how to make nslookup return failure if DNS server fails

bennetthaselton · 03-23-2011, 03:13 AM

I'm trying to find a command to tell nslookup, "I want you to try to resolve hostname X using DNS server Y, and if the lookup fails, just output failure -- do NOT fail over to some other DNS server as a backup and use it to try to resolve the same hostname."

I'm trying to follow the man page instructions for doing this, but it doesn't seem to work. The man page for nslookup on my system (CentOS 5.5) includes the line:

"[no]fail Try the next nameserver if a nameserver responds with SERVFAIL or
a referral (nofail) or terminate query (fail) on such a response."

But if I try using that option, the output seems to indicate that after the lookup failed on ns1.afraid.org, nslookup failed over to 208.67.220.220 (the first nameserver listed in my resolv.conf -- an OpenDNS nameserver) and used it to resolve the hostname instead:

>>>
peacefire:/var/www/html# nslookup -fail www.snakemaker.com ns1.afraid.org
Server: 208.67.220.220
Address: 208.67.220.220#53

Non-authoritative answer:
www.snakemaker.com canonical name = snakemaker.com.
Name: snakemaker.com
Address: 66.36.247.191
>>>

That's not what I want. I want the command to return failure if ns1.afraid.org doesn't resolve the hostname. (Mainly so I can glance at output quickly and see whether a lookup failed on a specific server -- without getting confused by extra lines which report "success", when it actually failed on the server that I care about.) How do I specify that?

(The nameserver ns1.afraid.org seems to switch back and forth between resolving and not resolving that hostname, so the above command might not give the same result if you try it.)

(By the way, the man page for nslookup on my system doesn't inspire a lot of confidence -- e.g. at the beginning it says:
"For example, to change the default query type to host information, and the initial timeout to 10
seconds, type:

[new section] INTERACTIVE COMMANDS"

... In other words, someone forgot to fill in the example command after the word "type:"

I tried a few different CentOS 5.5 systems and they all had the same sentence missing.)

jefro · 03-23-2011, 08:18 PM

http://linux.die.net/man/1/nslookup

See how to use options for the server you wish to view.

See also dig.

Your version of nslookup may or may not be similar too. We'd need to know that.

bennetthaselton · 03-23-2011, 08:32 PM

As I said in my original message, I read the man page for nslookup, but the instructions in the man page don't seem to work:

nslookup -fail www.snakemaker.com ns1.afraid.org

does not behave as expected, and instead fails over to my local DNS server if ns1.afraid.org is not working. I don't want it to fail over.

On another forum where I offered cash for the correct answer, someone suggested to use dig instead:

dig www.snakemaker.com @ns1.afraid.org

and that does seem to behave the way I want (if encountering failure, it doesn't try any other server).