The nslookup Command


The nslookup Command

The nslookup command is the tool of choice for finding problems with DNS. This command enables you to examine resource records in the zone table. The nslookup command can be used to verify that a DNS server exists, to find out what zone tables it manages , and to verify that the DNS server has a particular resource record, as well as allowing you to browse the resource records.

The nslookup command has many syntaxes and command-line prompts. In this section, you look at only a few. For the exam, you need only a brief overview of the nslookup command. To see the IP address for www.digitalcrawlspaces.net and the name servers that are authoritative for that zone, use the nslookup command followed by the name of the DNS server as shown below.

 C:\>  nslookup www.digitalcrawlspaces.com homeportal.gateway.2wire.net  Server:  homeportal.gateway.2wire.net Address:  172.16.0.1 Name:    www.digitalcrawlspaces.com Address:  64.38.192.188 

To use the interactive mode, enter the nslookup command with no parameters. When you enter interactive mode, you get a listing of the default name server followed by a command prompt, > :

 c:\>  nslookup  Default Server:  dns.digitalcrawlspaces.com Address:  207.212.78.106 > 

Let's take a look at the available syntaxes for the nslookup command and a brief description of each syntax in the following output.

 >  ?  Commands:   (identifiers are shown in uppercase, [] means optional) NAME            - print info about the host/domain NAME using default server NAME1 NAME2     - as above, but use NAME2 as server help or ?       - print info on common commands set OPTION      - set an option  all         - print options, current server and host  [no]debug   - print debugging information  [no]d2      - print exhaustive debugging information  [no]defname - append domain name to each query  [no]recurse - ask for recursive answer to query  [no]search  - use domain search list  [no]vc      - always use a virtual circuit  domain=NAME - set default domain name to NAME  srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc.  root=NAME   - set root server to NAME  retry=X     - set number of retries to X  timeout=X   - set initial time-out interval to X seconds  querytype=X - set query type, e.g., A,ANY,CNAME,MX,NS,PTR,SOA  type=X      - synonym for querytype  class=X     - set query class to one of IN (Internet), CHAOS, HESIOD or ANY server NAME     - set default server to NAME, using current default server lserver NAME    - set default server to NAME, using initial server finger [USER]   - finger the optional NAME at the current default host root            - set current default server to the root ls [opt] DOMAIN [>FILE] - list addresses in DOMAIN(optional:output to FILE)  -a          -  list canonical names and aliases  -d          -  list all records  -t TYPE     -  list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.) view FILE       - sort an 'ls' output file and view it with pg exit            - exit the program 

If you want to see the default settings for NSLOOKUP, use the set all command in interactive mode, as shown below.

 >  set all  Default Server:  homeportal.gateway.2wire.net Address:  172.16.0.1 Set options:   nodebug   defname   search   recurse   nod2   novc   noignoretc   port=53   type=A   class=IN   timeout=2   retry=1   root=A.ROOT-SERVERS.NET.   domain=gateway.2wire.net   MSxfr   IXFRversion=1   srchlist=gateway.2wire.net/2wire.net > 

The following sections review the most common nslookup interactive commands and set parameters.

The server Command

This command can be used to change the name of the DNS server that fields nslookup command queries. Be sure to use FQDNs with a trailing dot. The following output identifies the DNS server that fields queries to ns1.digitalgear.com.

 >  server ns1.digitalgear.com.  Default Server:  ns1.digitalgear.com Address:  64.57.105.6 > 

The root Command

The root command selects the name of the DNS server from the top of the server list in the CACHE.DNS file. This command would then set the DNS queries to either an InterNIC root server or a private root server. In the following output, the DNS server resolving DNS queries has been returned to a.root-servers.net from ns1.digitalgear.com .

 C:\>  nslookup  Default Server:  homeportal.gateway.2wire.net Address:  172.16.0.1 > root Default Server:  A.ROOT-SERVERS.NET Address:  198.41.0.4 > 

ls

The ls command lists the resource records in a particular zone. In essence, ls does a zone transfer of the selected record type. You can limit the scope of the transfer by specifying a record type using the “t switch. Here is an example showing the host records (A records) in the company.com zone:

 >  ls -t a digitalcrawlspaces.com.  [web1.digitalcrawlspaces.com]  digitalcrawlspaces.com.    A      10.1.1.1 
graphics/caution_icon.gif

Using the “d syntax with ls command, you can display the entire zone table. But be aware that this can be quite a long list depending on the DNS server providing the information.


set debug Command

Using the set debug command is somewhat like using the DEBUG command on a router. The command displays real-time information and shows the results of a query and the DNS servers included in the search. The following example is the result of a query for digitalcrawlspaces.com that started at an InterNIC root server and worked its way down to find the associated IP address.

