Wednesday, July 30, 2008

nslookup: Rumors of my death have been greatly exaggerated

I'm currently working through the Sun Learning Connection (on-line / web-based training) to review the curriculum for my Sun Certified Network Administrator (SCNA) update examination. I'm a big fan of Sun's web based training as a study tool because it has always done a great job of preparing me for my certifications.

One of the interesting pieces of content I passed through indicated that in Solaris 10 the nslookup command has been deprecated. Dig is now included in Solaris, and according to the WS-3002-S10 course, is the preferred tool for querying DNS information. I remember when this same fascination with dig sped through the Linux distributions I used to use as well. I would type "nslookup _____" and the OS would dutifully reply that I really ought to be using dig, but here's my reply. You know what? I don't need my OS to tell me what I want. I just need it to do what I ask.

Fortunately, despite the menacing overtone of this training curriculum's message, I have yet to find a warning message come out of my Solaris servers. Dig is indeed included in Solaris, which is a great thing. It is certainly a more detailed tool for diagnosing DNS queries, and I'm thrilled to see Solaris inclusion of industry standard DNS tools.

But let's return once again to that hint about deprecating nslookup... Let's say I just want to see what the name service is returning for a given lookup. I'm just looking for right or wrong, not a detailed and cryptic report to gaze through. Here's the dig command and output for a reverse-lookup:

testbox# dig @192.168.1.2 foo.edu -x 192.168.2.1

; <<>> DiG 9.2.4 <<>> @192.168.1.2 two.edu -x 192.168.2.1
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1174
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0


;; QUESTION SECTION:
;two.foo. IN A

;; AUTHORITY SECTION:
foo.edu. 10800 IN SOA sys22.foo.edu.
root.sys22.foo.edu. 2005010101 3600 1800 6048000 86400


;; Query time: 11 msec
;; SERVER: 192.168.1.2#53(192.168.1.2)
;; WHEN: Wed Jan 12 08:07:30 2005
;; MSG SIZE rcvd: 72


;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR,
id: 1982
;; flags: qr rd ra; QUERY: 1, ANSWER: 1,
AUTHORITY: 2, ADDITIONAL: 0


;; QUESTION SECTION:
;1.2.168.192.in-addr.arpa. IN PTR


;; ANSWER SECTION:
1.2.168.192.in-addr.arpa. 86400 IN PTR sys21.foo.edu.

;; AUTHORITY SECTION:
2.168.192.in-addr.arpa. 86400 IN NS sys23.foo.edu.
2.168.192.in-addr.arpa. 86400 IN NS sys22.foo.edu.


;; Query time: 6 msec
;; SERVER: 192.168.1.2#53(192.168.1.2)
;; WHEN: Wed Jan 12 08:07:30 2005
;; MSG SIZE rcvd: 109


Whoa. That was a lot to digest. Now, REALLY QUICK... Go find out what the hostname is for the queried IP. Yeah, sorry, you took too long tracing through all that. Now lets' look at the nslookup approach:

testbox# nslookup 192.168.2.1
Server: 192.168.2.1
Address: 192.168.2.1#53

1.2.168.192.in-addr.arpa name = sys22.foo.edu.


Yep, that's a bit more efficient.

The moral of the story is that UNIX includes many tools, each of which serves a specific purpose it is (usually) optimized for. I'd hate to think that my future basic DNS queries would be serviced by unwieldy dig output. I'm thrilled that if I run into a more serious DNS issue I can call on dig to help me, but replacing nslookup completely with dig would be like replacing gEdit with OpenOffice Writer. The completely wrong philosophy.

To borrow from Mark Twain, "The rumours of nslookup's death are greatly exaggerated!"

4 comments:

jarett.stevens said...

A bit late, but another userful tool is getent:

jcs@jcs-sol10-1:~$ getent hosts google.com
209.85.171.99 google.com
72.14.207.99 google.com
64.233.187.99 google.com

Sebastian Kayser said...

Late as well :) - just stumbled upon your Solaris date epoch hack - but anyway: Are you aware of the dig query option +short (abbreviated +sh)?

$ dig google.com +sh
209.85.171.99
64.233.187.99
72.14.207.99

$ dig -x 209.85.171.99 +sh
cg-in-f99.google.com.

There are heaps of other query options. For example, if you use the +sh option and still want to know where your answer came from append +id as well.

$ dig -x 209.85.171.99 +sh +id
cg-in-f99.google.com. from server 10.250.0.20 in 0 ms.

Should ease the pain ;)

Christopher Hubbell said...

Indeed that +sh option makes the tool much more palatable in this scenario. I had not been aware of it previously, but I'm glad to see it. I still believe that there doesn't appear to be a strong reason to discuss the deprecation of a long standing and perfectly functional tool like nslookup. I'm all for the inclusion of dig and it's formidable features, but nslookup has its place as well.

Mark D said...

There's always `host(1m)` for succinct answers:

$ host 10.10.220.10
10.220.10.10.in-addr.arpa domain name pointer kgnwwwsvr01.empire.corp.
$ host kgnwwwsvr01
kgnwwwsvr01.empire.ca has address 10.10.220.10
$