Re: nslookup oddities (Was: SRV record not working)
And don't forget NIS, and NSSwitch. And don't get me started on the tricks that the windows resolver plays. On 08/19/2018 07:59 PM, Mark Andrews wrote: nslookup applies the search list by default and doesn’t stop on a NODATA response. Some versions of nslookup have been modified by OS vendors to use /etc/hosts for address lookups. nslookup doesn’t display the entire response by default. On 20 Aug 2018, at 12:28 pm, Lee wrote: On 8/19/18, Doug Barton wrote: On 08/19/2018 12:11 PM, Lee wrote: On 8/18/18, Doug Barton wrote: nslookup uses the local resolver stub. That's fine, if that's what you want/need to test. If you want to test specific servers, or what is visible from the Internet, etc. dig is the right tool, as the answers you get from nslookup cannot be guaranteed to be directly related to the question you asked. Could you expand on that a bit please? I thought nslookup was pretty much equivalent to dig @ the exception being that nslookup looks for a & records and dig just looks for a records Nope. Depending on what operating system you're on, what version of nslookup you have, how you format your query, and how the system is configured; even telling nslookup to query a specific server may not get you the answer you're looking for. That's still awfully vague. Do you have any examples of nslookup returning bad information? If you want to know what answer your stub resolver is going to return for a given query, nslookup is a great tool. Although, if you just need to know what address record you'll get back, ping works just as well. ping just shows one address; "nslookup www.yahoo.com" shows all of them If you want to really debug DNS you need to learn to use dig, and understand the output. Agreed. If you're serious about debugging DNS you needs to learn dig. But the assertion is ... the answers you get from nslookup cannot be guaranteed to be directly related to the question you asked. so I'm wondering how, or under what circumstances, nslookup returns invalid information. Thanks Lee ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: nslookup oddities (Was: SRV record not working)
nslookup applies the search list by default and doesn’t stop on a NODATA response. Some versions of nslookup have been modified by OS vendors to use /etc/hosts for address lookups. nslookup doesn’t display the entire response by default. > On 20 Aug 2018, at 12:28 pm, Lee wrote: > > On 8/19/18, Doug Barton wrote: >> On 08/19/2018 12:11 PM, Lee wrote: >>> On 8/18/18, Doug Barton wrote: >> nslookup uses the local resolver stub. That's fine, if that's what you want/need to test. If you want to test specific servers, or what is visible from the Internet, etc. dig is the right tool, as the answers you get from nslookup cannot be guaranteed to be directly related to the question you asked. >>> >>> Could you expand on that a bit please? I thought >>> nslookup >>> was pretty much equivalent to >>> dig @ >>> >>> the exception being that nslookup looks for a & records and dig >>> just looks for a records >> >> Nope. Depending on what operating system you're on, what version of >> nslookup you have, how you format your query, and how the system is >> configured; even telling nslookup to query a specific server may not get >> you the answer you're looking for. > > That's still awfully vague. Do you have any examples of >nslookup > returning bad information? > >> If you want to know what answer your stub resolver is going to return >> for a given query, nslookup is a great tool. Although, if you just need >> to know what address record you'll get back, ping works just as well. > > ping just shows one address; "nslookup www.yahoo.com" shows all of them > >> If you want to really debug DNS you need to learn to use dig, and >> understand the output. > > Agreed. If you're serious about debugging DNS you needs to learn dig. > But the assertion is ... the answers you get from nslookup cannot be guaranteed to be directly related to the question you asked. > > so I'm wondering how, or under what circumstances, nslookup returns > invalid information. > > Thanks > Lee > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: nslookup oddities (Was: SRV record not working)
