Nslookup (name server lookup) это утилита командной строки, которую можно использовать для диагностики службы DNS, проверки DNS записей и серверов и обнаружения проблем, связанных с разрешением имен в системе DNS. Утилита nslookup изначально разработана в составе пакета BIND и в дальнейшем портирована на Windows. На данный момент утилита Nslookup входит в состав всех поддерживаемых версий Windows.
Утилита Nslookup умеет отправлять запросы на DNS сервер, который указан в настройках вашего сетевого подключения. Этот адрес считается DNS севером по умолчанию (default server). Пользователь может указать адрес любого другого доступного DNS сервера, в результате чего все следующие DNS запросы будут выполнятся уже на нем.
С помощью утилиты nslookup вы можете узнать IP адрес любого сервера по его DNS имени, выполнить обратное преобразование, получить информацию о различных DNS записях домена.
Вы можете использовать утилиту nslookup в интерактивном или не-интерактивном режиме.
Чтобы выполнить DNS запрос с помощью nslookup в неинтерактивном режиме, откройте командную строку и выполните команду:
Nslookup vmblog.ru
В данном примере мы запросили IP адрес сервера vmblog.ru. Утилита nslookup обратилась к DNS серверу (указан в строке Server) и он вернул, что этому имени соответствует IP адрес 37.252.2.22.
Такой ответ говорит о том, что ваш DNS сервер доступен и работает штатно, выполняя запросы на разрешение DNS имен.
Если же вы получит ответ вида:
Server: dns1.someserver.com
Address: хх.хх.хх.хх
*** dns1.contoso.com can't find vmblog.ru: Non-existent domain
Это означает, что для данного имени не найдено записей в DNS зоне.
В том случае, если ваш DNS сервер недоступен или не отвечает, вы получите ошибки DNS request timed out.
В этом случае проверьте, указан ли у вас правильный адрес DNS сервера и нет ли проблем с сетевым подключением у провайдера.
Строка Non-authoritative answer (Не заслуживающий доверия ответ)означает, что DNS сервер, который выполнил запрос не является владельцем зоны vmblog.ru (в его базе нет записей об этом домене), а для выполнения разрешения имени использовался рекурсивный запрос к другому DNS серверу.
Можно обратиться к авторитетному серверу, указав его адрес непосредственно в параметрах утилиты nslookup. Например, чтобы выполнить разрешение имени на DNS сервере, который содержит данный домен (authoritative server), используйте команду:nslookup vmblog.ru ns1.vmblog.ru
При запуске nslookup без параметров, утилита переходит в интерактивный режим. В этом режиме вы можете выполнять различные команды. Полный список доступных внутренних команд утилиты nslookup можно вывести, набрав знак вопроса.
Совет. Обратите внимание, что команды утилиты nslookup являются регистрозависимыми.
Для завершения работы с nslookup наберите команду exit
и нажмите Enter.
Чтобы найти DNS сервера, которые отвечают за конкретный домен (authoritative servers), выполните команды:
set query=ns
vmblog.ru
Вы можете выполнить и обратное преобразование (получить DNS имя по IP адресу), для этого просто наберите IP адрес в интерактивной строке nslookup и нажмите Enter.
Вы можете задать тип DNS записей, которые должна вернуть утилита nslookup. Например, чтобы перечислить все почтовые сервера, заданные для определенного домена, выполните команду:
nslookup -type=mx gosuslugi.ru
Не заслуживающий доверия ответ:
gosuslugi.ru MX preference = 20, mail exchanger = mx68.gosuslugi.ru
gosuslugi.ru MX preference = 10, mail exchanger = mx.gosuslugi.ru
mx68.gosuslugi.ru internet address = 109.207.8.100
mx.gosuslugi.ru internet address = 109.207.1.100
Как вы видите, у данного домене 2 MX записи с приоритетами 10 и 20 (Чем меньше число, тем выше приоритет адреса). Если запись MX не отображается, скорее всего они просто не настроены для данного домена.
Чтобы вывести все DNS записи в доменной зоне, выполните команду:
nslookup -type=any gosuslugi.ru
gosuslugi.ru nameserver = ns2.gosuslugi.ru
gosuslugi.ru nameserver = ns8-l2.nic.ru
gosuslugi.ru nameserver = ns1.gosuslugi.ru
gosuslugi.ru nameserver = ns4-l2.nic.ru
gosuslugi.ru MX preference = 10, mail exchanger = mx.gosuslugi.ru
gosuslugi.ru MX preference = 20, mail exchanger = mx68.gosuslugi.ru
ns2.gosuslugi.ru internet address = 213.59.255.175
ns8-l2.nic.ru internet address = 91.217.21.1
ns1.gosuslugi.ru internet address = 109.207.2.218
ns4-l2.nic.ru internet address = 91.217.20.1
mx.gosuslugi.ru internet address = 109.207.1.100
mx68.gosuslugi.ru internet address = 109.207.8.100
Использование опции отладки (debug) позволяет получить дополнительную информацию, содержащуюся в заголовках запросов клиента и ответов сервера (время жизни, флаги, типы записей и т.п.):
set debug
Introduction
When troubleshooting DNS issues, it is useful to have access to Domain Name System (DNS) records of a website. All mainstream operating systems have tools that enable users to query a web server and receive important information such as IP addresses and other pieces of domain-related information.
This article will introduce the nslookup
command which is used for obtaining server records. It will also provide examples of the command’s most popular options.
Prerequisites
- Access to the command line interface
- Access to internet
Note: If you are not familiar with DNS record types, we strongly recommend you read DNS Record Types Explained before diving into this article.
nslookup Syntax
The nslookup
command can be used in two modes: interactive and non-interactive. To initiate the nslookup
interactive mode, type the command name only:
nslookup
The prompt that appears lets you issue multiple server queries.
