Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
751
Views
0
Helpful
4
Replies

enabling nslookups via rules - help

whiteford
Level 1
Level 1

‎12-30-2006 06:09 AM - edited ‎03-11-2019 02:14 AM

I can't do nslookups through our pix from my PC, what do I need to do?

Labels:
0 Helpful
4 Replies 4

scottmac
Level 10
Level 10

‎12-30-2006 07:25 AM

What error are you getting?

Have you tried specifiying a specific DNS to query? Internal or external?

Have you tried "dig"? "dig" is not available on MS Windows, but can be downloaded. It is the "new nslookup" and gives more/better information.

Let us know

Scott

0 Helpful

whiteford
Level 1
Level 1
In response to scottmac

‎12-30-2006 07:33 AM

sorry it's nslookups to external Internet addresses like www.google.com. Internal is fine, so I believe it must be a Pix rule I need to create?

0 Helpful

scottmac
Level 10
Level 10
In response to whiteford

‎12-30-2006 11:13 AM

It may be the configuration of your internal DNS.

By default, nslookup will use the DNS defined for that PC. IF that DNS doesn't have the record (either defined or cached), it should kick it up to the next level of DNS.

You can specify a specific DNS to use:

Commands: (identifiers are shown in uppercase, [] means optional)

NAME - print info about the host/domain NAME using default server

NAME1 NAME2 - as above, but use NAME2 as server

help or ? - print info on common commands

set OPTION - set an option

all - print options, current server and host

[no]debug - print debugging information

[no]d2 - print exhaustive debugging information

[no]defname - append domain name to each query

[no]recurse - ask for recursive answer to query

[no]search - use domain search list

[no]vc - always use a virtual circuit

domain=NAME - set default domain name to NAME

srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc.

root=NAME - set root server to NAME

retry=X - set number of retries to X

timeout=X - set initial time-out interval to X seconds

type=X - set query type (ex. A,ANY,CNAME,MX,NS,PTR,SOA,SRV)

querytype=X - same as type

class=X - set query class (ex. IN (Internet), ANY)

[no]msxfr - use MS fast zone transfer

ixfrver=X - current version to use in IXFR transfer request

server NAME - set default server to NAME, using current default server

lserver NAME - set default server to NAME, using initial server

finger [USER] - finger the optional NAME at the current default host

root - set current default server to the root

ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE)

-a - list canonical names and aliases

-d - list all records

-t TYPE - list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.)

view FILE - sort an 'ls' output file and view it with pg

exit - exit the program

You can get the above list by just entering "nslookup" at the command prompt.

nslookup uses the same port(s) as DNS to get through the firewall, so if an external query (like www.google.com) works, nslookup should work too (unless specifically restricted to the internal DNS as a source address in some access-list).

Try using the DNS of your home ISP (or other DNS that exists outside of your network - use the "name2" option, like nslookup www.google.com ).

Good Luck

Scott

0 Helpful

whiteford
Level 1
Level 1
In response to scottmac

‎12-30-2006 12:10 PM

thing is I can resolve internet pages fine, if I do ping www.google.com it comes back with the IP, but nslookup won't, just isn't my area of knowledge here.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card