nslookup must die
Posted by tim in It wouldn't fit in any other category... on August 8, 2006

So I just got this e-mail from some random individual that I have never met before. It's actually a very worthwhile read, especially if you're any sort of a systems administrator working with DNS entries:

Please note that the following text will not be formatted properly. It's still readable though.

I run DNS servers for a living. I do a lot of DNS research, too. A dig of your domain's NS records is below. See that NS record pointing to 127.0.0.1 ? NS records can only point to host NAMEs not IP addresses. Your NS records essentially tell a name server who is querying for your domain this sort of dialog, "For future look ups for the skudd.com domain, please contact the servers named, "ns1.craftstream.com" and "ns2.craftstream.com", in addition, please contact the server whose host is NAMED "127.0.0.1"". That record is not supposed to be there. People who are using a particular type of name server could have a hard time reaching your domain. Also, you should consider reading RFC 1912. -- the part about having all your name servers in one network block. Since I'm a DNS researcher, and I track down weird DNS stuff, I would like to know if you had a resource that told you to put that 127.0.0.1 record in there, or if you came up with it on your own. If you got it from a resource, could you please share it with me, so I could correct them, too? [pbarber@smap ~]$ dig skudd.com ns @209.51.159.66 ; <<>> DiG 9.3.2 <<>> skudd.com ns @209.51.159.66 ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 455 ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2 ;; QUESTION SECTION: ;skudd.com. IN NS ;; ANSWER SECTION: skudd.com. 14400 IN NS 127.0.0.1. skudd.com. 14400 IN NS ns1.craftstream.com. skudd.com. 14400 IN NS ns2.craftstream.com. ;; ADDITIONAL SECTION: ns1.craftstream.com. 14400 IN A 209.51.159.66 ns2.craftstream.com. 14400 IN A 209.51.159.67 ;; Query time: 40 msec ;; SERVER: 209.51.159.66#53(209.51.159.66) ;; WHEN: Tue Aug 8 14:33:48 2006 ;; MSG SIZE rcvd: 130

So, I sent the person a response:

Thank you for bringing this to my attention. My primary concern is who you are in the scheme of things. Not that I find it offensive that you contacted me about this, but that I am simply curious as to who you are. Thanks again.

And I got the following response:

I'm surprised you haven't googled me yet. I had just finished educating somebody as to why nslookup must never be used under any circumstances. On a whim, I googled for "nslookup must die" and google directed me to your site when you were blogging about your DNS problems. Apparently, "Emo must die" and your nslookup from your DNS problems was good enough for google. I do DNS professionally, (for the last 10 years or so) I saw your posting including your NS set, and you included one of my pet peeves, the 127.0.0.1 in the NS records set. I guess if a carpenter saw a piece of wood only glued in place with Elmer's glue and not nailed in place would feel the same way.

If anyone is wondering why the localhost entry was there in the first place, I can't answer it. I have no idea where it came from, but I've asked Jason (my hosting provider) to revert the DNS zone to what cPanel and WHM are expecting, then setup the CNAME records for the Wildebeest and my home server. While he works on that, various sites based on the skudd.com DNS zone may be inaccessible for a little while.

But back to the topic: "nslookup" is a piece of crap. It doesn't provide any worthwhile information, whereas "dig" will. Anyone still using nslookup should cease using it and replace it with dig.

That is all.

 
Comments

lmfao

  • Posted by macguy (Guest) on August 8, 2006 at 05:27:21PM
Add a comment