For example, you can type a domain name and receive information about it.
www.google.com
After nslookup
outputs the information, it provides another prompt.
In interactive mode, specify an option in a separate line before the query. Precede the option with set
:
set [option]
To exit interactive mode, type:
exit
The non-interactive mode lets you use nslookup
to issue single queries. The syntax for the non-interactive mode is:
nslookup [options] [domain-name]
The command and the query are written in the same line.
nslookup Options
Find all the important nslookup
options in the following table.
nslookup Option | Description |
---|---|
-domain=[domain-name] |
Change the default DNS name. |
-debug |
Show debugging information. |
-port=[port-number] |
Specify the port for queries. The default port number is 53. |
-timeout=[seconds] |
Specify the time allowed for the server to respond. |
-type=a |
View information about the DNS A address records. |
-type=any |
View all available records. |
-type=hinfo |
View hardware-related information about the host. |
-type=mx |
View Mail Exchange server information. |
-type=ns |
View Name Server records. |
-type=ptr |
View Pointer records. Used in reverse DNS lookups. |
-type=soa |
View Start of Authority records. |
Installing nslookup
nslookup
comes preinstalled on all major operating systems. If you need to install it again on Ubuntu or another Linux distro featuring the APT package manager, install the dnsutils
package:
sudo apt install dnsutils
On CentOS, Fedora, and Red Hat, nslookup
is part of the bind-utils
package. Install it by running:
sudo dnf install bind-utils
Use the nslookup
command to perform DNS and reverse DNS searches and troubleshoot server-related problems. The following sections present the most common uses of the command.
Note: The authoritative answer in the output of the nslookup
refers to the answer provided by one of the nameservers belonging to the domain being searched. The non-authoritative answer is provided by a nameserver not associated with the specific domain, e.g., your ISP nameserver.
View Domain’s NS Records
Name Server (NS) records store names of the domain’s name servers. To see a domain’s NS records, type:
nslookup -type=ns [domain-name]
The output lists all available name servers:
View Domains MX Records
MX records store all relevant Mail Exchange server data. This information is used to route all email requests for the domain to the appropriate mail server.
Check a domain’s MX data by typing:
nslookup -type=mx [domain-name]
The output shows the names of mail servers.
Perform a Reverse DNS Lookup
While nslookup
provides information about a domain name, it can also be used to look for the domain name associated with an IP address.
Perform a reverse DNS lookup using the following syntax:
nslookup [ip-address]
The command outputs the domain name.
View SOA Records
Start of Authority (SOA) records provide authoritative information about the domain and the server, such as the email address of the administrator, serial number, refresh interval, query expiration time, etc.
View a domain’s SOA records by typing:
nslookup -type=soa [domain-name]
The nslookup
command output shows the relevant information:
View Text Records
TXT records contain important information for users outside of the domain. For example, Google and Facebook use TXT records to verify domain ownership.
View a domain’s TXT information by running the following nslookup
command:
nslookup -type=txt [domain-name]
The output shows each TXT record in a separate line:
View All Records
View all available DNS records of a domain using the any
option.
nslookup -type=any [domain-name]
The output shows NS, SOA, MX, and TXT information:
View Information About a Specific Name Server
See the name, IPv4 and IPv6 information of a specific name server on a domain by using the following syntax:
nslookup [domain-name] [name-server]
The output is now limited to the nameserver you specified:
View Pointer Records
Pointer records are used for reverse DNS lookups to confirm that the IP address belongs to a specific domain name. When using the ptr
option, type the IP address in reverse, i.e., 1.2.3.4
becomes 4.3.2.1
:
nslookup -type=ptr [reverse-ip-address].in-addr.arpa
Look for the domain name in the output.
Query a Non-Default Port
DNS servers use port 53 to communicate. If you want to check a different port, specify it with the port
option:
nslookup -port=[port-number] [domain-name]
View Debugging Information
To view information useful for debugging, use the debug
option:
nslookup -debug [domain-name]
Note: In the interactive mode, setting the debug
option turns on the debugging mode. To exit the mode, set the nodebug
option.
Conclusion
After reading this article, you should know how to install and use the nslookup
command on Linux. The article provided examples of the most common uses of nslookup
.
There are many different good reasons why you would need to check DNS resource records. Maybe you need to test whether the updates on the DNS configuration took effect, or you could also be attempting to troubleshoot a problem related to access to a specific server.
The easiest and most efficient way to test and troubleshoot DNS is with the command-line utility, known as, Nslookup. With this tool, you can determine the name to IP address mappings, the mail server IP, the authoritative DNS server, and more.
In this post, you are going to learn how to use NSlookup to Check DNS Records and also to troubleshoot DNS issues.
What is DNS and How it Works?
Before jumping into Nslookup examples, it is critical to understand how DNS works. This knowledge will help you identify and solve DNS problems much faster.
DNS (Domain Name System) is probably one of the most important components on the Internet. Without DNS, the Internet wouldn’t be as user-friendly as it is. Without it, people would have to remember the IP addresses of all the websites and services they frequent.
DNS solves this issue, as it provides a system for recording and looking up names, much like a phonebook. The DNS Servers distributed across the Internet keep a directory of these names and translate them to their respective IP address.
So, How DNS Works Step-by-step?
The whole DNS lookup process is triggered, once you input a domain name such as google.com, or use an application that uses a name, it could be anything from web browsers, email, Active Directory, databases, P2P, multiplayer games, and more.
Your computer will likely don’t know where the google.com server is located, so it initiates a DNS lookup.
