If you are running a DNS server on your Windows NT or Windows 2000 network, you know that various problems can arise and cause the system to go haywire. When that happens, you dig into your arsenal of troubleshooting tools and go to work. If you are running Windows NT, chances are you head to the DNS Manager, since it is the primary tool for managing Windows NT DNS name servers. If you are running Windows 2000, you typically head to the DNS Console, since it is the primary tool for administering Windows 2000 DNS name servers.
However, regardless of which operating system you are running, there is another DNS troubleshooting tool that is often overlooked, yet incredibly handy—the Nslookup utility. This clever little service, which can run from the client (either Windows NT Workstation or Windows 2000 Professional) in addition to the server platform, is a DOS-based program designed to display information from a DNS name server that can help you set your sights on DNS-related problems.
In this Daily Drill Down, I will introduce you to the Nslookup utility and explain how the utility works. I will also pass on some basic DNS name server troubleshooting techniques that you can perform with the Nslookup utility.
How the Nslookup utility works
Like many of the other TCP/IP utilities that come with Windows NT/2000, you run the Nslookup utility from a command prompt. Unlike the other TCP/IP utilities that come with Windows NT/2000, the Nslookup utility has two modes of operation: interactive and noninteractive. The mode you will use depends on how much information you want the Nslookup utility to return.
Using the Nslookup utility in noninteractive mode will likely be the most familiar way to use this tool, as the entire command is issued at the command line, just like with any of the other TCP/IP utilities. You will use this mode when you only have one server to investigate and only need a single piece of information.
Interactive mode actually launches the Nslookup utility as a separate application, complete with its own prompt. You can then issue a whole host of additional subcommands that allow you to run more extensive tests and gather an abundance of information about the DNS name server. Interactive mode also makes it easy to test multiple DNS name servers.
Using the Nslookup utility in noninteractive mode
Using the Nslookup utility in noninteractive mode is easy. You just type Nslookup followed by two arguments: the host name or IP address of the system you want to look up and the host name or IP address of the DNS name server. Keep in mind that if you use the host name, you don’t need to preface the host name with www.
For example, if you wanted to check to see if there were a listing in your DNS name server’s database for TechRepublic.com and your DNS name server’s IP address is 10.12.35.9, you would type:
Nslookup techrepublic.com 10.12.35.9
You would see the response shown below if the listing existed in your DNS name server’s database:
Server: ns.dnserver.org
Address: 10.12.35.9
Name: techrepublic.com
Address: 208.50.157.239
Tip
If you prefer, you can omit the name or IP address of the DNS name server. When you do, the Nslookup utility will automatically use the default DNS name server.
Using the Nslookup utility in interactive mode
To use the Nslookup utility in interactive mode, just type Nslookup at the command prompt and press [Enter]. When you do, you’ll see the name and address of the default DNS name server for your network and then the Nslookup utility prompt, as shown here:
Default Server: ns.dnserver.org
Address: 10.12.35.9
>
At this prompt, you can type the host name or IP address of the system you want to look up. Again, you don’t need to preface the host name with www. You can also type any one of the Nslookup interactive subcommands that I will go over in a moment. However, there are a few rules that we need to cover first.
The Nslookup utility prompt has a line length maximum of 256 characters, which you will need to keep in mind if you combine some of the Nslookup utility’s interactive subcommands. Second, if you initiate one of the interactive subcommands and decide you want to cancel the operation before it continues, you can press [Ctrl]C. Third, the Nslookup utility will interpret any unrecognized interactive subcommand as a computer name, which could cause an error message. You should always check for a typo on the command line when you receive an unusual error. In the odd case that a computer name is the same as one of the Nslookup interactive subcommands, you can precede the name with the escape character, which in this case is the backslash character (\). Finally, to close down the Nslookup utility prompt and return to a regular command prompt, just type Exit. You can also press [Ctrl]Z and press [Enter].
Before I move on, there is one little tip that I want to share with you. When you’re working from the Nslookup utility prompt, keep in mind that the prompt stores a history list of all the commands that you have typed. This means that you can cycle through using the Up and Down Arrow keys.
As I mentioned, using the Nslookup utility in interactive mode provides you with a whole host of additional subcommands. You can view a listing of these additional subcommands at any time by typing Help or a question mark (?) at the Nslookup utility prompt. When you do, the Nslookup utility will display the listing shown in Figure A.
| Figure A |
 |
| You can view a list of all the Nslookup utility subcommands by typing Help or a question mark (?) at the Nslookup utility prompt. |
As you can see, there are several basic subcommands and a subset of additional keywords associated with the Set subcommand. These additional keywords allow you to change the Nslookup utility configuration settings. You can see all the Set keywords by typing Set All at the Nslookup utility prompt.
