nslookup flaws
Brad Knowles
brad.knowles at skynet.be
Fri Jul 6 14:42:13 UTC 2001
At 12:10 PM +1000 7/6/01, Nathan Jones wrote:
> I believe there are problems with nslookup, but I'm having trouble
> finding out specifically what they are.
>
> Can someone here point me in the right direction?
For starters:
1. nslookup requires that reverse DNS be configured for
the nameservers listed in /etc/resolv.conf. If you've
got a DNS problem, that's just as likely to affect your
ability to serve reverse DNS as it is anything else,
so when you most need nslookup to work, is when it is
mostly likely to fail.
2. Even with all debugging options turned on, nslookup
doesn't show you everything that's going on with the
query, or all the data returned.
3. Most vendor-supplied versions of nslookup have been
hacked to by-pass the DNS and to include resolution
involving things like /etc/hosts, NIS, etc.... This
just confuses the issues. Sometimes there are times
when you want to debug these non-DNS name services,
but nslookup should not be doing this without your
requesting it to do so.
4. Even when querying just the DNS, nslookup by-passes
the standard resolver routines, so when nslookup does
a query, that's not following the same code path as
when a program does a query, and therefore using
nslookup may not tell you anything about where the
problem may be -- nslookup may work fine when the
program doesn't, or nslookup may fail when the
program works fine.
I'm sure others on the list can add to these items.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list