HPE Community
Operating System - HP-UX
1833756 Members
2547 Online
110063 Solutions
New Discussion

Re: Difference between nslookup command mode and interactive mode?

 
SOLVED
Go to solution
Victoria Leung
Advisor

‎09-13-2001 02:15 AM

‎09-13-2001 02:15 AM

Difference between nslookup command mode and interactive mode?

Hi,

I found that there is a difference in using nslookup command mode and interactive mode. Does anyone knows that it is a bug or it is normal? I'm using HP-UX 11.0 and BIND 8.1.2.

1. nslookup 10.1.2.3 10.1.8.9

From the sniffer, I found that the first message going to the DNS 10.1.8.9 is a query of 9.8.1.10.in-addr.arpa.

2. nslookup
>server 10.1.8.9
>10.1.2.3
.....

From the sniffer, the first message going to the DNS 10.1.8.9 is a query of 3.2.1.10.in-addr.arpa.

Why did the command mode of nslookup need to query the PTR of the DNS server first?

Thank you in advance!

Victoria
0 Kudos
Reply
3 REPLIES 3
Bill Hassell
Honored Contributor

‎09-13-2001 04:26 AM

‎09-13-2001 04:26 AM

Solution

Re: Difference between nslookup command mode and interactive mode?

This is a security issue and a common point of failure for DNS servers. nslookup is validating that the DNS server's IP address has an assigned name. If the DNS server doesn't know it's own name, this is an error condition and DNS will be skipped by choosing the next item in /etc/nsswitch.conf (if present).


Bill Hassell, sysadmin
Reply
Kevin Wright
Honored Contributor

‎09-13-2001 08:50 AM

‎09-13-2001 08:50 AM

Re: Difference between nslookup command mode and interactive mode?

Bill, you are exactly right, as usual, nslookup does a reverse lookup of the server to ensure the server is valid. If not valid, it uses secondary means in nsswitch.conf. The question here is what really happens inside nslookup when you issue the server IP directive, does it do a gethostbyIP lookup? I am not sure, but I would guess so.
Reply
rick jones
Honored Contributor

‎09-13-2001 12:14 PM

‎09-13-2001 12:14 PM

Re: Difference between nslookup command mode and interactive mode?

it queried the PTR record because it feels compelled to tell you the name of the name server. presumeably, the code that does that is only in the initialization path when a server IP is on the command line, not in the path taken when you just say nslookup.

most folks seem to be suggesting using other tools to query DNS these days. either dig or perhaps nsquery.
there is no rest for the wicked yet the virtuous have no pillows
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.