Re: host versus nslookup

[Kevin Darcy]

On 10/12/2011 1:21 PM, Martin McCormick wrote:
Many years ago, various flavors of unix began distributing a
utility called host which did almost the same thing as nslookup.
Host is what I use most of the time, now, and I actually thought
that nslookup on unix systems was maybe going away.
        A coworker recently asked me about nslookup on our
FreeBSD system and I verified the behavior he was asking about.

        Other than a different output format, what are the
advantages of having both host and nslookup.

        On the FreeBSD system in question, nslookup is
definitely a different binary than is host so one is not
hard-linked to the other.

        The behavior he was asking about was simply that all
foreign domains that one looks up with nslookup report as
non-authoritative since the DNS one is using isnot authoritative
for, say, microsoft.com or yahoo.com.

        This is not a problem. I am just curious.

nslookup has lots of problems. Four that I can cite off the top of my head:
1) most versions of nslookup will stop dead in their tracks if they 
can't reverse-resolve the name of whatever resolver they're trying to 
use (even though that's basically irrelevant to the actual lookup that 
the user requested)
2) nslookup will by default use a searchlist, but it does this 
completely invisibly by default (unless a debugging option is turned 
on), and thus will often mis-represent the real result of the query 
(e.g. you look up foo.example1.com, that gets a SERVFAIL, then 
unbeknownst to the user, nslookup tries the searchlist'ed name 
foo.example1.com.example2.com and reports the resulting NXDOMAIN as the 
final error of the lookup, thus obscuring the real error -- SERVFAIL)
3) the default output format of nslookup doesn't distinguish the result 
of the query from the identity of the resolver clearly enough, so 
unsophisticated users will often think that the name they're looking up 
actually resolves to the address of the DNS resolver, and much hilarity 
ensues (mis-routed trouble tickets, drama, confusion, etc.)
4) some versions of nslookup display atypical DNS responses (e.g. 
dangling CNAMEs, referrals) in very confusing, non-intuitive ways.

                                                                        
                                                                        
                                            - Kevin

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users