Verify WINS as the source for answering a DNS query

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To verify WINS as the source for answering a DNS query

  1. Open Command Prompt.

  2. Type:

    nslookup

  3. After the previous command completes, at the nslookup ("") prompt type:

    set debug

  4. Next, either type:

    set querytype=a

    if you are testing for a WINS forward lookup, or:

    set querytype=ptr

    if you are testing for a WINS-R reverse lookup.

    Respectively, these two commands can be used to set the query type to filter either by host (A) or pointer (PTR) resource records as appropriate for researching either a forward or reverse lookup.

  5. Based on whether you are verifying possible WINS sourcing for either a forward or reverse lookup, type the appropriate fully qualified domain name (FQDN).

    For example, if the forward lookup you are tracing is for a domain name host-a.example.microsoft.com, type:

    host-a.example.microsoft.com.

    If the reverse lookup you are tracing is for an IP address 10.0.0.1, type:

    1.0.0.10.in-addr.arpa.

  6. In the response, note whether the server answered authoritatively or non-authoritatively, and note the Time-To-Live (TTL) value.

  7. If the server answered authoritatively, repeat the same query you performed in stepĀ 4.

  8. In the response, note whether the TTL value decreased with the second query answer or if it remained consistent with the TTL value specified in the first query answer.

    If the TTL value decreased for an authoritatively answered query, the source of the query answer is a WINS server.

  9. To leave debug mode and return to the command prompt, type exit.

Value Description

nslookup

The name of the command-line program.

set debug

Enables the nslookup command to operate in debug mode, providing extended information in the command output.

This mode is required to view query response information about whether the source for a query answer is:

  • authoritative (from a DNS zone or WINS server database)

  • non-authoritative (cached data from previous queries made by the DNS server or loaded from root hints)

set querytype

Changes the type of information query. More information about types can be found in Request For Comment (RFC) 1035.

Notes

  • Performing this task does not require you to have administrative credentials. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.

  • To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.

  • To view the complete syntax for this command, at a command prompt, type:

    nslookup, press Enter and then type help

  • Normally, when a DNS server answers a query from its authoritative zone data, it uses the set minimum or default TTL for the zone or the record-specific TTL value (if one is configured). In so doing, TTLs are decreased in answers the server returns if based on non-authoritative data, such as a cached record at the server.

    WINS lookups present an exceptional case, where an answer received back from a WINS server is cached by the DNS server but is also considered to be authoritative data. In this case, the WINS sourced data is returned to clients as authoritative but ages while in the DNS server names cache, causing the TTL used by the server to decrease over time.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Troubleshooting DNS servers
WINS lookup integration
Using WINS lookup
Nslookup subcommands
Nslookup