in defense of nslookup

[Michael E. Hanson]

nslookup is also a valuable tool in troubleshooting what appear to be
network connectivity issues.  After validating that TCP/IP is loaded and
working, and pinging to ensure the network is functioning at some level, the
next step is to try to resolve names to addresses (which I can usually talk
a customer through using a browser or some versions of ping).  If you can't
resolve a name to an address, you look first at the client's configuration
to verify that its referencing a valid DNS.  If it is, nslookup (or similar
tool) will tell you whether the DNS in question is responding appropriately
to queries.  I've run into numerous situations where a DNS was either not
responding, or responding inappropriately.  In any case, it gives me
information I can pass to the appropriate administrator.

Now, if the DNS returns an incorrect answer (as opposed to an inappropriate
answer), then tools like dig can help track down the errant data.

So, while nslookup may not be your tool of choice for testing /debugging a
DNS configuration, it is a valuable tool for troubleshooting a network
connectivity issue, and its frequently available on the computers I have to
support.  When its not available, I have a couple floppies I carry around
that have different versions of nslookup on them (one for Win32, one for
Linux, one for Solaris, one for HPUX, one for...).

By the way, I've also used it to approximate a zone transfer to see what
info a primary might be providing to a secondary on a full zone transfer
(ls -d domain.com).  Its not perfect, but its a quick way to see the info if
I'm already in nslookup.
_______________
Michael E. Hanson
President, Gryphon Consulting  Services
(http://www.GryphonsGate.com)
P.O. Box 1151
Bellevue, NE  68005-1151
(402) 871-9622

MEHanson at GryphonsGate.com (primary)
Gryphons_Master at yahoo.com