Difference between ping and nslookup in name resolution

Discussion in 'Windows Server 2003 / 2008 / 2012 / 2016' started by searchformeaning, Oct 24, 2012.

  1. searchformeaning

    searchformeaning Bit Poster

    32
    0
    31
    That's one of the questions I got asked "what is the difference between ping and nslookup considering name resolution?" or in another context "what command to use to make sure that dns resolves names correctly ping or nslookup? and why?"

    For example:
    ping fileserver & nslookup fileserver.compnay.com

    if ping works fine is it enough to make sure that DNS is working correctly or I have to use nslookup to make sure that it's not a DNS problem
     
    Certifications: A+, Security+, MCP
  2. SimonD
    Honorary Member

    SimonD Terabyte Poster

    3,681
    440
    199
    You would use ping -a to resolve the ip address to the host name, rather than simply ping host name (because pinging the hostname indicates you already have that name in the resolver cache or it will come back as an unknown host name).

    Troubleshooting process would be to first of all ping the IP address, then trying a ping -a to see if it resolves. An issue you could get with NSLOOKUP is it only looking in your naming context unless you specify another DNS server.

    As long as you have either forwarders or root hints enabled and functioning correctly then ideally ping -a should work for most of your troubleshooting requirements.
    Additionally you may want to clear the resolver cache on the client (ipconfig /flushdns) if you make any changes to host\ip addresses of machines\devices.
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
  3. searchformeaning

    searchformeaning Bit Poster

    32
    0
    31
    Ok, first of all, thanks for your reply. It's pretty helpful. But I have one question about what you said. First, "(because pinging the hostname indicates you already have that name in the resolver cache or it will come back as an unknown host name)." why it will come back as an unknown host name if it's is not in the resolver cache? I guess it'll send a query to the ip address of the dns server to resolve it.
     
    Certifications: A+, Security+, MCP
  4. SimonD
    Honorary Member

    SimonD Terabyte Poster

    3,681
    440
    199
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
  5. searchformeaning

    searchformeaning Bit Poster

    32
    0
    31
    Each query message the client sends contains three pieces of information, specifying a question for the server to answer:
    A specified DNS domain name, stated as a fully qualified domain name (FQDN)
    A specified query type, which can either specify a resource record by type or a specialized type of query operation
    A specified class for the DNS domain name.

    so it must be the FQDN not just the host name. That's what you wanted to say?
     
    Certifications: A+, Security+, MCP
  6. AdamV

    AdamV Bit Poster

    26
    4
    19
    ping will use any means at it's disposal to resolve the name to an IP - cache, local hosts file, WINS potentially, even a broadcast possibly, and depending on your settings and OS version, it might do all of these before thinking to ask DNS.
    nslookup does what it says on the tin - a Name Server lookup. No ifs buts or maybes. You can have a line in your local hosts which may make ping seem to work, but if your DNS server can't resolve the address then other client machines may not work.
    So nslookup is the better tool if you want to a) test that DNS can resolve a record b) do a test on one machine that is a reasonable indicator of how another client on the same LAN should behave.
    You can also direct nslookup to a specific DNS server, or only to look for specific record types (eg an MX server). ping will take any A or CNAME record it finds, so it's a blunter instrument.

    Have a look at using DiG instead of either:
    Newsletter #94: Getting and Using DiG, NSLOOKUP's essential replacement
     
    Certifications: MCT, MCSA:Messaging 2003, MCTS:Dynamics CRM 4.0 and 2011; MOS: Master Instructor 2003, 2007
    WIP: Writing CRM 2013 Customization course. Planning to take all CRM 2013 exams ASAP
    searchformeaning likes this.

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.