Monday, November 11, 2013

Hello Resolve-DnsName, Goodbye NSLookup

For several decades, I’ve used the NSLookup.exe command in DOS and Windows as a way of doing DNS troubleshooting. At one time, I needed it to verify basic domain lookup configuration, but Windows DNS makes it pretty simple to set domains up correctly. More recently, with products such as Lync, there is a need to have other DNS records validated, particularly SRV records that enable client auto-login etc.

NSLookup is not bad – in a former life I actually read bits of the code. It’s a tool I know how to use, and like I tell my PowerShell class, if it isn't broken, don’t fix it. Fair enough, I suppose, but It’s not really very PowerShell friendly.

As part of preparing my next Pluralsight Course, managing DNS with PowerShell, I’ve been playing with some of the new DNS Client cmdlets that come, in specific, for Server 2012 R2. One useful cmdlet is Resolve-DNSName.

Resolve-DNSName does pretty much exactly what NSLookup did, direct from the command line, plus a bit more. The cmdlet, unlike NSLookup, is able to make use of LLMNR, NetBIOS (or not) and can turnoff recursion in answering a query.

Here is some sample output:

PS C:> Resolve-DnsName -type all reskit.org

Name           Type TTL  Section    IPAddress
----           ---- ---  -------    ---------
reskit.org     A    600  Answer     10.0.0.10

Name      : reskit.org
QueryType : NS
TTL       : 3600
Section   : Answer
NameHost  : dc1.reskit.org


Name                   : reskit.org
QueryType              : SOA
TTL                    : 3600
Section                : Answer
NameAdministrator      : hostmaster.reskit.org
SerialNumber           : 26
TimeToZoneRefresh      : 900
TimeToZoneFailureRetry : 600
TimeToExpiration       : 86400
DefaultTTL             : 3600

dc1.reskit.org A    3600 Additional 10.0.0.10

[Srv1]: PS C:> Resolve-DnsName -Name srv2.reskit.org

Name            Type TTL  Section IPAddress
----            ---- ---  ------- ---------
srv2.reskit.org A    1200 Answer  10.0.0.31

There are also switches for turning on or not DNSSec and EDNS, and can request any/all, or specific RR types. Long live Resolve-DNSName!

Technorati Tags: ,,

2 comments:

john_connett said...

I'm experiencing an unusual problem with Resolve-DnsName demonstrated by the following:

PS C:\Users\Administrator.PORTAL> Resolve-DnsName -Type All -Name portal.ad.contoso.com
Name Type TTL Section IPAddress
---- ---- --- ------- ---------
portal.ad.contoso.com A 2011 Answer 55.66.77.88
PS C:\Users\Administrator.PORTAL> Resolve-DnsName -Type A -Name portal.ad.contoso.com
Name Type TTL Section IPAddress
---- ---- --- ------- ---------
portal.ad.contoso.com A 1200 Question 192.168.94.2
PS C:\Users\Administrator.PORTAL> Resolve-DnsName -Type A -Name portal.ad.contoso.com -DnsOnly
Name Type TTL Section IPAddress
---- ---- --- ------- ---------
portal.ad.contoso.com A 1953 Answer 55.66.77.88
PS C:\Users\Administrator.PORTAL>

I would expect "-Type All" and "- Type A" to return the same A resource record but they don't. I'm also puzzled by the "Question" section.

Any idea what is going on?

Roman Revell said...

Never quite how you want it... I notice that they also left out a way to see what server or other name source is being queried. Sometimes that can help with troubleshooting. I can specify my default server that nslookup uses and not resolve a name with resolve-dnsname, but then if I don't specify anything, it resolves the name. Confusing.