Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Detailed explanation of nslookup command

2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

Introduction] Nslookup is a command-line tool that monitors whether the DNS server in the network can correctly implement domain name resolution. It can be used in Windows NT/2000/XP (which is also available in later windows systems, such as win7,win8, etc.), but this tool is not integrated in Windows 98. Nslook...

Nslookup is a command-line tool that monitors whether the DNS server in the network can correctly implement domain name resolution. It can be used in Windows NT/2000/XP (which is also available in later windows systems, such as win7,win8, etc.), but this tool is not integrated in Windows 98. Nslookup must have the network environment of the TCP/IP protocol installed before it can be used. Now a DNS server has been set up in the network, and the host name is TEST, which can resolve the domain name www.1234.com to the IP address of 192.168.0.1, which is the forward resolution function that we usually use. The detection steps are as follows: click start-> Program-> Accessories-> Command prompt in Windows 2000, and type Nslookup www.123.com after C:\ > After "enter", you can see the following results: Server: TEST Address: 192.168.0.5 Name: www.123.com Address: 192.168.0.1 above results show that the hostname of the working DNS server is TEST, and its IP address is 192.168.0.5 The IP address for the domain name www.1234.com is 192.168.0.1. So, when it is detected that the DNS server TEST has successfully implemented forward parsing, is its reverse parsing normal? In other words, is it possible to reverse resolve the IP address 192.168.0.1 to the domain name www.123.com? We type Nslookup 192.168.0.1 at the command prompt C:\ >, and the result is as follows: Server:TEST Address: 192.168.0.5 Name: www.123.com Address: 192.168.0.1, which means that the reverse parsing function of the DNS server TEST is also normal. However, sometimes we type Nslookup www.123.com and the result is as follows: Server:TEST Address: 192.168.0.5 * TEST can't find www.123.com: Non-existent domain indicates that the DNS server TEST in the network is working, but the domain name * * www.123.com cannot be resolved correctly. At this point, you need to analyze the configuration of the DNS server to see if the IP address record corresponding to the domain name www.1234.com has been added to the DNS database. In other cases, when we type Nslookup www.123.com, the result is as follows: * * Can't find server name for domain: No response from server * * Can't find www.1234.com: Non-existent domain, which means that the test host has not found a DNS server that can be used in the current network. At this time, we need to make a comprehensive test of the connectivity of the whole network, and check whether the DNS server is in a normal working state, and use the step-by-step troubleshooting method to find out the root cause that the DNS service can not be started. After configuring the DNS server and adding the corresponding records, as long as the IP address remains the same, we no longer need to maintain the DNS data file. However, before confirming that the domain name interpretation is normal, we'd better test whether all the configurations are normal. Many people simply use the ping command to check it out. However, the Ping instruction is only a command to check network connectivity. Although it will be queried through DNS if the input parameter is a domain name, it can only query the records of type An and CNAME, and will only tell you whether the domain name exists. No other information is provided. So if you need to troubleshoot DNS, you have to be proficient in another, more powerful tool, nslookup. This command specifies the type of query, the lifetime of the DNS record, and which DNS server to use for interpretation. The simplest use of querying IP address nslookup is to query the IP address corresponding to the domain name, including A record and CNAME record. If the CNAME record is found, it will also return the setting of the alias record. Its usage is as follows: the following is the return of A record in nslookup domain name. The nslookup command uses a reverse interpretation to get the name of the DNS server used. Because I am using an internal DNS server here, there is no correct reverse record, resulting in errors in the first few lines of the result. You can ignore it. The focus is on the last two lines. What you can see here is that the IP address of www.oray.net is 61.145.112.212. Note that results can be returned even if the host of the www.oray.net is not online. If the target domain name is an alias record (CNAME), nslookup starts to show something different from the ping command, see the result of querying the CNAME record. Since both CNAME and A records end up with live IP addresses, they are generally treated equally, with the same format for commands. Notice that this time nslookup returns three lines of information, and the first two lines show that this is a CNAME record, corresponding to the domain name and IP address. The final display is the target domain name, marked with Alias (alias). What happens if the domain name doesn't exist? Can you understand the final English? it doesn't matter if you don't understand. Just remember the shape. The same is true if there is no corresponding record for a domain name of the specified type. We do not add any parameters to the first two commands for querying other types of domain names, so by default nslookup queries records of type A. If we configure other types of records, we want to see if the interpretation is normal. That's when there's nothing ping can do. For example, we have configured MX records, but the mail server can only send messages but not receive them. Whether it is the domain name interpretation problem or other problems that the Ping command check can only lead you astray. At this time, nslookup can simulate your other situations when you meet the server for domain name interpretation. We need to add the appropriate parameters to the nslookup. The instruction format for specifying the query record type is as follows: the target domain name of nslookup-qt= type must be lowercase qt. The type can be the following characters, case-insensitive: an address record (Ipv4) AAAA address record (Ipv6) AFSDB Andrew file system database server record (not understand) ATMA ATM address record (not ATM) CNAME alias record HINFO hardware configuration record Including CPU, Operating system information ISDN domain name corresponding ISDN number MB server for the specified mailbox MG mail group record MINFO mail group and mailbox information record MR renamed mailbox record MX mail server record NS name server record PTR Reverse recording (domain name interpretation from IP address) RP responsible person record RT routing penetration record (do not understand) SRV TCP server information record (will be of great use) TXT domain name corresponding text message X25 domain name corresponding X.25 address record take a look at oray.net 's mail server record. Look, nslookup gives the name and address of the server. Note that preference is the priority mentioned earlier, and the lower the value, the higher the priority. Let me see what the name server records look like. It looks similar to the format of the MX record, and usually the server will return the corresponding address at the same time. However, there are also cases of non-return. Here I want you to notice that the line shows "Non-suthoritativeanswer:", which has not been shown in the previous example. Its presence means that the result is obtained from the server's cache. So remind you that this is not an authorized answer. In the previous queries, the 192.168.1.104 machine used the process described in our first article to query the domain name of oray.net. In this process, not only the final results such as www.oray.net, test.oray.net and oray.net MX records are cached. It also includes intermediate results such as the acquired name server. Implicitly query the NS record of oray.net. We will introduce this process later. Specify the name server to use. by default, nslookup uses the DNS server in our native TCP/IP configuration to query, but sometimes we need to specify a specific server to experiment with the query. At this point, we do not need to change the local TCP/IP configuration, just add the specified server IP or domain name to the command. This parameter is necessary for us to debug a specified server, and we can avoid cached results from other servers by directly querying the results of the authorized server. The format of the command is as follows: nslookup [- qt= type] DNS server IP or domain name specified by the target domain name. We can see the result of the following command: this command queries the NS record of oray.net directly from the top-level domain name server. All the NS records of second-level domain names are stored in the top-level domain name server, which is the most authoritative explanation. Note that there is no hint of an unauthorized result this time. For the NS record query of the secondary domain name, this must be the result of authorization. The name of the top-level domain name server is a to j.gtld-servers.net with a total of ten servers. Gtld is the abbreviation of Global Top Level Domain. When we modify the NS record of a domain name, we can use the above query to know whether the modified result has already taken effect on the top-level domain name server. However, even if it has taken effect, it may not be explained properly. Pay attention to the issue of cache time that I mentioned in my previous article. So how long will it be cached? To check the cache time of a domain name, we need to use a new parameter:-d format: nslookup-d [other parameters] target domain name [specified server address] Please see the example We ignore the others and look at the following lines of Got answer, including a ttl value. This value is the survival time of the domain name record. This query reveals all parts of the entire DNS packet, and you can see that DNS is actually not as simple as you think. For each part of the explanation, you can take a look at the relevant standard documents. You need to be reminded that you must find the content of ANSWER:, nothing else is to describe the final result. There is more than one place above and the simulation of the TTL numerical domain name interpretation process. Let's now simulate the domain name interpretation process in which a DNS server receives a domain that is not managed by itself. Recall the process of the first article: first we will ask the root server, and then the root server will ask us to find the corresponding top-level server. If we are querying oray.net, we will be asked to find net's server. Take a look at the following example: here we ask the 21cn.com server to interpret the domain name of www.oicp.net. Obviously, this server does not need to have this domain and needs to ask the root server. Normally, the DNS server will help us complete the whole process. This kind of interpretation is called recursive parsing, and in order to let you see this process, I have a parameter to tell the 21cn.com server not to do this. This parameter is-norecurse. In theory, 21cn.com would let us ask the root server, but because it already caches the records of the top-level server, it directly returns the top-level server records that manage the net. In fact, most queries do not need to start at the root server. You can see that the addresses of all top-level domain name servers are returned. We choose one at random to make a query. This time, the top server returns the server address recorded by oicp.net. Then we will query one of these records and be sure to get the answer. It could be an address, a CNAME record, or tell you it doesn't exist. This is the end of the nslookup command, but there are many other parameters for nslookup. However, there are only a few commonly used in Russia, and if you don't like the command line approach. There are also several graphical interface tools for nslookup functionality. However, you still need to know what domain name interpretation has in order to use these tools correctly.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report