12.7 Troubleshooting nslookup Problems

Previous page
Table of content
Next page

The last thing you want is to have problems with your troubleshooting tool. Unfortunately, some types of failures render the troubleshooting tool mostly useless. Other types of nslookup failures are, at best, confusing because they don't give you any direct information to work with. Although there may be a few problems with nslookup itself, most of the problems you encounter will be with name server configuration and operation. We'll cover a few odd problems here.

12.7.1 Looking Up the Right Data

This isn't really a problem, per se, but it can be awfully confusing. If you use nslookup to look up a type of data for a domain name and the domain name exists but no data of the type you're looking for exists, you'll get an error like this:

C:\> nslookup  Default Server:  terminator.movie.edu  Address:  192.249.249.3  > movie.edu.  Name:    movie.edu >

Huh? It looks like we got an empty answer. In fact, that's exactly what happened: there are no A records for movie.edu, and the response from the name server has no records in the Answer section of the message. nslookup renders this empty response from the name server as an empty response to us. It's not very helpful or clear (previous versions of nslookup printed a better response).

So what types of records do exist? You can use set type=any to find out:

> set type=any  > movie.edu.  Server:  terminator.movie.edu  Address:  192.249.249.3  movie.edu       nameserver = terminator.movie.edu movie.edu       nameserver = wormhole.movie.edu movie.edu         primary name server = terminator.movie.edu         responsible mail addr = hostmaster.movie.edu         serial  = 21         refresh = 900 (15 mins)         retry   = 600 (10 mins)         expire  = 86400 (1 day)         default TTL = 3600 (1 hour) movie.edu       MX preference = 10, mail exchanger = wormhole.movie.edu terminator.movie.edu    internet address = 192.249.249.3 wormhole.movie.edu      internet address = 192.249.249.1 wormhole.movie.edu      internet address = 192.253.253.1 wormhole.movie.edu      internet address = 192.253.253.1 wormhole.movie.edu      internet address = 192.249.249.1

Why are the IP addresses for terminator and wormhole returned? If you receive the NS records for movie.edu listing these two hosts as that zone's name servers, chances are the next thing you'll want are those hosts' IP addresses. The name server anticipates that and sends along address records in the Additional section. The same thing goes for the movie.edu MX record pointing to wormhole: if you get that record, you'll want wormhole's IP address next. That explains why wormhole's IP addresses show up twice, but this is arguably a bug in the Microsoft DNS Server.

12.7.2 No PTR Data for Name Server's Address

Here's a cryptic message:

C:\> nslookup  *** Can't find server name for address 192.249.249.3: Non-existent domain Default Server:  UnKnown Address:  192.249.249.3 >

The "Non-existent domain" message means that there's no PTR record for 3.249.249.192.in-addr.arpa. In other words, nslookup couldn't find the name for 192.249.249.3, which is the first name server the resolver is configured to query. The only reason nslookup looks up this address is to print the "Default Server" startup message. Obviously, this name server's data is messed up, at least for the 249.249.192.in-addr.arpa zone, so nslookup prints "UnKnown."

12.7.3 Timeouts

What if your resolver is pointing to a name server that isn't running or a host that can't be reached? Here's what happens:

C:\> nslookup  DNS request timed out.     timeout was 2 seconds. *** Can't find server name for address 192.249.249.4: Timed out Default Server:  UnKnown Address:  192.249.249.4 >

The resolver is configured to use the name server 192.249.249.4 (and only that name server). nslookup tries valiantly to contact it but times out, prints "UnKnown" for the default server, and gives you a prompt. You can't really do anything productive without changing servers at this point after all, no server is running at that IP address but at least you've got a prompt.

Occasionally you'll see timeouts during the course of an nslookup session. If you are looking up some remote information, the name server could fail to respond because it is still trying to look up the item and nslookup gave up waiting. How can you tell the difference between a name server that isn't running and a name server that is running but didn't respond? nslookup's responses point out the difference. In this case, the response indicates no name server process is running:

C:\> nslookup  Default Server:  terminator.movie.edu  Address:  192.249.249.3  > movie.edu. Server:  terminator.movie.edu Address:  192.249.249.3 *** terminator.movie.edu can't find movie.edu.: No response from server

The "No response from server" message is quite misleading because nslookup actually did get a response from the server. What actually happened was this: nslookup sent a DNS query in a UDP packet addressed to port 53 on terminator. Since no name server was running on terminator, there was no process listening on UDP port 53 and the TCP/IP software on terminator responded with an ICMP destination port unreachable message. nslookup received this response and printed the misleading message shown previously.

If a name server is simply not responding, you'll see the following timeout message:

C:\> nslookup  Default Server:  terminator.movie.edu  Address:  192.249.249.3  > movie.edu. Server:  terminator.movie.edu Address:  192.249.249.3 DNS request timed out.     timeout was 2 seconds. *** Request to terminator.movie.edu timed-out

12.7.4 Query Refused

You generally see a "query refused" error message under two conditions. The first is when you attempt a zone transfer and the server refuses for security reasons (for example, based on the settings in the Zone Transfers tab of the zone properties window). This is what you'll see:

C:\> nslookup  Default Server:  terminator.movie.edu Address:  192.249.249.3 > ls movie.edu    This attempts a zone transfer [terminator.movie.edu] *** Can't list domain movie.edu.: Query refused The DNS server refused to transfer the zone movie.edu. to your computer. If this is incorrect, check the zone transfer security settings for movie.edu. on the DNS server at IP address 192.249.249.3. >

You might also see a "query refused" error from a name server running a recent version of BIND, which has the ability to restrict queries to different zones based on the querier's source IP address.


Previous page
Table of content
Next page
DNS on Windows Server 2003
DNS on Windows Server 2003
ISBN: 0596005628
EAN: 2147483647
Year: 2003
Pages: 163
Authors: Cricket Liu, Matt Larson, Robbie Allen
BUY ON AMAZON
The .NET Developers Guide to Directory Services Programming
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Developing Tablet PC Applications (Charles River Media Programming)
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
Comparing, Designing, and Deploying VPNs
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy