A very long time ago (i.e., back when I was executive director of ISC and BINDv9.0.0 was being released) we tried to encourage people to NOT use nslookup as it tends to try too hard to “help", leading to all sorts of confusion, e.g., the kind you experienced. Instead, we recommended dig as (a) it provides all sorts of options that help with pretty much every form of diagnostic you can imagine and (b) it doesn’t try to “help”. We obviously didn’t succeed and it’s far too late now (it was back then too). Ah well…
Regards, -drc > On Jul 7, 2023, at 10:35 PM, Petr Menšík <[email protected]> wrote: > > Ah, this is embarrassing. Yes, trailing dot have helped. > > I am sorry for the confusion. > > > >nslookup -type=ns org. > Server: pihole > Address: 192.168.88.9 > > Non-authoritative answer: > org nameserver = b2.org.afilias-nst.org <http://b2.org.afilias-nst.org/> > org nameserver = a2.org.afilias-nst.info <http://a2.org.afilias-nst.info/> > org nameserver = c0.org.afilias-nst.info <http://c0.org.afilias-nst.info/> > org nameserver = b0.org.afilias-nst.org <http://b0.org.afilias-nst.org/> > org nameserver = a0.org.afilias-nst.info <http://a0.org.afilias-nst.info/> > org nameserver = d0.org.afilias-nst.org <http://d0.org.afilias-nst.org/> > > a0.org.afilias-nst.info <http://a0.org.afilias-nst.info/> internet address = > 199.19.56.1 > a2.org.afilias-nst.info <http://a2.org.afilias-nst.info/> internet address = > 199.249.112.1 > b0.org.afilias-nst.org <http://b0.org.afilias-nst.org/> internet address = > 199.19.54.1 > b2.org.afilias-nst.org <http://b2.org.afilias-nst.org/> internet address = > 199.249.120.1 > c0.org.afilias-nst.info <http://c0.org.afilias-nst.info/> internet address = > 199.19.53.1 > d0.org.afilias-nst.org <http://d0.org.afilias-nst.org/> internet address = > 199.19.57.1 > a0.org.afilias-nst.info <http://a0.org.afilias-nst.info/> AAAA IPv6 address = > 2001:500:e::1 > a2.org.afilias-nst.info <http://a2.org.afilias-nst.info/> AAAA IPv6 address = > 2001:500:40::1 > b0.org.afilias-nst.org <http://b0.org.afilias-nst.org/> AAAA IPv6 address = > 2001:500:c::1 > b2.org.afilias-nst.org <http://b2.org.afilias-nst.org/> AAAA IPv6 address = > 2001:500:48::1 > c0.org.afilias-nst.info <http://c0.org.afilias-nst.info/> AAAA IPv6 address = > 2001:500:b::1 > d0.org.afilias-nst.org <http://d0.org.afilias-nst.org/> AAAA IPv6 address = > 2001:500:f::1 > > > On 7/7/23 20:32, Viktor Dukhovni wrote: >> On Fri, Jul 07, 2023 at 08:09:39PM +0200, Petr Menšík wrote: >> >>> I have tested recently how Windows 11 behaves when resolving single >>> label queries. >>> >>> I have expected it might try to use LLMNR. But I did not expect it would >>> do so also when trying nslookup, a tool which should be DNS only tool. >>> >>> I have tried: >>> >>> nslookup -type=ns com 9.9.9.9 >> It is not too surprising if this is also subject to the default suffix >> list of the network "connection", which initialises the resolution >> context, and then just overrides the server. Have you tried: >> >> nslookup -type=ns com. 9.9.9.9 >> >> with an explicit trailing "."? > I thought I have tried that, but turns out I have tried that only when > testing behavior of systemd-resolved installation on Linux, where it was > useless. > On Windows it helps. Parameter -debug showed it indeed > appends default domain suffix and does not try without it after negative > response. > > nslookup from ISC BIND9 behaves a bit better, but that is an acceptable > difference. > > $ nslookup -domain=home.arpa -debug -type=ns org > > Server: 127.0.0.1 > Address: 127.0.0.1#53 > > ------------ > QUESTIONS: > org.home.arpa, type = NS, class = IN > ANSWERS: > AUTHORITY RECORDS: > -> home.arpa > origin = localhost > mail addr = nobody.invalid > serial = 1 > refresh = 3600 > retry = 1200 > expire = 604800 > minimum = 10800 > ttl = 10800 > ADDITIONAL RECORDS: > ------------ > ** server can't find org.home.arpa: NXDOMAIN > Server: 127.0.0.1 > Address: 127.0.0.1#53 > > ------------ > QUESTIONS: > org, type = NS, class = IN > ANSWERS: > -> org > nameserver = b0.org.afilias-nst.org. > ttl = 1824 > -> org > nameserver = b2.org.afilias-nst.org. > ttl = 1824 > -> org > nameserver = c0.org.afilias-nst.info. > ttl = 1824 > -> org > nameserver = d0.org.afilias-nst.org. > ttl = 1824 > -> org > nameserver = a0.org.afilias-nst.info. > ttl = 1824 > -> org > nameserver = a2.org.afilias-nst.info. > ttl = 1824 > AUTHORITY RECORDS: > ADDITIONAL RECORDS: > ------------ > Non-authoritative answer: > org nameserver = b0.org.afilias-nst.org. > org nameserver = b2.org.afilias-nst.org. > org nameserver = c0.org.afilias-nst.info. > org nameserver = d0.org.afilias-nst.org. > org nameserver = a0.org.afilias-nst.info. > org nameserver = a2.org.afilias-nst.info. > > Authoritative answers can be found from: > >>> Got NXDOMAIN. I were very suprised, learned that does not exist. Even >>> more suprising were fact, that it presented the result came from the >>> specified server. >> But the result should have been for "com.<your-default-suffix>." >> What happens when you configure the network connection with a default >> suffix of "."? > "nslookup -domain=. -type=ns com" works fine as well. > -- > Petr Menšík > Software Engineer, RHEL > Red Hat, https://www.redhat.com/ > PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