- The name of the webpage or service is initially looked on the computer’s internal cache. Applications such as webpages and Operating Systems have an internal DNS cache that is used to store DNS records information. The DNS cache helps improve load times.
- If the domain name (or hostname) is not found on the internal cache, the computer’s DNS service will send a query to the local DNS server (or a Recursive DNS resolver). The query would be something like, “What is the IP address of the Fully Qualified Domain Name (FQDN) google.com?”
- This first DNS query goes to the Recursive DNS server, which is usually geographically closer to where the DNS query was originated. The information for this server can be given via DHCP by local ISP or from the network, or by manually entering a public DNS server or local DNS server. The recursive DNS takes the name query and checks its local records obtained from authoritative DNS servers.
- If the recursive server is unable to find the DNS record in its cache, it will forward the query to the highest level of the DNS hierarchy, the root DNS. These root DNS servers have the DNS resources for the TLD nameserver, which in turn have information for the authoritative nameserver for that domain. Below is the DNS hierarchical tree.
DNS Zone Files and Resource Record Types.
All the DNS mappings between domain names and IP addresses are contained within a DNS zone file. A DNS zone file is a simple text file with all the details of the DNS resource records.
The DNS resource record is configured at the DNS server, but understanding its contents is critical for troubleshooting DNS.
As you can see below in the DNS query response packet capture from the packet sniffer Wireshark, DNS provides more than just the IP to DNS mapping. It also contains information such as Record type, Class, Timestamp, and Time-to-Live.
A brief description of some of these fields:
- Resource Record Type: There are many DNS record types, but the most common are, the A Record (hostname to IPv4 address), the AAAA Record (hostname to IPv6 address), PTR (Points IP to name), ALIAS (Auto-resolved alias), CNAME (Canonical name to an alias), MX (Mail eXchange to IP), SoA (Start of Authority), and NS (Name Server).
- DNS Class: The class represents the protocol family, which in most cases, is (IN) for the Internet class.
- TTL: Specifies how long a DNS resolver should cache the DNS query before it expires. TTL is in seconds.
Starting with Nslookup
When you cannot browse the Internet, send an email, or connect to a domain server, then you might have a DNS problem. A quick and easy way to troubleshoot DNS issues is through the nslookup command.
The nslookup is a built-in command-line tool available in most Operating Systems. It is used for querying the DNS and obtaining domain names, IP addresses, and DNS resource record information.
Before using this command, you need to be familiar with how DNS works. If you are not, please go back to the previous section.
Nslookup Command Syntax
To start with Nslookup in Windows OS, let’s see its command syntax:
nslookup [<-SubCommand …>] [{<computerTofind> | -<Server>}]
- For more information on how to operate the command, open the Command Prompt (cmd) and type “nslookup”.
- When you see the prompt “>” open the help menu by typing “?”.
3. Check DNS Records with Nslookup.
To give you an idea of how to use Nslookup and find DNS records, let’s start with some common commands.
- Find the A record: These types of records are the most common. They map a domain name to an IP address.
- Find the PTR record: The Pointer (PTR) record type is the reverse of the A record. It resolves an IP to a domain or hostname. Use this command in case you know the IP address, but don’t know the domain name.
- Find the MX Records: This type of resource record will identify the IP address of the servers responsible for a specific Mail Exchange (MX) service.
The command is: nslookup -query=mx [domain]
- Find the SoA Record of a domain: The Start of Authority record contains administrative information about the zone transfers. This record shows the DNS server that contains the best (Authoritative) source of information for that specific domain. The output includes the primary name server, mail address, TTL, and more.
The command is: nslookup -type=soa [domain]
- Find the NS records: The Name Server (NS) resource record shows you the authoritative DNS server for that domain. This record shows the actual server that contains the original DNS records.
The command is: nslookup -type=ns [domain]
Note: The non-authoritative answer means that the query response was not fetched from the authoritative DNS but from some other server.
- Find all available records of a domain. To know all available records of a domain, including A, AAA, MX, NS, and more, use the following command:
nslookup -type=any [domain]
Troubleshooting DNS Issues
Failure in the Recursive DNS server or internal DNS cache doesn’t mean that you are suddenly cut off from the entire Internet. But a crash on the local DNS used for services such as Authentication or Active Directory can leave the whole company without access to critical services.
Additionally, a failure from a root DNS, TLD, authoritative DNS, is serious trouble for the entire Internet. But fortunately, as an end-user, you wouldn’t have to worry about solving that!
1. Isolate the problem
The first step into troubleshooting a DNS issue is to start from the client itself.
Which application is not working? Is it only email? Or web browsing? Is it access to all the Internet?
To isolate the problem from internal cache issues, software problems, or connectivity problems, try using other applications and workstations.
For example, try browsing with other web browsers. If Chrome is not working, but Mozilla does, then you might only need to clear the registries such as cookies, history, cache images, URLs, etc.
To clean the Chrome DNS cache, go to Chrome and type:
Go to “chrome://net-internals/#dns” and click on “Clear host cache”
To make sure that you have connectivity to the Internet, you can perform a ping to an IP address. Pinging an IP address directly will bypass the DNS lookup process. If you have a response, that means there is an Internet connection, if you don’t, then something is wrong with your connection, and is probably not related to DNS.
If you do have a response from an IP address but not from a name, then the problem must be related to DNS.
2. Verify and Change your Recursive DNS Server
As mentioned before, the local recursive DNS server configured in your client might have come with a DHCP response or manually entered by an administrator. Let’s make sure that you are able to reach the server.
- Open the “Command Prompt” and type “ipconfig /all”.
- Find the IP address of the DNS and ping it.
