13.5 Other Command-Line Utilities

The command-line utilities we've seen so far cover the spectrum of installing and configuring the DNS Server service. There are, however, several other utilities that you are likely to run across as a DNS administrator. They are used for querying and troubleshooting DNS.

13.5.1 nslookup

The nslookup utility is one of the oldest and most widely used DNS tools. With it, you can perform all types of resource record queries and even zone transfers. This tool is so important that we spent most of Chapter 12 describing how to use it.

The nslookup utility is installed by default on Windows 2000, Windows XP, and Windows Server 2003.

13.5.2 ipconfig

The ipconfig utility is most commonly used for releasing and renewing DHCP addresses, but it is also a handy client-side DNS tool. The DNS-related ipconfig options include the following:


This option displays the contents of the client resolver cache. For each cached resource record, it displays the Record Name, Record Type, Time To Live (TTL), Data Length, Section, and RR data. If a record resides in the cache and another query is made for the record, the client uses that record (until the TTL expires) instead of querying a name server again.


This option erases the contents of the resolver cache. Subsequent lookups are sent to a name server and cached again by the client after receiving a response.


This option causes the client to refresh its DHCP lease and its network registration (A and PTR records).

The ipconfig utility is installed by default on Windows 2000, Windows XP, and Windows Server 2003.

13.5.3 netdiag

The netdiag utility performs a variety of network connectivity tests, including a DNS test. The netdiag /test:DNS command iterates over each active network adapter and checks whether the hostname has an A record in the domain specified by the domain suffix for the adapter. If you receive an error message for the DNS test, you should run netdiag /test:DNS /debug, which will produce verbose output and help pinpoint the cause of the failure.

If you run netdiag /test:DNS on a domain controller and receive errors, you can run it again with the /fix option to force all the records in the netlogon.dns file to be refreshed in DNS. See Chapter 8 for more details on the netlogon.dns file.

The netdiag utility is available in the Windows 2000 and Windows Server 2003 Support Tools.

13.5.4 dcdiag

DNS can be hard to configure correctly when initially building an Active Directory infrastructure. The dcdiag utility provides two commands that help assess whether your DNS infrastructure is configured correctly to support Active Directory. The /test:DcPromo option can be used to simulate creating a new forest, domain tree, domain, or replica domain controller. For this test, you have to include the /DnsDomain: option and the name of the target domain. You also need to specify one additional option that indicates the type of test to run. These include: /NewForest, /NewTree, /ChildDomain, and /ReplicaDC. If you use the /NewTree option, you must also include the /ForestRoot: option followed by the name of the forest root domain. Here is an example command line to test creating a new child Active Directory domain called matrix:

C:\> dcdiag test:DcPromo /DnsDomain:matrix.movie.edu /ChildDomain

The other dcdiag test is RegisterInDNS. It verifies whether a domain controller can register an A record for its hostname as well as the various locator records required by Active Directory. The only additional option that is required for this command is /DnsDomain: followed by the domain that the domain controller is in. Here is an example:

C:\> dcdiag test:RegisterInDNS /DnsDomain:movie.edu

You can specify the /s: option followed by the name of a target domain controller if you want to run dcdiag remotely.

The dcdiag utility is available in the Windows 2000 and Windows Server 2003 Support Tools, but the DcPromo and RegisterInDNS tests are available only in the latter.

13.5.5 DNSLint

The DNSLint utility is new in Windows Server 2003 and provides a way to quickly check for the existence of one or more resource records on several name servers. Additionally, it can check for lame delegations, and the resource records necessary for Active Directory replication to occur as well as performing connectivity tests for well known email protocols (i.e., SMTP, POP, and IMAP).

The DNSLint utility is part of the Windows Server 2003 Support Tools. For more information on DNSLint, see Chapter 15.

13.5.6 dnsdiag

The dnsdiag utility can be used to troubleshoot email delivery problems that stem from DNS misconfigurations. It works by simulating the DNS activity performed by an SMTP agent that is attempting to deliver email. In order for dnsdiag to work, either Exchange or SMTP service needs to be installed on the computer that dnsdiag is run from. If neither is installed, you will see a cryptic error stating that ISATQ.dll was not found.

dnsdiag can be found in the Windows Server 2003 Resource Kit.