Share via


Verify that WINS is answering a DNS query

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

You can use the following procedure to verify that Windows Internet Name Service (WINS) is resolving a Domain Name System (DNS) query.

Normally, when a DNS server answers a query from its authoritative zone data, it uses the set minimum or default Time to Live (TTL) for the zone or the record-specific TTL value (if one is configured). In so doing, TTLs are decreased in answers that the server returns if they are based on nonauthoritative data, such as a cached record at the server.

WINS lookups present an exceptional case, in which an answer that is received back from a WINS server is cached by the DNS server but is also considered to be authoritative data. In this case, the WINS sourced data is returned to clients as authoritative, but it ages while it is in the DNS server names cache, which causes the TTL that is used by the server to decrease over time.

Administrative credentials

You do not need administrative credentials to perform this procedure. Therefore, as a security best practice, consider performing this procedure as a user without administrative credentials.

To verify that WINS is answering a DNS query

  1. At a command prompt, type the following command, and then press ENTER:

    nslookup

  2. At the nslookup ("") prompt, type the following command, and then press ENTER:

    set debug

  3. Next, either type:

    set querytype=a

    if you are testing for a WINS forward lookup, or:

    set querytype=ptr

    if you are testing for a WINS-R reverse lookup, and then press ENTER.

    Respectively, these two commands can be used to set the query type to filter either by host address (A) or pointer (PTR) resource records as appropriate for researching either a forward lookup or a reverse lookup.

  4. Based on whether you are verifying possible WINS sourcing for either a forward lookup or a reverse lookup, type the appropriate fully qualified domain name (FQDN).

    For example, if the forward lookup that you are tracing is for a domain name host-a.sales.wingtiptoys.com, type:

    host-a.sales.wingtiptoys.com.

    If the reverse lookup that you are tracing is for an Internet Protocol (IP) address 10.0.0.1, type:

    1.0.0.10.in-addr.arpa.

  5. In the response, note whether the server answered authoritatively or nonauthoritatively, and note the TTL value.

  6. If the server answered authoritatively, repeat the same query that you performed in step 4.

  7. In the response, note whether the TTL value decreased with the second query answer or if it remained consistent with the TTL value that was specified in the first query answer.

    If the TTL value decreased for an authoritatively answered query, the source of the query answer is a WINS server.

  8. To leave debug mode and return to the command prompt, type exit, and then press ENTER.

    Value Description

    set debug

    Enables the nslookup command to operate in debug mode, providing extended information in the command output.

    This mode is required to view query response information about whether the source for a query answer is:

    • Authoritative (from a DNS zone or a WINS server database)

    • Nonauthoritative (cached data from previous queries made by the DNS server or loaded from root hints)

    set querytype

    Changes the type of information query. More information about types can be found in Request for Comments (RFC) 1035.