- If you were able to reach the DNS server through a ping, then that means that the server is alive. Try performing simple nslookup commands. If you are still unable to resolve names, then that must be a problem with the recursive DNS server.
- Test alternative DNS servers. Fortunately, you don’t have to use a specific DNS server given by your local ISP or internal network. If web browsing is the issue, then you can test other DNS servers available for free. Some most popular DNS servers are:
- Google DNS: 8.8.8.8 and 8.8.4.4
- Cloudflare: 1.1.1 and 1.0.0.1
- Open DNS: 67.222.222 and 208.67.220.220
To change the DNS server use the following command:
nslookup > server [DNS-Server-IP]
- Test the new server with a query.
- If your DNS server is an authoritative DNS or a local DNS providing services like Active Directory, then you might need to check the DNS server itself. Checking Active Directory services, zone files, zone transfers, or other DNS configuration parameters, is out of the scope for this tutorial.
3. Renew IP information and flush DNS cache
Renewing your IP information will release and request new information from the DHCP, which includes DNS information.
- Open the Command Prompt with administrator rights, and type the commands:
ipconfig /release
ipconfig /renew - Now let’s clear the cache and reload information from the DNS server with the commands:
ipconfig /flushdns
4. Resolve a name from the Authoritative DNS Server
If the internal DNS server is resolving some names but not specific ones, try resolving a name from the authoritative DNS server itself.
- First find the server with the command:
nslookup -type=soa [domain] - Then resolve from that server with:
nslookup [domain] [server]
3.3 Other Solutions
If none of the solutions above worked for you, try the following alternatives:
- Reboot your local router. Performing an administrative or power-cycle reboot to your local router might renew routes towards a DNS server, or load new DHCP information.
- Turn off any filters like VPNs or Proxies. These services filter your Internet connection, including the DNS lookup requests.
- Scan your computer for viruses. Viruses and Malware can redirect traffic from your web browser. Scan your computer and make sure it is free from Malware.
Final Words
Before you start attempting to troubleshoot DNS issues with nslookup, you must understand the realms of DNS. Knowing how DNS works, what happens during the DNS lookup process, and knowing about its resource types, should give you a solid foundation for troubleshooting with nslookup.
Nslookup is free, easy to use, and you can find it in all Operating systems, as long as they have TCP/IP protocol installed.
Related Post: How To Scan Network For IP Addresses
NSLOOKUP FAQs
How do I use NSLOOKUP to find the IP address of a domain name?
To use NSLOOKUP to find the IP address of a domain name, open a command prompt and type «nslookup domainname.com», replacing «domainname.com» with the name of the domain you want to look up. The tool will return the IP address(es) associated with that domain name.
How do I use NSLOOKUP to find the DNS server responsible for resolving a domain name?
To use NSLOOKUP to find the DNS server responsible for resolving a domain name, open a command prompt and type «nslookup -type=ns domainname.com», replacing «domainname.com» with the name of the domain you want to look up. The tool will return the name server(s) responsible for resolving that domain name.
How do I use NSLOOKUP to troubleshoot DNS issues?
To use NSLOOKUP to troubleshoot DNS issues, you can use the tool to query different types of DNS records, such as A records, MX records, and CNAME records, to see if they are resolving correctly. If there are issues, you can also use NSLOOKUP to query specific DNS servers to see if the problem is with the server or with your local DNS settings.
What are the different types of queries that can be performed using NSLOOKUP?
Some of the different types of queries that can be performed using NSLOOKUP include:
- A (Address) record queries, which return the IP address associated with a domain name
- MX (Mail exchange) record queries, which return the mail servers for a domain
- NS (Name server) record queries, which return the name servers for a domain
- SOA (Start of Authority) record queries, which return information about the zone of authority for a domain
- CNAME (Canonical name) record queries, which return the true hostname associated with a domain name
How can I switch between DNS server while using NSLOOKUP?
To switch between DNS servers while using NSLOOKUP, you can use the «server» command followed by the IP address or hostname of the server you want to use. For example, «server 8.8.8.8» would switch to using Google’s public DNS server.
Is NSLOOKUP a built-in command in Windows and Linux?
Yes, NSLOOKUP is a built-in command in Windows and Linux.
In this tutorial, you will learn how to use nslookup to check DNS records.
I’ll show you how to check several DNS record types (A, PTR, CNAME, MX, etc) by using the windows nslookup command.
And in this post, I’ll show you how to use nslookup against your local DNS server and an external DNS server (great tip for troubleshooting).
Let’s get started!
Table of Contents:
- How DNS Works
- Why you must learn the nslookup command
- Nslookup Syntax
- How to use nslookup to check DNS records
- DNS Troubleshooting Tips
How DNS works
Understanding how DNS works will help you troubleshoot DNS issues faster. It will help you identify if it’s a client, a local DNS issue, or another DNS server (forwarding server or ISP).
Computer and other network devices communicate by IP address. It would be hard to remember the IP address of every website or resource you access, domain names are easier to remember. DNS will take the easy to remember name and map it to the IP address so devices can communicate.
Below I walk through how a computer uses DNS to resolve names.
- User types in google.com into their browser. This will send a query to the DNS server to go fetch the IP address for google.com
- The DNS server that the client uses may not know the IP address. This can be your local Active Directory DNS server or your ISP DNS server. If it doesn’t know the IP address of the domain it will forward it on to the next DNS server.
- The next DNS server says it knows the IP address and sends the request back to the computer.
- The computer is then able to communicate to google.com.
DNS uses resource records to provide details about systems on a network. The above example used an A resource record which maps a domain name to an IP address.
In the examples below I will show you how to query different resource records.
