nslookup has its own set of dials and knobs called option settings. All the option settings can be changed. We'll discuss here what each of the options means. We'll use the rest of the chapter to show you how to use them.
C:\> nslookup Default Server: terminator.movie.edu Address: 18.104.22.168 > set all Default Server: terminator.movie.edu Address: 22.214.171.124 Set options: nodebug defname search recurse nod2 novc noignoretc port=53 type=A class=IN timeout=2 retry=1 root=A.ROOT-SERVERS.NET. domain=movie.edu MSxfr IXFRversion=1 srchlist=movie.edu > ^Z
Before we get into the options, we need to cover the introductory lines. The default name server is terminator.movie.edu. This means that every query sent by nslookup will be sent to terminator.
The options come in two flavors: Boolean and value. The options that do not have an equals sign after them are Boolean options and they are either "on" or "off." The value options can take on different, well, values. How can we tell which Boolean options are on and which are off? The option is off when a "no" precedes the option's name. nodebug means that debugging is off. As you might guess, the option search is on.
How you change Boolean or value options depends on whether or not you are using nslookup interactively. In an interactive session, you change an option with the set command, as in set debug or set domain=classics.movie.edu. From the command line, you omit the word set and precede the option with a hyphen, as in nslookup -debug or nslookup -domain=classics.movie.edu. The options can be abbreviated to their shortest unique string?for example, nodeb for nodebug. In addition to its abbreviation, the querytype option can also be entered simply as type.
Let's go through each of the options:
Debugging is turned off by default. If it is turned on, nslookup displays the complete contents of the response messages from the name server. See [no]d2 for a discussion of debug level 2.
This option reflects nslookup's BIND heritage. By default, nslookup adds the default domain name to names without a dot in them. Before search lists existed, the BIND resolver code would add the default domain only to names without any dots in them; this option reflects that behavior. nslookup can implement the pre-search list behavior (with search off and defname on), or it can implement the search list behavior (with search on).
The search option "overshadows" the default domain name (defname) option. That is, defname applies only if search is turned off. By default, nslookup appends the domain names in the search list (srchlist) to names that don't end in a dot. nslookup's search list is constructed from the Append these DNS suffixes field on the DNS tab of the Advanced TCP/IP Settings window.
nslookup requests recursive service by default. This turns on the recursion-desired bit in query messages. The Windows resolver sends recursive queries in the same way. Name servers, however, send nonrecursive queries to other name servers.
Debugging at level 2 is turned off by default. If it is turned on, you see the query messages sent to the name server in addition to the regular debugging output. Turning on d2 also turns on debug. Turning off d2 turns off d2 only; debug is left on. Turning off debug turns off both debug and d2.
By default, nslookup makes queries using UDP instead of over a TCP connection (virtual circuit). Most Windows resolver queries are made with UDP, so the default nslookup behavior matches the resolver.
By default, nslookup doesn't ignore truncated messages. If a message is received that has the "truncated" bit set?indicating that the name server couldn't fit all the important information in the UDP response message?nslookup doesn't ignore it; it retries the query using a TCP connection instead of UDP.
The DNS service is on port 53. You can start a name server on another port?for debugging purposes, for example?and nslookup can be directed to use that port.
By default, nslookup looks up A (address) resource record types. In addition, if you type in an IP address (and the nslookup query type is address or pointer), nslookup inverts the address, appends in-addr.arpa, and looks up PTR (pointer) data instead.
The only class that matters is Internet. Well, there's the Hesiod (HS) class, too, if you are an MITer or run Ultrix.
If the name server doesn't respond within two seconds, nslookup resends the query and waits another two seconds before giving up and printing a timeout message. The Windows resolver uses different timeouts when querying a single name server (see Chapter 6).
The query is sent just once before giving up. Again, the Windows resolver behaves slightly differently as discussed in Chapter 6.
A convenience command called root switches your default server to the server named here. Executing the root command from nslookup's prompt is equivalent to executing server A.ROOT-SERVERS.NET. You can change the default "root" server with set root=server.
This is the default domain name appended if the defname option is on. If the defname option is not on, no default domain name is appended.
The Microsoft DNS Server implements a feature that Microsoft calls "fast" zone transfers. Those of you familiar with the BIND name server know this as the "many answers" zone-transfer format, in which multiple records are packed into the answer section of a single DNS message during a zone transfer. (The method implemented by older BIND name servers uses one DNS message per record, which is somewhat wasteful of bandwidth.) This option indicates whether or not to request one of these "fast" zone transfers.
The Microsoft DNS Server also supports a protocol called incremental zone transfer (IXFR). IXFR requests include a version number. The default value of 1 corresponds to the IXFR version supported by the Microsoft DNS Server. At this point, there's no reason to change this value.
If search is on, t hese domain names are appended to names that do not end in a dot. The domain names are listed in the order in which they will be tried and are separated by slashes.