Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Dnslint.exe: DNS Lint
This command-line tool allows you to verify Domain Name System (DNS) records for a specified domain name. Use DNSLint to help diagnose potential causes of incorrect delegation and other common DNS problems.
System Administrators use DNS delegations to assign the authority for a DNS subdomain to a set of DNS servers. These delegations help administrators implement a DNS infrastructure that is scalable, flexible, and easy to administer.
Incorrect delegation is a common problem with DNS structures. This can occur when the authority for a DNS subdomain has been delegated to a particular DNS server that either does not exist, or does not have authority over the subdomain.
Incorrect delegation problems are compounded when other DNS issues are present in a DNS infrastructure. For example, if DNS domain information is not identical on all authoritative DNS servers, data returned from the servers may differ, leading to intermittent name resolution difficulties. In another scenario, if a Mail Exchange (MX) record exists but the corresponding glue record is missing, then e-mail delivery to that domain may be erratic.
Prior to the development of DNSLint, the nslookup utility was frequently used to diagnose and troubleshoot these types of DNS issues. Nslookup allows users to manually traverse a DNS infrastructure, inspecting the various DNS records. However, DNSLint offers quicker verification that record-level data is correct.
For more information about DNS, see DNS or Concepts in Microsoft Management Console Help.
For more information about troubleshooting DNS, see the chapter Troubleshooting DNS in the Networking Guide of the Windows Server 2003 Resource Kit.
Common Active Directory DNS Problems
Verifying a particular set of DNS records on multiple DNS servers can help diagnose and fix problems caused by missing or incorrect DNS records.
For example, when clients are experiencing problems logging on to the domain, verifying that the SRV records that clients use to find LDAP and Kerberos servers are available and accurate, can help determine if DNS is a cause of the problem.
Another scenario example is where you receive reports that customers are having problems accessing your Web site on the Internet. It would be nice to have a tool that quickly checks all the DNS records that are involved with the Web farm on all of the DNS servers that are supposed to have these records. You could quickly determine if there are missing or incorrect DNS records that may be related to the problem.
In a third example, you could be experiencing problems with e-mail delivery. You can send e-mail, but you are not receiving e-mail. Name resolution could be the problem? To confirm this theory or eliminate it as a possibility, you need to check all of the DNS records on all of the DNS servers that are used to resolve the IP address of the e-mail server.
DNSLint runs on a source computer and acts on a target computer. The target computer can be the same computer as the source computer, or it can be a different computer.
Source Computer Requirements
Windows 2000, Windows XP, or Windows Server 2003
Target Computer Requirements
The target computer's domain must be registered with an accredited domain registrar, or running DNS in a private namespace.
Alphabetical List of Tools
Sidwalker Security Administration Tools