Why you must learn the Nslookup command line tool
When DNS is not working devices cannot communicate. You will be unable to browse websites, send an email, chat online, stream videos, and so on.
If you have a local DNS server issue then your employees can’t work and business is impacted.
You need a way to quickly troubleshoot and resolve these issues.
That is why it’s important to know how to use the Nslookup command.
This command is built into all Windows operating systems, it’s free and easy to use.
If you are a system or network administrator it’s very important that you know how to quickly resolve DNS related issues.
NSLookup Syntax
To view the syntax just type nslookup hit enter then type?
Here is a screenshot
There are a lot of options but in most cases, you will only need a few of them to verify DNS records. The most useful command switches are set type, server, and debug. I’ll show you the most commonly used commands below.
How to Use Nslookup to Check DNS Records
Below are several examples of how to use nslookup to check various DNS record types. By default, nslookup will use the local DNS server configured by your computer. See the last example to change Nslookup to use an external server.
Nslookup IP Address (IP to Domain Name)
nslookup 8.8.8.8
Use this command if you know the IP address and want to find the domain name. In the screenshot below the IP 8.8.8.8 resolves to the domain name dns.google.com
Nslookup domain name (Domain to IP Address)
nslookup domainname
If you want to find the IP address of a domain name then use this command. In this example, the domain name ad.activedirectorypro.com resolves to several IP addresses.
Nslookup MX record
nslookup -type=mx domainname
An MX record lookup will find the mail server that is responsible for accepting emails for the domain. To find the MX records use -type=mx followed by the domain name.
Nslookup SOA Record
nslookup -type=soa ad.activedirectorypro.com
The Start of Authority record indicates which DNS server is the best source of information for the domain. This will return the primary name server, responsible mail addresses, default ttl, and more.
Nslookup CNAME
nslookup -type=cname www.activedirectorypro.com
The CNAME record is used to alias or redirects one DNS name to another DNS name.
Nameserver lookup
nslookup -type=na ad.activedirectorypro.com
Use the above command to view the name servers for a domain. You can see below the name servers for my domain are dc1, dc2 and dc3.
Nslookup TXT record
nslookup -type=na domainname
Use this command to view text DNS records for a domain.
Nslookup all DNS records
nslookup -type=any ad.activedirectorypro.com
This command will display all available records.
Nslookup domain controller
Use these steps to list all domain controllers for a specific domain.
- From the command prompt type nslookup and press enter
- Then type set type=SRV and press enter
- Next, type _ldap._tcp.ad.activedirectorypro.com and press enter. (replace ad.activedirectorypro.com with your domain name).
This will display all domain controllers for the ad.activedirectorypro.com domain.
Nslookup Verbose
Turning on debug will display a lot more details about the resource record such as primary name server, mail address, default TTL, and much more. To turn on debug use the command below
nslookup set debug
Nslookup use External DNS server
This is very useful in troubleshooting. Maybe a website isn’t loading on your internal network but does when you are off the network. You can use this to see if your internal DNS is returning different results than an external DNS server. You can use your ISP DNS server or google.
To change the DNS server type nslookup and press “enter”.
Then type server IPADDRESS. For example “server 8.8.8.8” and press enter. This will instruct the nslookup command to use the 8.8.8.8 server to run DNS record lookups.
Tips for troubleshooting DNS Problems
Here are my tips for troubleshooting DNS issues.
Step#1 Make sure you have connectivity to the DNS server?
If your client has communication issues with the DNS server then name resolution is not going to work.
To check what DNS is set on a Windows system use this command:
ipconfig /all
Now take the IP listed for the DNS server and see if the client can ping it or communicate with it.
Step #2 Are other users or devices having name resolution issues?
You need to determine how big of a problem you have. Is it just one, two, or many devices that have name resolution issues?
If it’s just one then you may just have a client issue. If it’s all or many then you may have an issue with the local or upstream DNS server.
Step #3 Use NSLookup to test local server
Use NSLookup to verify the local DNS server is working correctly. Use the command to verify DNS records on local servers. If you need examples see the previous section.
If you are having issues internally you will want to check the health of your Active Directory environment. Since DNS and AD are very tightly integrated a faulty domain controller could be causing your DNS issues.
See my tutorial on how to check domain controller health.
Step #5 Use NSlookup server to test forwarding DNS Server (UPstream)
If everything is resolving correctly internally but not externally you can test the forwarding DNS server with the NSLookup command. This could be your ISP DNS server or the root hint servers. Use NSLookup server option followed by the forwarding DNS server IP to run queries.
Step #6 Scan for viruses and spyware
Viruses and spyware can install all kinds of nasty things on computers to redirect traffic to malicious sites. Browser hijacking is very common
Step #7 Check the client’s host file
I don’t recommend adding entries to the host file but if it contains incorrect or outdated data, you won’t be able to connect. Viruses can also modify the host file which would redirect you to malicious websites.
Step #8 Flush DNS Cache
The client’s cache could be the problem to flush the cache run this command
ipconfig /flushdns
I hope this article helped you understand the NSLookup and how it can be used to verify and troubleshoot DNS. If you liked this video or have questions leave a quick comment below.
Summary
In this guide, I walked through several examples of how to use the nslookup windows command. The nslookup command is a great tool to troubleshoot and check DNS records. A lot of times network issues are related to DNS and knowing how to quickly verify DNS is working correctly can be a huge time saver.
Nslookup (name server lookup) is a command-line tool that is used to diagnose and validate DNS servers and records, and to find name resolution problems in the DNS subsystem. The nslookup tool was originally developed as a part of the BIND package and ported to Windows by Microsoft. Nslookup is currently a built-in tool in all supported versions of Windows.
