Reference Manual


setns - interact with DNS settings
setns   [ip | name | dx | ex | fx]
setnsi  [ifn]
setns1 ip
setns2 ip
setnss [ifn [main | aux | n]]
setnsx [ifn [main | aux | n]]
setgw1 [ifn]
setgw2 [ifn]
setwns [ip]+


When invoked with no argument, setns prints the per interface name server addresses (NS1 and NS2) and the Domain Name (if known). This is followed by the current name server address (NSERVER), the first backup name server address (NSERVER1) and the second backup name server address (NSERVER2).

If a HOSTS file exists, the command prints its length and the number of successful lookups (hits).

For each interface, setns then prints the number of requests and responses, followed by a flag indicating whether or not a correctional DNS change has taken place.

Correctional changes take place if no response from the current name server is received after 5 requests. The next configured name server becomes the current name server and the flag is set.

When invoked with argument ip, setns sets the current name server address (NSERVER) to the specified value. If the name argument is specified, the following names are recognized: opendns ( and router1 or router2, which correspond to the values contained in the matching environment variables. Any other name can be specified, as long as that name can be resolved via a request to the current name server.

Argument d1 turns debugging output on, d0 turns it off.

Argument e1, e2 or e3 turns extras on, e0 turns them off.

Argument f1 or f2 selects Winsock or NAT32 resolution, f0 selects special resolution.

Commands setns1 and setns2 set the values NSERVER1 or NSERVER2 to the specified IP address.

Command setnsi sets the default name servers (NS1 and NS2) for the specified interface. The values used are obtained via the Windows IP Helper API.

Command setnss sets NSERVER to the main or aux gateway of the specified interface. If no arguments are specified, the command prints the current name server (NSERVER), the first backup server (NSERVER1) and the second backup server (NSERVER2). This command should be used only after the setnsx command has been executed and only if the specified gateways are actually able to resolve DNS names.

Command setnsx sets default name servers (NS1 and NS2) for the specified interface. If main or aux is specified, the command also includes the main or auxiliary gateway addresses as possible name server addresses.

Commands setgw1 and setgw2 can be used to switch gateways and name servers on a specified interface. Each is a conglomerate of the commands:

setgs  ifn aux | main
setnsx ifn aux | main
setnss ifn aux | main

Command setwns prints the Windows default DNS address list as extracted from the Windows Registry. If one or more ip address arguments are specified, they will replace the addresses currently in the Windows Registry. Note that some versions of Windows may not allow this, so the Control Panel applet would need to be used instead.

Altered settings are not recorded in any configuration file. To make the settings permanent, the needed commands should be placed in file user.txt.

The extra features are summarized below (for e1 or e3):

If DNS queries from private addresses to NAT32 are to be resolved (rather than forwarded) by NAT32, command dnsrd on can be used to start a multi-threaded DNS Resolver. The resolver can be configured to block specified names. Note that the resolver only receives traffic on interfaces for which DNS Mapping has been turned off. If f1 was set, resolution is via a Winsock name lookup. If f2 was set, resolution is via a NAT32 name lookup. If f0 was set, only the special names listed above are resolved.

The advantage of NAT32's DNS Resolver is that it understands black lists, white lists and grey lists. Blacklisted names always resolve to the address of the NAT32 honeypot, which analyses HTTP requests and provides safe content in place of the actually requested content.

If NAT32 is sharing the Windows IP address of a private interface, DNS queries from private machines to NAT32 will fail because the Windows TCP/IP stack will respond with an ICMP Port Unreachable packet. This problem can be avoided by starting a Winsock version of the resolver with the command wdnsrd on. Note that the resolver only receives traffic on interfaces for which DNS Mapping has been turned off.

dnsmap, dnsrd, honeypot, httpd, netcfg, ns, nsdetect, setd, setwns, wns