Why can host and nslookup resolve a name but dig cannot?

Question

Can anyone tell me why this is happening? I can resolve a hostname using host and/or nslookup but forward lookups do not work with dig; reverse lookups do:

musashixxx@box:~$ host someserver
someserver.somenet.internal has address 192.168.0.252
musashixxx@box:~$ host 192.168.0.252
252.0.168.192.in-addr.arpa domain name pointer someserver.somenet.internal.
musashixxx@box:~$ nslookup someserver
Server:     192.168.0.253
Address:    192.168.0.253#53

Name:   someserver.somenet.internal
Address: 192.168.0.252
musashixxx@box:~$ nslookup 192.168.0.252
Server:     192.168.0.253
Address:    192.168.0.253#53

252.0.168.192.in-addr.arpa  name = someserver.somenet.internal.

musashixxx@box:~$ dig someserver

; <<>> DiG 9.8.1-P1 <<>> someserver
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55306
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;someserver.            IN  A

;; Query time: 0 msec
;; SERVER: 192.168.0.253#53(192.168.0.253)
;; WHEN: Wed Oct  3 15:47:38 2012
;; MSG SIZE  rcvd: 27

musashixxx@box:~$ dig -x 192.168.0.252

; <<>> DiG 9.8.1-P1 <<>> -x 192.168.0.252
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28126
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;252.0.168.192.in-addr.arpa.    IN  PTR

;; ANSWER SECTION:
252.0.168.192.in-addr.arpa. 3600 IN PTR someserver.somenet.internal.

;; Query time: 0 msec
;; SERVER: 192.168.0.253#53(192.168.0.253)
;; WHEN: Wed Oct  3 15:49:11 2012
;; MSG SIZE  rcvd: 86

Here's what my resolv.conf looks like:

nameserver 192.168.0.253
search somenet.internal

Is this behavior normal? Any thoughts?

Answer 1

It's the default behaviour of dig not to use the search-option.

From the manual page:

   +[no]search
       Use [do not use] the search list defined by the searchlist or
       domain directive in resolv.conf (if any). The search list is not
       used by default.

Edit: Just add +search to make it work, like dig +search myhost.

Answer 2

In my case, it is a bug in Microsoft DNS Server, where it returns FORMERR response (request format error) for requests with EDNS Cookie option set. Newer versions of dig (9.11 and up) use dns-cookies by default. This can be prevented by +nocookie or +noedns flag to dig:

$ dig +nocookie DOMAIN @SERVER

Source: https://kevinlocke.name/bits/2017/01/20/formerr-from-microsoft-dns-server-for-dig/

Answer 3

I was having the same problem. After inspecting packets sent from both nslookup and dig with wireshark, I found the problem.

dig was setting the authentic data bit in the query. According to the man page, "This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server." By running dig with +noadflag, it returned the same results as nslookup.

Answer 4

You can use a .digrc file in your home directory with the line

+search

to chance the default behaviour

Answer 5

https://www.mankier.com/1/dig

+[no]search

    This option uses [or does not use] the search list defined by the searchlist or domain directive in resolv.conf, if any. The search list is not used by default.

    ndots from resolv.conf (default 1), which may be overridden by +ndots, determines whether the name is treated as relative and hence whether a search is eventually performed.

Answer 6

I experienced this issue on my home wi-fi network trying to resolve good ol' google.com from within an Ubuntu VM running on a Windows 7 host, with dig, which timed out, but nslookup instantly returned the result.

The solution for me was to add +noedns: $ dig +noedns google.com.