Verify WINS as the Source for Answering a DNS Query

Updated: May 9, 2008

Applies To: Windows Server 2008

You can use this procedure to determine whether a Domain Name System (DNS) server query response uses a Windows Internet Name Service (WINS) server as a source.

You do not need administrative credentials to perform this procedure. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.

  1. Open a command prompt.

  2. Type the following command, and then press ENTER:

    nslookup 
    
  3. After the previous command completes, at the nslookup prompt (>), type:

    set debug
    
  4. Next, do one of the following

    • If you are testing for a WINS forward lookup, type the following, and then press ENTER:

      set q=a
      
    • If you are testing for a WINS reverse lookup, type the following, and then press ENTER:

      set q=ptr
      
  5. Next, do one of the following:

    • If you are testing for a WINS forward lookup, type the fully qualified domain name (FQDN) of the host name that you are testing the query for, and then press ENTER. For example, if the forward lookup that you are tracing is for a host with the DNS name host-a.example.microsoft.com, type host-a.example.microsoft.com.

    • If you are testing for a WINS reverse lookup, type the FQDN for the reverse lookup in the form <IPAddress>.in-addr.arpa, and then press ENTER. For example, if the reverse lookup that you are tracing is for a host with the IP address 10.0.0.1, type 1.0.0.10.in-addr.arpa.

    Make note of the Time to Live (TTL) value in the response.

  6. Repeat the previous step. In the response, note whether the TTL value decreased with the second query answer or if it remained consistent with the TTL value that is specified in the first query answer.

    If the TTL value decreased for an authoritatively answered query, the source of the query answer is a WINS server.

  7. To close nslookup, type exit, and then press ENTER.

 

Value Description

nslookup

The command-line tool for querying DNS name servers.

set debug

Makes it possible for the nslookup command to operate in debug mode, which provides extended information in the command output.

This mode is required to view query response information that indicates whether the source for a query answer is authoritative (that is, from a DNS zone or WINS server database) or not authoritative (that is, consisting of cached data from previous queries made by the DNS server or loaded from root hints).

set q

Changes the type of information query.

To view the complete syntax for this command, at a command prompt, type the following commands, pressing ENTER after each command:

nslookup
?

Community Additions

ADD
Show: