Why the results from nslookup are different to the operation of ping

You've come to this page because you've asked a question similar to the following:

When I pass a domain name to ping it ends up communicating with one particular IP address/reporting a non-existent domain. Why, therefore, when I look up that domain name with nslookup do I see something entirely different to that ?

This is the Frequently Given Answer to that question.

ping is not a tool for diagnosing DNS problems. It is a tool for diagnosing IP connectivity problems. If you are trying to use it for the former task, stop.

Moreover, nslookup is a bad tool and there are better DNS diagnostic tools. Stop using it.

The reason that nslookup can operate differently to ping when it comes to converting domain names to IP addresses is that ping uses the system-supplied library, as used by other applications, for name-to-address mapping whereas nslookup has its own, built in, DNS client library. The system-supplied library consults sources other than one's configured proxy DNS servers, when performing name-to-address mappings. The DNS client library built in to nslookup consults only the DNS. If, therefore, those other sources contain relevant information, the results obtained by using the system-supplied lookup facilities, and thus the operation of ping, will be different to the results obtained via nslookup.

For examples:

Incidentally: The version of nslookup supplied with HP/UX by the vendor has been altered to use these extraneous sources of information in addition to the DNS. However, this makes it unsuitable for use in DNS problem diagnosis.


© Copyright 2003–2004 Jonathan de Boyne Pollard. "Moral" rights asserted.
Permission is hereby granted to copy and to distribute this web page in its original, unmodified form as long as its last modification datestamp is preserved.