nslookup with Bind9 and absolutes

Jim Reid jim at rfc1035.com
Tue Apr 12 16:34:40 UTC 2005 

On Apr 12, 2005, at 16:44, Stephen Williams wrote:

> Hey all I have a strange thing going on with my boxes any box that I
> have installed Bind 9.x.x on when I try to do a nslookup at the root
> level I can't get a response can anyone help,

You *are* getting a response. It's just that the behaviour of the two 
versions of nslookup you're using is different. This is hardly 
surprising since nslookup is a brain-dead utility that causes more 
problems than it solves. [Consult the list archives for details.] 
Please use dig for querying name servers and DNS troubleshooting. If 
you'd used dig, you would have seen what was actually in the reply from 
a.root-servers.net when you asked it for an A record for com: a record 
that doesn't exist BTW.

Here's what you get back when you use a proper lookup tool to make that 
query:

% dig @a.root-servers.net com

; <<>> DiG 9.3.1 <<>> @a.root-servers.net com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1958
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 15

;; QUESTION SECTION:
;com.                           IN      A

;; AUTHORITY SECTION:
com.                    172800  IN      NS      A.GTLD-SERVERS.NET.
com.                    172800  IN      NS      G.GTLD-SERVERS.NET.
com.                    172800  IN      NS      H.GTLD-SERVERS.NET.
com.                    172800  IN      NS      C.GTLD-SERVERS.NET.
com.                    172800  IN      NS      I.GTLD-SERVERS.NET.
com.                    172800  IN      NS      B.GTLD-SERVERS.NET.
com.                    172800  IN      NS      D.GTLD-SERVERS.NET.
com.                    172800  IN      NS      L.GTLD-SERVERS.NET.
com.                    172800  IN      NS      F.GTLD-SERVERS.NET.
com.                    172800  IN      NS      J.GTLD-SERVERS.NET.
com.                    172800  IN      NS      K.GTLD-SERVERS.NET.
com.                    172800  IN      NS      E.GTLD-SERVERS.NET.
com.                    172800  IN      NS      M.GTLD-SERVERS.NET.

;; ADDITIONAL SECTION:
A.GTLD-SERVERS.NET.     172800  IN      AAAA    2001:503:a83e::2:30
A.GTLD-SERVERS.NET.     172800  IN      A       192.5.6.30
G.GTLD-SERVERS.NET.     172800  IN      A       192.42.93.30
H.GTLD-SERVERS.NET.     172800  IN      A       192.54.112.30
C.GTLD-SERVERS.NET.     172800  IN      A       192.26.92.30
I.GTLD-SERVERS.NET.       172800  IN      A       192.43.172.30
B.GTLD-SERVERS.NET.     172800  IN      AAAA    2001:503:231d::2:30
B.GTLD-SERVERS.NET.     172800  IN      A       192.33.14.30
D.GTLD-SERVERS.NET.     172800  IN      A       192.31.80.30
L.GTLD-SERVERS.NET.     172800  IN      A       192.41.162.30
F.GTLD-SERVERS.NET.     172800  IN      A       192.35.51.30
J.GTLD-SERVERS.NET.     172800  IN      A       192.48.79.30
K.GTLD-SERVERS.NET.     172800  IN      A       192.52.178.30
E.GTLD-SERVERS.NET.     172800  IN      A       192.12.94.30
M.GTLD-SERVERS.NET.     172800  IN      A       192.55.83.30

;; Query time: 152 msec
;; SERVER: 198.41.0.4#53(a.root-servers.net)
;; WHEN: Tue Apr 12 17:27:56 2005
;; MSG SIZE  rcvd: 509


This is the expected response: a referral. The old (even more 
brain-damaged) version of nslookup you used
printed out stuff from  the Authority Section of the reply, misleading 
you into believing that the info was in the (empty) Answer Section. Now 
you know one of the reasons why you shouldn't use nslookup.

More information about the bind-users mailing list