How to Use Nslookup to Check DNS Records?
Using the nslookup utility, you can determine the IP address of any server by its DNS name, perform the reverse DNS lookup, and get information about the various DNS records for a specific domain name.
When running, Nslookup sends queries to the DNS server that is specified in your network adapter settings. This address is considered the default (preferred) DNS server. If the preferred server is not responding, nslookup will not switch to an alternate DNS server. The user can specify the address of any other available DNS server. As a result, all subsequent DNS requests will be sent to it.
You can view or change your preferred and alternative DNS server IP addresses in the network connection properties.
Or you can get your DNS server setting from the CLI prompt using the ipconfig command:
ipconfig /all
You can use the nslookup tool in interactive or non-interactive mode.
To run a DNS query using the nslookup tool in non-interactive mode, open a Command prompt, and run the command:
Nslookup theitbros.com
In this example, we requested the IP address of theitbros.com domain. The nslookup utility queries the DNS server (it is specified in the Server line) and it returned that this name matches the IP address 37.1.214.145 (A and AAAA records are shown by default).
This response indicates that your DNS server is available, works properly, and processes requests for resolving DNS names.
If you received such an answer:
Server: dns1.contoso.com
Address: хх.хх.хх.хх
*** dns1.contoso.com can’t find theitbros.com: Non-existent domain
This means that no entries were found for this domain name on the DNS server.
If your DNS server is unavailable or not responding, you will receive a DNS request timed out error.
Note. How to install and configure DNS server on Windows Server.
In this case, check if you have specified the correct DNS server address and whether there is a problem with the network connection from the IS provider.
Hint. Make sure your DNS server is available on port 53 UDP and TCP and this port is not blocked by a firewall.
The Non-authoritative answer means that the DNS server that executed the request is not the owner of the theitbros.com zone (there are no records about this domain in its database) and to perform name resolution a recursive query to another DNS server was used.
You can enable and disable the recursive nslookup mode using the commands (by default, recursive DNS queries are enabled):
set recurse set norecurse
You can access an authoritative DNS server by specifying its address directly in the parameters of the nslookup utility. For example, to resolve a name on the authoritative DNS server (that contains this domain) use the command:
Nslookup theitbros.com ns1.theitbros.com
When you run nslookup without parameters, the utility switches to the interactive mode. In this mode, you can execute various commands. A complete list of available internal commands of the nslookup utility can be displayed by typing a question.
Tip. Note that nslookup commands are case-sensitive.
To close the interactive nslookup session, type exit and press Enter.
To find the DNS servers that are responsible for a specific domain (Name Server authoritative servers), run the following commands:
set query=ns theitbros.com
You can perform reverse lookups (get DNS name by IP address). Just type the IP address in the nslookup interactive prompt and press Enter.
Using Nslookup to Get Different DNS Record Types
The default nslookup resource records type is A and AAAA, but you can use different types of resource records:
- A
- ANY
- CNAME
- GID
- HINFO:
- MB
- MG
- MINF
- MR
- MX
- NS
- PTR
- SOA
- TXT
- UID
- UINFO
- WKS
You can set specific record types to lookup using the nslookup parameter:
-type=<record_type>
For example, to list all mail servers configured for a specific domain (MX, Mail eXchange records), run the command:
nslookup -type=mx theitbros.com
Non-authoritative answer:
theitbros.com MX preference = 10, mail exchanger = mail.theitbros.com
theitbros.com MX preference = 20, mail exchanger = mail.theitbros.com
mail.theitbros.com internet address = 37.1.214.145
mail.theitbros.com internet address = 37.1.214.145
As you can see, this domain has 2 MX records with priorities 10 and 20 (the lower the number, the higher the priority of the MX address). If you don’t see MX records, they probably just aren’t configured for that domain.
To list all DNS records in the domain zone, run the command:
nslookup -type=any theitbros.com
Non-authoritative answer:
theitbros.com internet address = 37.1.214.145
theitbros.com nameserver = ns2.theitbros.com
theitbros.com nameserver = ns1.theitbros.com
theitbros.com MX preference = 10, mail exchanger = mail.theitbros.com
theitbros.com MX preference = 20, mail exchanger = mail.theitbros.com
ns2.theitbros.com internet address = 74.80.224.189
ns1.theitbros.com internet address = 37.1.214.145
mail.theitbros.com internet address = 37.1.214.145
mail.theitbros.com internet address = 37.1.214.145
To get the SOA record (Start of Authority — start DNS zone record, which contains information about the domain zone, its administrator’s address, serial number, etc.), use the option -type=soa:
nslookup -type=soa theitbros.com
theitbros.com
primary name server = pdns1.registrar-servers.com
responsible mail addr = hostmaster.registrar-servers.com
serial = 1601449549
refresh = 43200 (12 hours)
retry = 3600 (1 hour)
expire = 604800 (7 days)
default TTL = 3601 (1 hour 1 sec)
pdns1.registrar-servers.com internet address = 156.154.130.200
pdns1.registrar-servers.com AAAA IPv6 address = 2610:a1:1022::200
- primary name server;
- responsible mail addr — domain administrator email address (hostmaster@registrar-servers.com). Since the @ symbol in the zone description has its own meaning, it is replaced by a dot in this field);
- serial — the serial number of the zone file, used to record changes. The following format is usually used: YYYYMMDDHH;
- refresh — the period of time (in seconds) after which the secondary DNS server will send a request to the primary one to check if the serial number has changed;
- retry — specifies the interval for reconnecting to the primary DNS server if for some reason it was unable to respond to the request;
- expire — specifies how long the DNS cache is kept by the secondary DNS server, after which it will be considered expired;
- default TTL — “Time to Live” seconds. Refers to how long your DNS settings must be cached before they are automatically refreshed;
- minimum — specifies the time for which the secondary DNS should cache the zone file.
