nslookup has its own set of dials and knobs called option settings . All the option settings can be changed. We'll discuss here what each of the options means. We'll use the rest of the chapter to show you how to use them.
C:\> nslookup Default Server: terminator.movie.edu Address: 184.108.40.206 > set all Default Server: terminator.movie.edu Address: 220.127.116.11 Set options: nodebug defname search recurse nod2 novc noignoretc port=53 type=A class=IN timeout=2 retry=1 root=A.ROOT-SERVERS.NET. domain=movie.edu MSxfr IXFRversion=1 srchlist=movie.edu > ^Z
Before we get into the options, we need to cover the introductory lines. The default name server is terminator.movie.edu . This means that every query sent by nslookup will be sent to terminator .
The options come in two flavors: Boolean and value . The options that do not have an equals sign after them are Boolean options. They have the interesting property of being either "on" or "off." The value options can take on different, well, values. How can we tell which Boolean options are on and which are off? The option is off when a "no" precedes the option's name. nodebug means that debugging is off. As you might guess, the option search is on.
How you change Boolean or value options depends on whether or not you are using nslookup interactively. In an interactive session, you change an option with the set command, as in set debug or set domain=classics.movie.edu . From the command line, you omit the word set and precede the option with a hyphen, as in nslookup -debug or nslookup -domain=classics.movie.edu . The options can be abbreviated to their shortest unique stringfor example, nodeb for nodebug . In addition to its abbreviation, the querytype option can also be entered simply as type .
Let's go through each of the options:
Debugging is turned off by default. If it is turned on, nslookup displays the complete contents of the response messages from the name server. See [no]d2 for a discussion of debug level 2.
This option reflects nslookup 's BIND heritage. By default, nslookup adds the default domain name to names without a dot in them. Before search lists existed, the BIND resolver code would only add the default domain to names without any dots in them; this option reflects that behavior. nslookup can implement the presearch list behavior (with search off and defname on), or it can implement the search list behavior (with search on).
The search option "overshadows" the default domain name ( defname ) option. That is, defname applies only if search is turned off. By default, nslookup appends the domain names in the search list ( srchlist ) to names that don't end in a dot. nslookup 's search list is constructed from the Domain Suffix Search Order field of the Windows resolver configuration window.
nslookup requests recursive service by default. This turns on the recursion-desired bit in query messages. The Windows resolver sends recursive queries in the same way. Name servers, however, send nonrecursive queries to other name servers.
Debugging at level 2 is turned off by default. If it is turned on, you see the query messages sent to the name server in addition to the regular debugging output. Turning on d2 also turns on debug . Turning off d2 turns off d2 only; debug is left on. Turning off debug turns off both debug and d2 .
By default, nslookup makes queries using UDP instead of over a TCP connection (virtual circuit). Most Windows resolver queries are made with UDP, so the default nslookup behavior matches the resolver.
By default, nslookup doesn't ignore truncated messages. If a message is received that has the "truncated" bit setindicating that the name server couldn't fit all the important information in the UDP response message?I>nslookup doesn't ignore it; it retries the query using a TCP connection instead of UDP.
The DNS service is on port 53. You can start a name server on another portfor debugging purposes, for exampleand nslookup can be directed to use that port.
By default, nslookup looks up A (address) resource record types. In addition, if you type in an IP address (and the nslookup query type is address or pointer), nslookup will invert the address, append in-addr.arpa , and look up PTR (pointer) data instead.
The only class that matters is Internet. Well, there's the Hesiod (HS) class, too, if you are an MITer or run Ultrix.
If the name server doesn't respond within two seconds, nslookup resends the query and doubles the timeout (to four and then eight seconds). The Windows resolver uses different timeouts when querying a single name serversee Chapter 6.
The query is sent just once before giving up. After each retry, the timeout value is doubled . Again, the Windows resolver behaves slightly differently as discussed in Chapter 6.
A convenience command called root switches your default server to the server named here. Executing the root command from nslookup 's prompt is equivalent to executing server A.ROOT-SERVERS.NET . You can change the default "root" server with set root=server .
This is the default domain name appended if the defname option is on. If the defname option is not on, no default domain name is appended.
The Microsoft DNS Server implements a feature that Microsoft calls "fast" zone transfers. Those of you familiar with the BIND name server know this as the "many answers" zone-transfer format, in which multiple records are packed into the answer section of a single DNS message during a zone transfer. (The method implemented by older BIND name servers uses one DNS message per record, which is somewhat wasteful of bandwidth.) This option indicates whether or not to request one of these "fast" zone transfers.
The Microsoft DNS Server also supports a protocol called incremental zone transfer (IXFR). IXFR requests include a version number. The default value of 1 corresponds to the IXFR version supported by the Microsoft DNS Server. At this point, there's no reason to change this value.
If search is on, these are the domain names appended to names that do not end in a dot. The domain names are listed in the order in which they will be tried and are separated by slashes .