转自:
Why the results from nslookup are different to the operation of ping
You've come to this page because you've asked a question similar to the following:
When I pass a domain name to ping it ends up communicating with one particular IP address/reporting a non-existent domain. Why, therefore, when I look up that domain name with nslookup do I see something entirely different to that ?
This is the Frequently Given Answer to that question.
ping is not a tool for diagnosing DNS problems. It is a tool for diagnosing IP connectivity problems. If you are trying to use it for the former task, stop.
Moreover, nslookup is a bad tool and there are better DNS diagnostic tools. Stop using it.
The reason that nslookup can operate differently to ping when it comes to converting domain names to IP addresses is that ping uses the system-supplied library, as used by other applications, for name-to-address mapping whereas nslookup has its own, built in, DNS client library. The system-supplied library consults sources other than one's configured proxy DNS servers, when performing name-to-address mappings. The DNS client library built in to nslookup consults only the DNS. If, therefore, those other sources contain relevant information, the results obtained by using the system-supplied lookup facilities, and thus the operation of ping, will be different to the results obtained via nslookup.
For examples:
On Windows, the system-supplied lookup routines also consult WINS and a HOSTS file, if one has one. If any information is available from either source about the name being looked up, ping will use that information whereas nslookup will not.
On Unix and on Linux, if information is available via NIS or in /etc/hosts, ping will use that information whereas nslookup will not. (On many Unices and on Linux, this behaviour is controllable via /etc/nsswitch.conf and one can tell the system-supplied lookup facilities to consult only the DNS if one wishes to.)
On Windows, on Unix, and on Linux, the system-supplied lookup routines mechanisms may involve local caching (nscd on Unix and on Linux, the caching in the DNS Client service on Windows), whereas nslookup will not. (The difference is often most noticable when it comes to negative answers to lookups.)
Incidentally: The version of nslookup supplied with HP/UX by the vendor has been altered to use these extraneous sources of information in addition to the DNS. However, this makes it unsuitable for use in DNS problem diagnosis.
1. ping如果不通的话, 有可能是本地nscd缓存还没更新, 目标机器停机(重新启动下nscd就OK了), 用nslookup可以得到相应域名最新的ip
2. 配置了/etc/resolve.conf还ping不通, 而且nslookup能通, 很有可能是/etc/nsswitch.conf木有加通过dns来做域名ip映射的配置
阅读(2919) | 评论(0) | 转发(0) |