On 8/19/18, Doug Barton wrote: > On 08/19/2018 12:11 PM, Lee wrote: >> On 8/18/18, Doug Barton wrote: > >>> nslookup uses the local resolver stub. That's fine, if that's what you >>> want/need to test. If you want to test specific servers, or what is >>> visible from the Internet, etc. dig is the right tool, as the answers >>> you get from nslookup cannot be guaranteed to be directly related to the >>> question you asked. >> >> Could you expand on that a bit please? I thought >>nslookup >> was pretty much equivalent to >> dig @ >> >> the exception being that nslookup looks for a & records and dig >> just looks for a records > > Nope. Depending on what operating system you're on, what version of > nslookup you have, how you format your query, and how the system is > configured; even telling nslookup to query a specific server may not get > you the answer you're looking for. That's still awfully vague. Do you have any examples of nslookup returning bad information? > If you want to know what answer your stub resolver is going to return > for a given query, nslookup is a great tool. Although, if you just need > to know what address record you'll get back, ping works just as well. ping just shows one address; "nslookup www.yahoo.com" shows all of them > If you want to really debug DNS you need to learn to use dig, and > understand the output. Agreed. If you're serious about debugging DNS you needs to learn dig. But the assertion is >>> ... the answers >>> you get from nslookup cannot be guaranteed to be directly related to the >>> question you asked. so I'm wondering how, or under what circumstances, nslookup returns invalid information. Thanks Lee ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: nslookup oddities (Was: SRV record not working)
On 08/19/2018 12:11 PM, Lee wrote: On 8/18/18, Doug Barton wrote: nslookup uses the local resolver stub. That's fine, if that's what you want/need to test. If you want to test specific servers, or what is visible from the Internet, etc. dig is the right tool, as the answers you get from nslookup cannot be guaranteed to be directly related to the question you asked. Could you expand on that a bit please? I thought nslookup was pretty much equivalent to dig @ the exception being that nslookup looks for a & records and dig just looks for a records Nope. Depending on what operating system you're on, what version of nslookup you have, how you format your query, and how the system is configured; even telling nslookup to query a specific server may not get you the answer you're looking for. If you want to know what answer your stub resolver is going to return for a given query, nslookup is a great tool. Although, if you just need to know what address record you'll get back, ping works just as well. If you want to really debug DNS you need to learn to use dig, and understand the output. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: SRV record not working
On 8/18/18, Doug Barton wrote: > On 08/18/2018 04:53 PM, Barry Margolin wrote: >> In article , >> Grant Taylor wrote: >> >>> On 08/18/2018 07:25 AM, Bob McDonald wrote: I don't think anyone hates nslookup (well maybe a few do ) I suppose the immense dislike stems from the fact that it's the default utility under Windows. Folks who use dig as their default realize that when used properly, dig provides much more functionality than nslookup. For example, try using TSIG with nslookup or getting a NSID response. These are only a couple of examples. There's other reasons to change. The output from dig is much more comprehensive. And, yes, if you install the bind tools from ISC under Windows, dig works quite well. >>> >>> I've been told that nslookup will lie and provide incorrect information >>> in some situations. I have no idea what situations that is. I would >>> love to learn what they are. >>> >>> If you know of such an example, please enlighten me. >>> >>> As such, I tend to use nslookup on platforms without dig when or until I >>> have reason to not do so. >> >> I don't think it "lies" much, but the output isn't as clear and >> unambiguous as dig's. When it reports errors, it can be difficult to >> tell specifically what the actual error was. >> >> One example I can think of is that for some reason it expects the >> nameserver to be able to reverse-resolve its own IP. If it can't, it >> reports this as an error, and you might think that it's reporting an >> error about the name you're actually trying to look up. > > nslookup uses the local resolver stub. That's fine, if that's what you > want/need to test. If you want to test specific servers, or what is > visible from the Internet, etc. dig is the right tool, as the answers > you get from nslookup cannot be guaranteed to be directly related to the > question you asked. Could you expand on that a bit please? I thought nslookup was pretty much equivalent to dig @ the exception being that nslookup looks for a & records and dig just looks for a records Thanks, Lee ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users