in defense of nslookup
Bill Manning
bmanning at ISI.EDU
Tue Aug 6 15:48:06 UTC 2002
a properly configured delegation and a properly configured environment will
give you the same information via nslookup and dig.
from the point of view of a client resolver, nslookup is useful in the
toolkit since clients are the ones who complain when things break.
then there is the tiny problem that DiG has changed syntax/response
dramatically over time. todays dig will not give you the same answers
or information that the dig of old would. (I'd really like to see the
odl behaviours back... :)
tools are tools. there is no "one-size-fits-all" so we like/keep
nslookup around. Its useful for some things.
-------------------------------------------------------
% nslookup fails as a DNS testing tool in a couple of important ways.
%
% First, it behaves like a client resolver - trying the search path if the
% original question is not found. e.g. your machine is located in domain
% x.com and you ask about host.y.com. If host.y.com is not found it will try
% host.y.com.x.com. If that is also not found nslookup will respond with a
% failure about host.y.com.x.com - which is confusing to a lot of people. If
% x.com happens to have a global record, you could even get a success where
% you should have gotten a failure and you might not notice that answer was
% different than the question you asked.
%
% 2nd, it does a lookup of the in-addr record for the server before it will do
% the query you specified. If the in-addr record is not present, nslookup
% will bomb. The error message it gives is very misleading, and if you
% haven't encountered it before it will send you looking for other problems.
% Personally I feel that your testing tool should not rely on DNS being set up
% correctly. Testing to see if DNS is set up correctly is the whole point of
% having a tool.
--
--bill
More information about the bind-users
mailing list