2011/05/19

nslookup should be phased out

Shit ! A large number of system administrators are still using “nslookup” to test and troubleshoot faults in resolvers and name servers. They should be aware that “nslookup” is an outdated primitive tool which can not offer much help. They should use “dig”.  Dig for Windows is widely avaialable.  Alternatively, they can install BIND for Windows but just use dig without caring to set up an authoritative name server or resolver.

Just ask yourself a simple question, can nslookup tell if a resolver has successfully verified the signature of a queried name record if the zone being interrogated is DNSSEC-signed.

No comments: