TCP/IP Troubleshooting

Previous Topic Next Topic

Nslookup

Nslookup is a useful tool for troubleshooting DNS problems, such as host name resolution. When you start Nslookup, it shows the host name and IP address of the DNS server that is configured for the local system, and then display a command prompt for further queries. If you type a question mark (?), Nslookup shows all available commands. You can exit the program by typing exit.

To look up a host's IP address using DNS, type the host name and press Enter. Nslookup defaults to using the DNS server configured for the computer on which it is running, but you can focus it on a different DNS server by typing server <name> (where <name> is the host name of the server you want to use for future lookups). Once another server is specified, anything entered after that point is interpreted as a host name.

Nslookup employs the domain name devolution method. If you type in a host name and press ENTER, Nslookup appends the domain suffix of the computer (such as cswatcp.reskit.com) to the host name before querying the DNS. If the name is not found, then the domain suffix is "devolved" by one level (in this case to reskit.com) and the query is repeated. Windows 2000 computers only devolve names to the second level domain (reskit.com in this example), so if this query fails, no further attempts are made to resolve the name. If a fully qualified domain name is typed in (as indicated by a trailing dot) then the DNS server is only queried for that name and no devolution is performed. To look up a host name that is completely outside your domain, you must type in a fully qualified domain name.

Nslookup's debug mode is a useful troubleshooting feature; you can set the local computer into this mode by typing set debug, or for even greater detail, set d2. In debug mode, Nslookup lists the steps being taken to complete its commands, as shown in this example:

C:\>nslookup

(null)   testpc1.reskit.com

Address: 172.16.8.190


> set d2

> rain-city

(null) testpc1.reskit.com

Address: 172.16.8.190


------------

SendRequest(), len 49

    HEADER:

        opcode = QUERY, id = 2, rcode = NOERROR

        header flags: query, want recursion

        questions = 1,  answers = 0,  authority records = 0,  additional = 0


    QUESTIONS:

        rain-city.reskit.com, type = A, class = IN


------------

------------

Got answer (108 bytes):

    HEADER:

        opcode = QUERY, id = 2, rcode = NOERROR

        header flags: response, auth. answer, want recursion, recursion avail.

        questions = 1,  answers = 2,  authority records = 0,  additional = 0


    QUESTIONS:

        rain-city.reskit.com, type = A, class = IN

    ANSWERS:

    ->  rain-city.reskit.com

        type = CNAME, class = IN, dlen = 31

        canonical name = seattle.reskit.com

        ttl = 86400 (1 day)

    ->  seattle.reskit.com

        type = A, class = IN, dlen = 4

        internet address = 172.16.2.3

        ttl = 86400 (1 day)


------------

(null)   seattle.reskit.com

Address: 172.16.2.3

Aliases: rain-city.reskit.com


In this example, the user issued the set d2 command to set Nslookup to debug mode, then the user tried a simple address lookup for the host name "rain-city." The first two lines of output show the host name and IP address of the DNS server where the lookup was sent. As the next paragraph shows, the domain suffix of the local computer (reskit.com) was appended to the name "rain-city," and Nslookup submitted this question to the DNS server.

The next paragraph in the example indicates that Nslookup received an answer from the DNS server. The DNS server provided two answer records in response to one question. The question is repeated in the response, along with the two answer records. In this case, the first answer record indicates that the name "rain-city.reskit.com" is actually a cname, or canonical name (alias) for the host name "seattle.reskit.com." The second answer record lists the IP address for that host as 172.16.2.3.

Table 3.8 summarizes all Nslookup switches. Identifiers are shown in upper case, and optional commands are shown in brackets.

Table 3.8 Nslookup Switches

Switch Function
nslookup Launches the nslookup program.
set debug Launches debug mode from within nslookup.
set d2 Launches verbose debug mode from within nslookup.
host name Returns the IP address for the specified host name.
NAME Displays information about the host/domain NAME using default server
NAME1 NAME2 As above, but uses NAME2 as server
help or ? Displays information about common commands
set OPTION Sets an option
All Displays options, current server and host.
[no]debug Displays debugging information.
[no]defname Appends domain name to each query.
[no]recurse Asks for recursive answer to query.
[no]search Uses domain search list.
[no]vc Always uses a virtual circuit.
domain=NAME Sets default domain name to NAME.
srchlist=N1[/N2/.../N6] Sets domain to N1 and search list to N1,N2, and so on.
root =NAME Sets root server to NAME.
retry=X Sets number of retries to X.
timeout=X Sets initial timeout interval to X seconds.
type=X Sets query type (such as A, ANY, CNAME, MX, NS, PTR, SOA, SRV).
querytype=X Same as type.
class=X Sets query class (ex. IN (Internet), ANY).
[no]msxfr Uses MS fast zone transfer.
ixfrver=X Current version to use in IXFR transfer request.
Server NAME Sets default server to NAME, using current default server.
Lserver NAME Sets default server to NAME, using initial server.
Finger [USER Fingers the optional NAME at the current default host.
Root Sets current default server to the root.
ls [opt] DOMAIN [> FILE] Lists addresses in DOMAIN (optional: output to FILE).
-a Lists canonical names and aliases.
-d Lists all records.
-t TYPE Lists records of the given type (For example, A, CNAME, MX, NS, PTR and so on).
View FILE Sorts the output file from the 'ls' option described earlier and displays it page by page.
Exit Exits Nslookup and returns to the command prompt.

© 1985-2000 Microsoft Corporation. All rights reserved.