 >  set debug  >  digitalcrawlspaces.com  Server:  homeportal.gateway.2wire.net Address:  172.16.0.1 Got answer:     HEADER:         opcode = QUERY, id = 8, rcode = REFUSED         header flags:  response, auth. answer, want recursion         questions = 1,  answers = 0,  authority records = 0,  additional = 0     QUESTIONS:         digitalcrawlspaces.com.gateway.2wire.net, type = A, class = IN Got answer:     HEADER:         opcode = QUERY, id = 9, rcode = NOERROR         header flags:  response, auth. answer, want recursion         questions = 1,  answers = 1,  authority records = 2,  additional = 2     QUESTIONS:         digitalcrawlspaces.com, type = A, class = IN     ANSWERS:     ->  digitalcrawlspaces.com         internet address = 64.38.192.188         ttl = 86400 (1 day)     AUTHORITY RECORDS:     ->  digitalcrawlspaces.com         nameserver = ns1.cwie.net         ttl = 86400 (1 day)     ->  digitalcrawlspaces.com         nameserver = ns2.cwie.net         ttl = 86400 (1 day)     ADDITIONAL RECORDS:     ->  ns1.cwie.net         internet address = 64.38.192.10         ttl = 86400 (1 day)     ->  ns2.cwie.net         internet address = 64.38.192.11         ttl = 86400 (1 day) ------------ Name:    digitalcrawlspaces.com Address:  64.38.192.188 

In the above output the DNS server was queried on the digitalcrawlspaces.com domain. The DNS servers with entries have replied with the domain's known information.

The set type Command

You can limit the scope of a query to a DNS server by setting a query to look only for a certain record type. In the example that follows , I am querying for mail Mail Exchange (MX) records on a name server:

 >  set type=mx  >  digitalcrawlspaces.com  Server:  homeportal.gateway.2wire.net Address:  172.16.0.1     QUESTIONS:         digitalcrawlspaces.com, type = MX, class = IN     ANSWERS:     ->  digitalcrawlspaces.com         MX preference = 10, mail exchanger = mail.digitalcrawlspaces.com         ttl = 86400 (1 day)     AUTHORITY RECORDS:     ->  digitalcrawlspaces.com         nameserver = ns2.cwie.net         ttl = 86400 (1 day)     ->  digitalcrawlspaces.com         nameserver = ns1.cwie.net         ttl = 86400 (1 day)     ADDITIONAL RECORDS:     ->  mail.digitalcrawlspaces.com         internet address = 64.38.212.71 

The above output shows only the MX record entries on the DNS servers queried. The only known entry found is for mail.digitalcrawlspaces.com.

The nslookup Command

Windows TCP/IP clients resolve NetBIOS names and store the results in a NetBIOS Name Cache table, which was the way Windows resolved host names before IP and DNS. However, it is still used today in our LANs. An entry entered into the cache stays for 600 seconds (10 minutes) by default. You can use the nbtstat command to view and manipulate the contents of NetBIOS name cache.

The following bulleted list displays the syntaxes available for the NBTSTAT command and the syntaxes function. Please note that the syntaxes are case sensitive.

  • -a . This syntax displays the name cache for a remote node by using its NetBIOS name. This option also displays the MAC address of the remote network devices NIC.

  • -A . This switch displays the name cache of a remote node by using the nodes IP address. The output also displays the MAC address of the remote network adapter. Example syntax: nbtstat -A 10.1.1.1 .

  • -n . This syntax displays information about the local computer, including the computer name, the locally logged-on user, the workgroup or domain of the computer, and any browser services running.

     Node IpAddress: [10.1.1.27] Scope Id: []             NetBIOS Local Name Table    Name                     Type         Status --------------------------------------------- DCSWRK1        <00>    UNIQUE      Registered DCSGRP         <00>    GROUP       Registered DCSWRK1        <03>    UNIQUE      Registered DCSWRK1        <20>    UNIQUE      Registered DCSGRP         <1E>    GROUP       Registered ..__ __.       <01>    GROUP       Registered 
  • -r . This syntax lists the statistics of the DNS name cache and how they were resolved. This syntax also resolves the names resolved by WINS. You need to remember that you use this syntax when you are trying to determine whether a computer used a broadcast or WINS to resolve a host name to an IP address.

     C:\>  nbtstat -r  NetBIOS Names Resolution and Registration Statistics     Resolved By Broadcast     = 0     Resolved By Name Server   = 0     Registered By Broadcast   = 9     Registered By Name Server = 0 C:\> 
  • -R . This syntax clears the name cache and loads any preload (#PRE) items out of a local machine LMHOSTS file. The LMHOSTS file is a text file with static mapPings of IP addresses matched with their associated host addresses.

  • -S . This syntax displays the current sessions on the local machine, showing the IP addresses of the connected machines. This is very useful when you want a quick display of the services that have active connections:

     NetBIOS Connection Table Local Name                 State    In/Out  Remote Host   Input   Output DCSWRK1        <03>        Listening DCSWRK1                    Connected    In   10.1.1.1     2KB      3KB ADMINISTRATOR  <03>        Listening 
  • -s . This output is virtually identical to the uppercase syntax, with the exception that the remote host is listed. The output lists the host name of the remote host instead of the IP address, as shown below.

     NetBIOS Connection Table Local Name                 State    In/Out  Remote Host   Input   Output DCSWRK1         <03>       Listening DCSWRK1                    Connected    In         WEB1    2KB      3KB ADMINISTRATOR   <03>       Listening 
  • -RR . This syntax helps to resolve WINS errors by reregistering the host with the WINS Server. This is good for getting an immediate registration when you change the IP address or host name.



CCNP CIT Exam Cram 2 (642-831)
CCNP CIT Exam Cram 2 (Exam Cram 642-831)
ISBN: 0789730219
EAN: 2147483647
Year: 2003
Pages: 213
Authors: Sean Odom

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net