Why the results from nslookup are different to the operation of ping

9:31:00 PM 0 Comments

Why the results from nslookup are different to the operation of ping

You've come to this page because you've asked a question similar to the following:
When I pass a domain name to ping it ends up communicating with one particular IP address/reporting a non-existent domain. Why, therefore, when I look up that domain name with nslookup do I see something entirely different to that ?
This is the Frequently Given Answer to that question.
ping is not a tool for diagnosing DNS problems. It is a tool for diagnosing IP connectivity problems. If you are trying to use it for the former task, stop.
Moreover, nslookup is a bad tool and there are better DNS diagnostic tools. Stop using it.
The reason that nslookup can operate differently to ping when it comes to converting domain names to IP addresses is that ping uses the system-supplied library, as used by other applications, for name-to-address mapping whereas nslookup has its own, built in, DNS client library. The system-supplied library consults sources other than one's configured proxy DNS servers, when performing name-to-address mappings. The DNS client library built in to nslookup consults only the DNS. If, therefore, those other sources contain relevant information, the results obtained by using the system-supplied lookup facilities, and thus the operation of ping, will be different to the results obtained via nslookup.
For examples:
  • On Windows, the system-supplied lookup routines also consult WINS and a HOSTS file, if one has one. If any information is available from either source about the name being looked up, ping will use that information whereas nslookup will not.
  • On Unix and on Linux, if information is available via NIS or in /etc/hostsping will use that information whereas nslookup will not. (On many Unices and on Linux, this behaviour is controllable via /etc/nsswitch.conf and one can tell the system-supplied lookup facilities to consult only the DNS if one wishes to.)
  • On Windows, on Unix, and on Linux, the system-supplied lookup routines mechanisms may involve local caching (nscd on Unix and on Linux, the caching in the DNS Client service on Windows), whereas nslookup will not. (The difference is often most noticable when it comes to negative answers to lookups.)
Incidentally: The version of nslookup supplied with HP/UX by the vendor has been altered to use these extraneous sources of information in addition to the DNS. However, this makes it unsuitable for use in DNS problem diagnosis.

Some say he’s half man half fish, others say he’s more of a seventy/thirty split. Either way he’s a fishy bastard.