faqts : Computers : Internet : Domain Names : djbdns

+ Search
 Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

17 of 19 people (89%) answered Yes
Recently 10 of 10 people (100%) answered Yes

Entry

When I test my new djbdns setup with nslookup I get timeouts and other weird errors - why?

Oct 29th, 2002 07:21
Brian Coogan, 


Unfortunately, nslookup is now a very old DNS testing tool that just 
doesn't do some things right.  The errors you've seen are generally a 
result of problems with nslookup rather than problems with your 
configuration.  The rest of this entry explains what happened and what 
you can do instead of using nslookup.
In particular, nslookup often doesn't work when you supply a 
nameserver 
address on the commandline (ie: nslookup a.b.com 1.2.3.4) as it tries 
to do a reverse lookup on 1.2.3.4 *using 1.2.3.4* before using it as a 
server!  This breaks if 1.2.3.4 is a non-recursive server.  The 
workaround is not to specify a server on the commandline, or better 
still, use dnsq (sends non-recursive lookups, use with tinydns) or 
dnsqr (sends recursive lookups, use with dnscache).
dnscache/dnsqr example:
   $ dnsqr a cr.yp.to
   1 cr.yp.to:
   77 bytes, 1+1+2+0 records, response, noerror
   query: 1 cr.yp.to
   answer: cr.yp.to 15194 A 131.193.178.181
   authority: yp.to 15194 NS a.ns.yp.to
   authority: yp.to 15194 NS b.ns.yp.to
tinydns/dnsq example:
   $ dnsq a a.ns.example.com a.ns.example.com
   1 a.ns.example.com:
   142 bytes, 1+1+2+2 records, response, authoritative, weird ra, 
noerror
   query: 1 a.ns.example.com
   answer: a.ns.example.com 1 A 172.16.135.178
   authority: example.com 1 NS a.ns.example.com
   authority: example.com 1 NS b.ns.example.com
   additional: a.ns.example.com 1 A 203.94.135.178
   additional: b.ns.example.com 10462 A 203.94.129.130
[The "weird ra" message indicates the "Recursion Available" bit is set 
and is standard for Bind servers.  See FAQ on this]
Information on using nslookup with djbdns is here:
   http://cr.yp.to/djbdns/faq/tinydns.html#nslookup
Information on using dnsq and dnsqr to test is here:
   http://cr.yp.to/djbdns/tools.html
As mentioned above, the best tool to use when testing is either dnsq 
or 
dnsqr, both installed as part of djbdns.  If djbdns isn't installed on 
your machine, use dnsquery or dig, both of which are better and more 
robust testing tools than nslookup.
Another version of this answer is:
  http://tinyurl.com/2ae3  OR (full name of link):
http://homepages.tesco.net/~J.deBoynePollard/FGA/nslookup-daft-error-
message.html
There are rumours that Bind 9.1 (or RedHat) may have fixed most or all 
of the problems with nslookup [17 Oct 2001, Mate Wierdl]:
  http://id.wustl.edu/cgi-ez/ezmlm-cgi?2:mss:14066:200110