nslookup flaws
Barry Margolin
barmar at genuity.net
Fri Jul 6 14:34:09 UTC 2001
In article <9i37fk$rjn at pub3.rc.vix.com>,
Nathan Jones <nathanj at kmail.com.au> wrote:
>I believe there are problems with nslookup, but I'm having trouble
>finding out specifically what they are.
Off the top of my head:
1. Its error messages are imprecise. In particular, you get "Nonexistent
host/domain" when either the name doesn't exist (dig reports "status:
NXDOMAIN") or when the name exists but doesn't have any records of the
requested type (dig reports "status: NOERROR" and "ANSWER: 0").
2. When it displays results, you can't tell what section they're in. So
it looks like you asked for an A record and for some reason the server
responded with an SOA record instead (this is actually the SOA record
that gets put into the Authority section of a negative response, in
order to provide a negative cache TTL).
3. It automatically implements the search list by default. Debugging
utilities should do just what you ask, not apply lots of automatic
extras.
4. Its stupid requirement that the server be able to reverse-resolve its
own address. If a server is non-recursive and not hosting its own
reverse domain, it won't be able to do this, and nslookup will think
that it's a broken server and skip over it.
--
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list