8. Nslookup
Nslookup (Nslookup.exe) is the primary tool for isolating DNS
name resolution problems when connected to the client experiencing the
problems. Nslookup is a command-line tool capable of performing DNS
lookups and reporting on the results. Other tools, such as PathPing,
are capable of resolving host names to IP addresses and displaying the
results, but only Nslookup displays the DNS server used to resolve the
request. Additionally, Nslookup displays all the results returned by the
DNS server and allows you to choose a specific DNS server rather than
using the server automatically chosen by Windows.
Nslookup is the correct tool to use when troubleshooting the following types of problems:
Clients take several seconds to establish an initial connection.
Some clients can establish a connection to a server, but other clients experience problems.
The DNS server is configured correctly, but clients are resolving host names incorrectly.
Note:
The Hosts file, located
in the %WinDir%\System32\Drivers\Etc folder, might contain static
entries that override DNS lookups for most applications. Nslookup
ignores this file, however. If applications resolve a host name
differently than Nslookup, verify that the Hosts file does not contain
an entry for the host name.
8.1. Verifying that the Default DNS Server Resolves Correctly
To verify that a client is able to resolve a host name to the correct IP address, open a command prompt and type the command nslookup hostname.
Nslookup reports the server used to resolve the request and the
response from the DNS server. If the client has been configured to use
multiple DNS servers, this action might reveal that the client is not
issuing requests to the primary DNS server.
To resolve a DNS host name to an IP address, open a command prompt and run the following command.
nslookup hostname
To resolve an IP address to a
DNS host name by performing a reverse DNS lookup, open a command prompt
and run the following command.
nslookup ipaddress
If the DNS server returns
multiple IP addresses, Nslookup displays all addresses. Generally,
applications use the first IP address returned by the DNS server. Some
applications, including Internet Explorer, try each IP address returned
by the DNS server until a response is received.
8.2. Verifying that a Specific DNS Server Resolves Correctly
One of the most common sources
of DNS resolution problems is the caching of an outdated DNS address.
Particularly on the Internet, DNS servers might continue to return an
outdated IP address several hours after a change has been made to the
DNS server containing the record. If some clients are unable to
correctly resolve an IP address but other systems resolve it correctly,
one or more DNS servers have probably cached the incorrect address. To
identify the problematic DNS servers, use Nslookup to manually query
each server.
To verify that a specific
DNS server is able to resolve a host name to the correct IP address,
open a command prompt and run the following command.
nslookup hostname server_name_or_address
Nslookup will query
the specified server only, regardless of the DNS servers configured on
the client. If a specific server returns an incorrect IP address, that
server is the source of the problem. Generally, this problem will
resolve itself after the incorrect entry expires in the DNS server's
cache. However, you can also resolve the problem by manually clearing
the DNS server's cache.
|
Looking Up Lists of DNS Records
Tim Rains, Program Manager
Windows Networking
If you need to frequently check whether numerous DNS records correctly resolve on numerous DNS servers, consider using DNSLint with the –ql parameter instead of Nslookup.
This command can test name resolution for specific DNS records across
many DNS servers very quickly. DNSLint can also help troubleshoot some
DNS issues related to AD DS. DNSLint is a free download available from http://support.microsoft.com/kb/321045/.
|
8.3. Verifying Specific Types of Addresses
You can also use Nslookup
to verify specific types of addresses, including Mail eXchange (MX)
addresses used to identify the mail servers for a domain.
To identify the mail server for a domain, open a command prompt and run the following command.
nslookup "-set type=mx" domainname
For example, to use Nslookup to
view all MX servers listed for the domain microsoft.com using the
client's default DNS servers, type the following command.
nslookup "-set type=mx" microsoft.com
Additionally, you can query
a specific DNS server by listing the server name or IP address after
the domain name in the following form.
nslookup "-set type=type" hostname server_name_or_address
|
Using TCP for DNS Lookups
Tim Rains, Program Manager
Windows Networking
When a DNS server returns a
response to a DNS query but the response contains more DNS records than
can fit into a single UDP packet, the client may decide to send the
query again, this time using TCP instead of UDP. With TCP, multiple
packets can deliver all the DNS records in the response. You can use
Nslookup to test whether a DNS server can respond using either UDP or
TCP. Use the following command to submit a UDP query to the DNS server.
nslookup microsoft.com
The following command uses TCP to query the DNS server.
nslookup "-set vc" microsoft.com
The "–set vc"
parameter configures Nslookup to use a virtual circuit. This test can
be especially useful when you are expecting a large number of DNS
records in response to a query.
|
