TCP/IP Troubleshooting |
Nslookup is a useful tool for troubleshooting DNS problems, such as host name resolution. When you start Nslookup, it shows the host name and IP address of the DNS server that is configured for the local system, and then display a command prompt for further queries. If you type a question mark (?), Nslookup shows all available commands. You can exit the program by typing exit.
To look up a host's IP address using DNS, type the host name and press Enter. Nslookup defaults to using the DNS server configured for the computer on which it is running, but you can focus it on a different DNS server by typing server <name> (where <name> is the host name of the server you want to use for future lookups). Once another server is specified, anything entered after that point is interpreted as a host name.
Nslookup employs the domain name devolution method. If you type in a host name and press ENTER, Nslookup appends the domain suffix of the computer (such as cswatcp.reskit.com) to the host name before querying the DNS. If the name is not found, then the domain suffix is "devolved" by one level (in this case to reskit.com) and the query is repeated. Windows 2000 computers only devolve names to the second level domain (reskit.com in this example), so if this query fails, no further attempts are made to resolve the name. If a fully qualified domain name is typed in (as indicated by a trailing dot) then the DNS server is only queried for that name and no devolution is performed. To look up a host name that is completely outside your domain, you must type in a fully qualified domain name.
Nslookup's debug mode is a useful troubleshooting feature; you can set the local computer into this mode by typing set debug, or for even greater detail, set d2. In debug mode, Nslookup lists the steps being taken to complete its commands, as shown in this example:
C:\>nslookup
(null) testpc1.reskit.com
Address: 172.16.8.190
> set d2
> rain-city
(null) testpc1.reskit.com
Address: 172.16.8.190
------------
SendRequest(), len 49
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
rain-city.reskit.com, type = A, class = IN
------------
------------
Got answer (108 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 2, authority records = 0, additional = 0
QUESTIONS:
rain-city.reskit.com, type = A, class = IN
ANSWERS:
-> rain-city.reskit.com
type = CNAME, class = IN, dlen = 31
canonical name = seattle.reskit.com
ttl = 86400 (1 day)
-> seattle.reskit.com
type = A, class = IN, dlen = 4
internet address = 172.16.2.3
ttl = 86400 (1 day)
------------
(null) seattle.reskit.com
Address: 172.16.2.3
Aliases: rain-city.reskit.com
In this example, the user issued the set d2 command to set Nslookup to debug mode, then the user tried a simple address lookup for the host name "rain-city." The first two lines of output show the host name and IP address of the DNS server where the lookup was sent. As the next paragraph shows, the domain suffix of the local computer (reskit.com) was appended to the name "rain-city," and Nslookup submitted this question to the DNS server.
The next paragraph in the example indicates that Nslookup received an answer from the DNS server. The DNS server provided two answer records in response to one question. The question is repeated in the response, along with the two answer records. In this case, the first answer record indicates that the name "rain-city.reskit.com" is actually a cname, or canonical name (alias) for the host name "seattle.reskit.com." The second answer record lists the IP address for that host as 172.16.2.3.
Table 3.8 summarizes all Nslookup switches. Identifiers are shown in upper case, and optional commands are shown in brackets.
Table 3.8 Nslookup Switches
Switch | Function |
---|---|
nslookup | Launches the nslookup program. |
set debug | Launches debug mode from within nslookup. |
set d2 | Launches verbose debug mode from within nslookup. |
host name | Returns the IP address for the specified host name. |
NAME | Displays information about the host/domain NAME using default server |
NAME1 NAME2 | As above, but uses NAME2 as server |
help or ? | Displays information about common commands |
set OPTION | Sets an option |
All | Displays options, current server and host. |
[no]debug | Displays debugging information. |
[no]defname | Appends domain name to each query. |
[no]recurse | Asks for recursive answer to query. |
[no]search | Uses domain search list. |
[no]vc | Always uses a virtual circuit. |
domain=NAME | Sets default domain name to NAME. |
srchlist=N1[/N2/.../N6] | Sets domain to N1 and search list to N1,N2, and so on. |
root =NAME | Sets root server to NAME. |
retry=X | Sets number of retries to X. |
timeout=X | Sets initial timeout interval to X seconds. |
type=X | Sets query type (such as A, ANY, CNAME, MX, NS, PTR, SOA, SRV). |
querytype=X | Same as type. |
class=X | Sets query class (ex. IN (Internet), ANY). |
[no]msxfr | Uses MS fast zone transfer. |
ixfrver=X | Current version to use in IXFR transfer request. |
Server NAME | Sets default server to NAME, using current default server. |
Lserver NAME | Sets default server to NAME, using initial server. |
Finger [USER | Fingers the optional NAME at the current default host. |
Root | Sets current default server to the root. |
ls [opt] DOMAIN [> FILE] | Lists addresses in DOMAIN (optional: output to FILE). |
-a | Lists canonical names and aliases. |
-d | Lists all records. |
-t TYPE | Lists records of the given type (For example, A, CNAME, MX, NS, PTR and so on). |
View FILE | Sorts the output file from the 'ls' option described earlier and displays it page by page. |
Exit | Exits Nslookup and returns to the command prompt. |