Verify a zone delegation using the nslookup command

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To verify a zone delegation using the nslookup command

  1. Open Command Prompt.

  2. Type:

    nslookupRootServerIpAddress

  3. Then type:

    nslookup

  4. At the next prompt, type:

    set norecurse

  5. At the next prompt, type:

    set q=NS

  6. Type the fully qualified domain name (FQDN) for the failed name.

    Use the trailing period (.) when entering the name. If zone delegations are set correctly, a list of name server (NS) resource records for delegated servers should be returned in the response.

  7. If the NS query response contains no names or IP addresses for delegated servers, type q=ns and query again using the FQDN for the parent zone of the failed name.

    For example, if the failed name you used in the previous step was example.microsoft.com, query for microsoft.com.

  8. If the response contains NS resource records, but no host (A) resource records, type set recurse and query individually for any of the A resource records of servers listed in the NS resource records.

    If, for each NS resource record you encounter in a zone, you do not find at least one valid IP address in an A resource record, you have a broken delegation.

  9. Either fix the broken delegation or retry the delegation test described in the previous step using a different IP address.

    If more than one A resource record or IP address is found, use it to repeat the delegation test described in the previous step. To fix a delegation, add or update an A resource record in the parent zone with a valid IP address for a correct DNS server for the delegated zone.

Value Description

nslookup

The name of the command-line tool.

root_server_ip_address

The IP address of a valid root server for your network.

set norecursion

A command to instruct the root server to not perform recursion on your query.

set q=NS

The command to send the query for NS resource records to the root server.

Notes

  • Performing this task does not require you to have administrative credentials. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.

  • To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.

  • To view the complete syntax for this command, at a command prompt, type:

    nslookup, press Enter and then type help

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Delegating zones
Understanding zones and zone transfer