If you want to list the TXT records of a domain (for example, when viewing SPF settings), run the command:
nslookup -type=TXT theitbros.com
The debug option allows you to get additional information contained in the headers of client DNS requests and server responses (lifetime, flags, record types, etc.):
set debug
You can view the current values for all specified nslookup options with the command:
> set all
Default Server: ns1.theitbros.com
Address: 192.168.1.11
Set options:
nodebug
defname
search
recurse
nod2
novc
noignoretc
port=53
type=A+AAAA
class=IN
timeout=2
retry=1
root=A.ROOT-SERVERS.NET.
domain=xxx
MSxfr
IXFRversion=1
srchlist=xxx
By default, DNS servers listen on UDP port 53, but you can specify a different port number if necessary using the -port option:
nslookup port 56 theitbros.com
or interactively:
set port = 56
You can change the interval to wait for a response from the DNS server. This is usually necessary on slow or unstable network links. By default, if no response comes within 5 seconds, the request is repeated, increasing the waiting time by 2x. But you can manually set this value in seconds using the -timeout option:
nslookup -timeout=10 theitbros.com
Most Commonly Used Nslookup Command Examples
Get an IP address of the host/domain (A record):
nslookup theitbros.com
Get and IPv6 address for a host/domain:
nslookup -type=AAAA mx.theitbros.com
List domain MX records:
nslookup -query=mx theitbros.com
Query NS records (list of DNS servers authoritative of the domain):
nslookup -type=ns theitbros.com
Get the SOA record for the domain:
nslookup -type=soa theitbros.com
List all the available DNS records for the specific domain:
nslookup -type=any theitbros.com
Reverse DNS lookup (get the DNS record by an IP address):
nslookup 35.209.36.0
Query a specific DNS server instead of the default one (preferred DNS):
nslookup theitbros.com ns1.siteground.net
Check for a PTR record:
nslookup -type=ptr 0.36.209.35.in-addr.arpa
Query DNS server using the debug mode of the nslookup:
nslookup -debug theitbros.com
Change the default timeout interval for a reply:
nslookup -timeout=20 theitbros.com
Common Nslookup Errors
In this section, we list common errors that the nslookup tool may return:
- DNS request timed out — the server doesn’t respond to the request, after some time (timeout), and a certain number of request attempts. You can set the request timeout using the set timeout subcommand. You can set the number of retry requests using the set retry.
- Non-existent domain — domain/host name does not exist;
- No response from the server — DNS server not responding to nslookup requests;
- No records — there are no records on the DNS server for your query;
- Connection refused/ Network is unreachable — connection to DNS server not established;
- Server failure — the DNS server has encountered an internal error in its database and cannot provide a correct answer;
- Refused — the DNS server dropped the connection.
Nslookup is a very handy tool that allows you to troubleshoot DNS-related network problems. In this article, we covered the basics of working with the nslookup command on Windows.
- About
- Latest Posts
I enjoy technology and developing websites. Since 2012 I’m running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.
Содержание
- Команда nslookup в Windows
- Шаг 1: Запустите командную строку
- Шаг 2: Введите команду «nslookup»
- Шаг 3: Введите доменное имя
- Шаг 4: Получите результаты
- Дополнительные опции
- Примеры использования команды nslookup в Windows
- Пример 1: Определение IP-адреса домена
- Пример 2: Проверка наличия записи MX
- Пример 3: Проверка наличия записи NS
- Пример 4: Проверка наличия записи TXT
- Пример 5: Проверка связанности DNS
- Заключение
Nslookup (от английского «Name Server Lookup«) — это утилита командной строки, которая используется для выполнения поиска DNS-записей и узнавания информации о доменных именах и IP-адресах. Эта утилита может быть полезна в различных ситуациях, включая устранение неполадок сети, тестирование настроек DNS и т.д. В этой статье мы рассмотрим, как использовать команду nslookup в Windows.
Команда nslookup в Windows
Шаг 1: Запустите командную строку
Первым шагом является запуск командной строки в Windows. Для этого нажмите на клавишу «Win+R» на клавиатуре, введите «cmd» и нажмите «Enter«. Это откроет командную строку.
Шаг 2: Введите команду «nslookup»
После того, как вы запустили командную строку, введите команду «nslookup» и нажмите «Enter«. Это запустит утилиту nslookup.
Шаг 3: Введите доменное имя
Теперь, когда вы запустили утилиту nslookup, вы можете ввести доменное имя, для которого вы хотите получить информацию. Например, если вы хотите узнать IP-адрес сайта setiwik.ru, введите setiwik.ru и нажмите «Enter«.
Шаг 4: Получите результаты
После того, как вы ввели доменное имя, утилита nslookup выполнит поиск и выдаст результаты. В этом примере вы должны увидеть IP-адрес сайта Setiwik и другую информацию, связанную с доменным именем.
Дополнительные опции
Nslookup имеет несколько дополнительных опций, которые могут быть полезны в различных ситуациях. Вот несколько наиболее часто используемых опций:
- «set type» — позволяет установить тип записи DNS, который вы ищете (например, A, MX, NS и т.д.).
- «set debug» — включает отладочный режим и отображает больше информации о запросе DNS.
- «set query» — устанавливает формат вывода для результатов поиска.
Чтобы использовать эти опции, просто введите «set» и название опции, а затем значение опции.
Примеры использования команды nslookup в Windows
Здесь мы покажем примеры, как использовать команду nslookup в Windows.
