کد:
http://www.windowsnetworking.com/articles_tutorials/Using-NSLOOKUP-DNS-Server-diagnosis.html
The DNS protocol has been around for decades and is a stable and reliable protocol. Even so, DNS does occasionally have problems. These problems might stem from a loss of connectivity, an invalid DNS record, or a number of other issues. When a DNS server doesn’t behave in the way that it is expected to, many people turn to the PING command for help. PING is a great tool for DNS server diagnosis, and I tend to use it quite frequently myself. However, sometimes PING just doesn’t give you enough information about the problem at hand. When you need more information about a DNS problem than what PING provides you with, you can always turn to the NSLOOKUP command. NSLOOKUP is a built in DNS diagnostic utility that’s available to both Windows and UNIX Administrators. In this article, I will show you how to use NSLOOKUP.
The Basics
NSLOOKUP has a fairly rich syntax and can be a bit confusing for those who have not worked with DNS a great deal. Therefore, I want to start out by showing you some of the basics. Although NSLOOKUP exists in both UNIX and Windows, there are some differences in the way that it behaves in the two operating systems. For the purposes of this article, I will be using the Windows version.
The first thing that you need to understand about NSLOOKUP is that when you use the NSLOOKUP command, it assumes that you are querying a local domain on your private network. You can query an external domain, but NSLOOKUP will try to search for the domain internally first. For example, the brienposey.com domain is external to my network. If I perform an NSLOOKUP against brienposey.com, NSLOOKUP returns the information that’s shown in Figure A.
Figure A: This is what happens when NSLOOKUP queries an external domain
If you look at the figure, you will see that there are non existent domain error messages for the IP addresses 147.100.100.34 and 147.100.100.5. These are the addresses of my internal DNS servers. Below this information however is the non authoritative answer. This means that my DNS server queried an external DNS server in an effort to resolve the IP address associated with the brienposey.com domain.
Now, let’s take a look at what happens when you query an internal domain. One of the local domains on my private network is production.com. If I perform an NSLOOKUP against production.com, I get the results shown in Figure B.
Figure B: This is what it looks like when I query an internal domain
If you look at the top portion of this screen, you will notice that I’m getting the exact same non-existent domain error messages as I got when I queried an external domain. At first, this may seem puzzling. The reason why I got this error message was because I performed an NSLOOKUP outside of the NSLOOKUP shell. I will talk more about the NSLOOKUP shell in the next section. For now though, you need to know that you can enter the NSLOOKUP command by itself. When you do, you will see the familiar non-existent domain error messages, but you will then be taken to the NSLOOKUP prompt (the > sign). From there you can enter various NSLOOKUP commands. When you are done, you can use the EXIT command to return to the command prompt.
The other thing that you should notice about Figure B is the bottom portion of the output. Beneath the reference to production.com is a string of IP addresses. These are the IP addresses of all of the domain controllers within the domain. I should also point out that if multiple IP addresses are assigned to a single server then all of the server’s IP addresses will be displayed by NSLOOKUP.
The NSLOOKUP Shell
Now that I have shown you how to use the NSLOOKUP command to see the IP address or addresses associated with the domain, let’s do something a little bit more useful. One of the things that you can do with NSLOOKUP is to look up a specific type of DNS record. A good example of this is an MX record.
In case you aren’t yet familiar with all of the intricacies of DNS, the MX record points to the organization’s mail server. For example, suppose that someone wanted to send an E-mail message to you, one of the first things that their mail server would have to do is to resolve your domain’s IP address. However, a normal address resolution won’t usually work for this purpose. In Figure A, you saw that when I ran a DNS query against the brienposey.com domain, the domain resolved to the address 24.235.10.4. Keep in mind though, that this is the IP address of the server that hosts my Web site, not the address of my mail server. If someone wanted to send me an E-mail message their E-mail client would have to resolve the IP address of my domain’s mail server. This is where the MX record comes into play. The MX record is a record on a domain’s DNS server that specifies the IP address of the domain’s mail server.
As you can see, the MX record is rather important. Suppose however that your domain was having trouble receiving E-mail and you suspected that a DNS server issue was to blame. You could use NSLOOKUP to confirm that the domain does indeed have an MX record and that the MX record is pointed to the correct IP address.
Earlier I briefly mentioned that you could work within the NSLOOKUP shell. To troubleshoot an MX record problem, you pretty much have to work within this shell. Therefore, you would start the process by entering the NSLOOKUP command at the command prompt.
Once the NSLOOKUP shell is open, you will need to tell NSLOOKUP which DNS server you want to query. To do so, enter the SERVER command, followed by the DNS server’s IP address. You can also enter the server’s fully qualified domain name (assuming that it can be resolved) as an alternative to the server’s IP address.
Now that you have specified a DNS server for NSLOOKUP to use, you can query domains without receiving the non-existent domain error messages that you saw earlier (as long as you remain within the NSLOOKUP shell). To do so, you would simply type the domain name that you want to query. For example, if you look at Figure C, you can see where I have specified a particular DNS server and then queried an external and an internal domain.
Figure C: The error messages go away if you specify a DNS server
Now, let’s get back to the business of looking up a domain’s MX record. To do so, you need to issue a command that tells NSLOOKUP to query based on MX records. The command that you will have to use is:
SET QUERY=MX
Issuing this command by itself won’t give you any information about the domain’s MX record though. For that you have to actually query the domain by entering the domain name. If you look at Figure D, you will see that I have specified an MX query and then entered the production.com domain name. NSLOOKUP now returns a wealth of information pertaining to my domain’s MX record.
Figure D: When an MX query is specified, you can get a wealth of information about your domain’s MX record
Conclusion
As you can see, NSLOOKUP can provide you with a wealth of DNS server diagnostic information. However, NSLOOKUP is not limited to providing the types of information that I have discussed. The NSLOOKUP shell is actually a fairly rich interface with a rather large command set. You can view a list of the available commands and their syntax by entering a question mark at the NSLOOKUP prompt (note: you can not use NSLOOKUP /? to view the command set).
LinkBack URL
About LinkBacks
