[dns-operations] Single label queries on Windows (11)

Greg Choules gregchoules+dnsops at googlemail.com
Sun Jul 9 04:30:27 UTC 2023

Dig *was* available for Windows. It just wasn't publicised very well. An ex
colleague of mine used it (when we worked for a company who were a
Windows shop for users' machines) because he used dig on the *x servers

Having said that, the implementation of nslookup on Windows is pretty good
(IMHO). You just have to be aware of and understand all its configuration
options and defaults. It also has an interactive mode, which is neat.
BUT (like dig etc.) it uses its own resolver code, not the Windows system
one, and they don't always agree! I had to deal with regular issues where
applications wouldn't work, even though nslookup said the name resolved to
what was expected. So user beware!.This is probably a consequence of how
Windows does name resolution for applications; see below.

The major issue I had with Windows, compared to *x, is its multiple default
domains. In /etc/resolv.conf you can specify "domain a.b.c.d", which sets
the default domain for the whole machine. in Windows, not only does the
machine as a whole have a default domain, but every interface may also have
a different default domain. So if users/applications asked for resolution
of non FQDNs the results could be... interesting and unpredictable,
depending on the route taken to reach the chosen DNS server.
Windows does not have a 'resolv.conf' or equivalent. I never did get to the
bottom of exactly how it chose what to query for. I also have a suspicion
that it changed as Windows evolved.

As for use of nslookup on other OSes I tended to find that people fell into
two camps:
1) people who knew DNS used dig.
2) people who knew Unix/Solaris/HP-UX/linus used nslookup and trying to
convince them otherwise was a struggle because they'd grown up with
nslookup :shrug:

Just my 2p

On Sat, 8 Jul 2023 at 20:58, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:

> On Sat, Jul 08, 2023 at 12:36:12PM -0700, David Conrad wrote:
> > Instead, we recommended dig as (a) it provides all sorts of options
> > that help with pretty much every form of diagnostic you can imagine
> > and (b) it doesn’t try to “help”.  We obviously didn’t succeed and
> > it’s far too late now (it was back then too).  Ah well…
> I think you succeeded everywhere but on Windows.  In MacOS, /usr/bin/dig
> is part of the base OS!  I haven't used "nslookup" in a couple of
> decades or more.  We now also have "drill", "kdig", "delv", ... a wealth
> of much better than "nslookup", I am guessing inspired by "dig",
> alternatives.
> --
>     Viktor.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20230709/95a95c48/attachment.html>

More information about the dns-operations mailing list