISC 'nslookup' thusly:

	The description you gave is fine, and so long as you are aware of
the limitations of both the vendor-provided and the ISC versions of
nslookup, you're probably safe.

	However, I have to ask -- how many admins around the world do you
expect will actually follow the same kind process, and how many users
of nslookup around the world do you expect will understand these
kinds of differences?


	I submit that you're still better off simply avoiding any use
whatsoever of nslookup in the first place, because your likelihood of
getting bitten as a result of doing so is far, far lower.

	Yes, you may find systems that don't have dig installed, and on
those you can fall back to nslookup (making sure you know whose
version of nslookup it is, and what the relative merits and demerits
are).

	But you're better off to start using as a regular course a much
more generally dependable tool, such as dig.


	Now, if we could just get the ISC (and Nominum) to quit changing
how one uses the damn command-line parameters for dig, we'd be just
fine.  ;-)

--
Brad Knowles, <brad.knowles at skynet.be>

More information about the bind-users mailing list