Why do dig, host and nslookup return different results?
Defining this:
test.example.com. IN A 123.123.12.123
would be correct.
This:
test.example.com. 41 IN CNAME 123.123.12.123.
is invalid. A CNAME must point to an entry that appears on the left: a name, not an IP address.
Here the IP address and its final dot is taken as a name anyway, that's why the authority section refers to a root DNS server a.root-servers.net., because even the lowest part (which would be 123.) can't be found according to it.
So the first command (dig
) reports the answer it got while also telling NXDOMAIN, while the two other commands can't resolve the final result and just tell NXDOMAIN.
Related videos on Youtube
Jaap Joris Vens
Roads? Where we're going we don't need roads.
Updated on September 18, 2022Comments
-
Jaap Joris Vens over 1 year
It seems my default (router) DNS server returns different results depending on the tool used to query it.
-
Using
dig
:$ dig @192.168.1.2 test.example.com ; <<>> DiG 9.16.8-Debian <<>> @192.168.1.2 test.example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58608 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;test.example.com. IN A ;; ANSWER SECTION: test.example.com. 41 IN CNAME 123.123.12.123. ;; AUTHORITY SECTION: . 3357 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020112400 1800 900 604800 86400 ;; Query time: 0 msec ;; SERVER: 192.168.1.2#53(192.168.1.2) ;; WHEN: Tue Nov 24 10:12:40 CET 2020 ;; MSG SIZE rcvd: 148
As you can see, it successfully finds the IP address of
test.example.com
, which is123.123.12.123
. However, the following two tools do not.-
Using
host
:$ host test.example.com 192.168.1.2 Using domain server: Name: 192.168.1.2 Address: 192.168.1.2#53 Aliases: Host test.example.com not found: 3(NXDOMAIN)
-
Using
nslookup
:$ nslookup test.example.com 192.168.1.2 Server: 192.168.1.2 Address: 192.168.1.2#53 ** server can't find test.example.com: NXDOMAIN
What is going on here? Why is there a difference between the results of
dig
,host
, andnslookup
? Don't they all perform the same DNS queries under the hood?Edit: as the accepted answer points out, I incorrectly used a
CNAME
instead of anA
record. I have since updated the DNS entry and now the domain name resolves correctly.Edit2: domain and IPs are fake
-
-
Håkan Lindqvist over 3 yearsIndeed, a
CNAME
RR has a name-typed value and the problem occurring here is that the104.248.81.197.
value is "clearly" an all-numeric name (not an IP address!), and this all-numeric name does not resolve to any IP address. -
A.B over 3 yearsYes I'll add this in the answer
-
A.B over 3 yearsbtw: OP corrected the entry, it now resolves correctly.
-
Shadur over 3 yearsAnd because the CNAME it points to is faulty, all three tools return
NXDOMAIN
.dig
just returns the entire answer section as well, which shows the bad answer.