Troubleshooting techniques
Now that you have a good idea of how the Nslookup utility works, let’s take a look at a couple of common troubleshooting techniques.
Verifying DNS name server responsiveness
If you suspect that the DNS name server has gone down, you can use this quick noninteractive mode troubleshooting technique, which uses the special Loopback IP Address (127.0.0.1) to verify that the DNS name server is responsive. To perform this test, type
Nslookup 127.0.0.1 10.12.35.9
where 10.12.35.9 is the IP address of the DNS name server. If the DNS name server is responding, you’ll see the response shown below:
Server: ns.dnserver.org
Address: 10.12.35.9
Name: localhost
Address: 127.0.0.1
Switching DNS name servers
By default, the Nslookup utility directs its queries to the default DNS name server. If you want to test other DNS name servers on your network, you can do so easily from within the interactive mode. To do so, you use the Server subcommand. For example, if the default DNS name server is at 10.12.35.9 and you want to run tests on another DNS name server at 10.12.35.8, at the Nslookup prompt you would type the command
Server 10.12.35.8
You would then see this response:
Default Server: ns.otherdnserver.org
Address: 10.12.35.8
Using debug mode
To really see what is happening when you’re troubleshooting with the Nslookup utility, you can configure the service to use the debugging mode in Nslookup’s interactive mode. When you do so, more information about what is sent to and received from the DNS name server is displayed on the screen.
To configure the Nslookup utility to use debugging mode, use the Set subcommand with the keyword Debug or, for even more detailed information, the keyword D2, which enables an exhaustive debugging mode. In debugging mode, the Nslookup utility lists each step being taken to complete the command.
For example, using the Set subcommand with the keyword Debug and then testing TechRepublic.com yielded the results shown in Figure B.
| Figure B |
 |
| Configuring the Nslookup utility to use debugging mode provides you with a detailed list of each step taken to complete the command. |
If we look at the results, we can see that the Nslookup utility received an answer from the DNS name server and that there are three authority records and three additional records. The former indicates other DNS name servers along the path that include TechRepublic.com in their database, while the latter simply lists the IP addresses associated with the host names of the DNS name servers.
To exit debugging mode, use the Set subcommand with the keyword Nodebug. If you’re using the exhaustive debugging mode, use the keyword Nod2. However, keep in mind that when you use the keyword Nod2, you simply drop back into standard debugging mode. To completely drop out of debugging mode, you have to use the keyword Nodebug.
Interpreting error messages
When you are using the Nslookup utility to troubleshoot a DNS name server, you may encounter one of these common error messages:
- Timed Out: You’ll see this error if the DNS name server does not respond to a request after a certain amount of time and a certain number of retries. If you want to continue testing, you can change both the timeout and retry values with the Set command and the keywords timeout=value and retry=value.
- No Response From Server: You’ll see this error if the DNS name server is not running on the server.
- No Records: You will see this error message if the DNS name server does not have any resource records for the current query type even though the host name is valid. You can change the query type with the Set command and the keyword querytype.
- Non-existent Domain: You will see this error message if the host name or DNS domain name does not exist.
- Connection Refused/Network Is Unreachable: You will see this error message if the connection to the DNS name server could not be made.
- Server Failure: You will see this error message if the DNS name server found a problem in its database and was not able to return a valid answer.
- Refused: You will see this error message if the DNS name server refused to process the request.
- Format Error: You will see this error message if the DNS name server discovered that the request packet was not in the proper format. This could indicate a problem with Nslookup, rather than the DNS name server.
Running Nslookup on Windows 9x/Me
If you want to be able to perform Nslookup queries from a Windows 9x/Me system, you‘ll have to investigate a third-party option, as these operating systems do not come with the Nslookup utility. For example, you can download Nslookup2000 free from the author’s site.
More information on the Nslookup utility
If you want to learn more about the Nslookup utility, you should investigate the O’Reilly and Associates bookDNS and BIND by Paul Albitz and Cricket Liu. This book is now in its 4th edition and is very helpful if you need in-depth information on how DNS works. The book has extensive coverage on the Nslookup utility and gives the reader insight into obscure and often overlooked tasks for which you can use the utility. The book also compares it to the popular dig command.
Conclusion
So, does it help to know about the Nslookup program, even though Windows NT/2000 currently contain their own such utilities in the form of a DNS Manager or Console? You bet it does. With Nslookup’s interactive mode capabilities, your ability to troubleshoot DNS problems is extended with the use of the many subcommands available. Nslookup is a flexible DOS command-line program that you can use in DNS troubleshooting situations when the GUI is unavailable.