Пример 1: Определение IP-адреса домена
Выполните команду «nslookup google.com
«. Вы увидите ответ, который должен выглядеть примерно так:
Пример 2: Проверка наличия записи MX
Для выполнения этого примера выполните команду «nslookup -type=mx google.com
«. Вы увидите ответ, который должен выглядеть примерно так:
В ответе отображаются записи MX, которые указывают, какие серверы обрабатывают электронную почту для домена Google.
Пример 3: Проверка наличия записи NS
Для выполнения этого примера выполните команду «nslookup -type=ns google.com
«. Вы увидите ответ, который должен выглядеть примерно так:
В ответе отображаются записи NS, которые указывают, какие серверы имен обрабатывают запросы для домена Google.
Пример 4: Проверка наличия записи TXT
Для выполнения этого примера выполните команду «nslookup -type=txt google.com
«. Вы увидите ответ, который должен выглядеть примерно так:
В ответе отображаются записи TXT, которые могут содержать информацию о домене, например, информацию о политике отправки почты.
Пример 5: Проверка связанности DNS
Для выполнения этого примера выполните команду «nslookup -debug google.com
«. Вы увидите ответ, который должен выглядеть примерно так:
В этом примере мы используем опцию -debug для отображения более подробной информации о связанности DNS. В ответе отображаются записи A и AAAA, которые указывают на IP-адреса, связанные с доменом google.com.
Заключение
В заключение, команда nslookup является полезным инструментом для проверки связанности DNS и различных типов DNS-записей. Путем использования различных опций и параметров вы можете получить информацию о серверах имен, ответственных за обработку запросов для доменов, а также о других записях DNS, таких как записи MX, NS, TXT и CNAME. Если вы работаете сетевым администратором или занимаетесь настройкой сетевых соединений, то команда nslookup может быть необходимым инструментом в вашем арсенале.
The Nslookup (which stands for name server lookup) is a basic, yet popular, networking command-line utility used to query a DNS server for resource records for a domain. This tool is often used for troubleshooting DNS or name resolution issues. With nslookup, a query can be sent to a specific DNS server, or the list of DNS servers in the IP settings can be used. Nslookup can also be used to query several different types of DNS records.
These commands shown here are tested on Windows 10 but most will work in other versions of Windows as well.
Table of Content
- How to Launch Command Prompt
- Overview
- Interactive vs Non-Interactive Mode
- Authoritative vs Non-Authoritative Response
- Example Usage
- How to Find the A Record (IP Address) of a Domain or Server
- How to Find the NS Records for a Domain
- How to Find the MX Records (Email Servers) for a Domain
- How to Perform a Reverse DNS Lookup
- How to Find the SOA Record of a Domain
- How to Find an Authoritative Response
- Common Error Messages
- Tips
- Redirect Output to Text File
- Recommended Reading
- Summary
How to Open Command Prompt
To use this utility, you will need to launch the Command Prompt window. The three common ways to launch the Command Prompt window are:
- Search for
cmd
using the built-in Windows search tool. - Right-click on the Start icon and select Command Prompt.
- Press the keyboard combination WinKey + R, then type
cmd
at the Run window that appears.
Overview
Interactive vs Non-Interactive Mode
The nslookup utility can be used in one of two modes: interactive and non-interactive. In interactive mode, you are able to query for information about a website or a server, and to also print a list of hosts on a domain. To go into interactive mode, type nslookup
at the command window then press Enter.
In the screenshot example below, you can tell you are in interactive mode by looking at style of the prompt.
To get help on available switches, type help
then press Enter.
To exit interactive mode, simply type exit
then press Enter.
With non-interactive mode, you would typically use this when you only need to execute a single lookup.
Authoritative vs Non-Authoritative Response
In the output of nslookup, you will often notice the statement «non-authoritiative answer» (as illustrative below) as part of the lookup result. This is to tell you know that the results was provided by a server that is not the authoritative (primary) source. Typically, this means the result was provided by a server (such as your Internet service provider) that held a cached copy of the DNS record. This is important because the DNS record may have been changed recently and the cached copy may not reflect the most up-to-date information.
An authoritative answer is when the DNS server hosting the primary copy of the DNS record responses to your lookup. See the example below on how to get an authoritative response.
The reason why the primary authoritative server isn’t involved in responding to all nslookup queries is to reduce server load. By maintaining cached copy of DNS records on secondary servers (which is updated from the primary server at a defined interval), query response time is minimized and the primary server isn’t inundated with queries.
How to Find the A Record (IP Address) of a Domain or Server
The simpliest function of Nslookup, and also commonly used, is to query for the IP address of a remote host. The host can be a website, an email server, or other servers that you can lookup with a hostname. As an example, to obtain the IP address for the website www.meridianoutpost.com, type the following in the command window then press Enter: nslookup www.meridianoutpost.com
In the screenshot example below, the lookup identifies 72.47.244.140 as the IP address for the website www.meridianoutpost.com.
If the screenshot example below, the lookup identifies multiple IP addresses for mail server smtp.yahoo.com.
How to Find the NS Record for a Domain
The NS record of a domain is a map to all name servers that are authoritative for that domain. You can query for the NS records using the switch -type=ns
. For example, to obtain the NS record for the website www.meridianoutpost.com, type the following in the command window then press Enter: nslookup -type=ns meridianoutpost.com
If the example below, the lookup identifies ns1.mediatemple.net and ns2.mediatemple.net as the two name servers for the domain meridianoutpost.com.
How to Find the MX Records (Email Servers) for a Domain
To check the MX records (email servers) for a domain, use the -type=ns
switch. For example, to find out the email server for the domain meridianoutpost.com, type the following in the command window then press Enter: nslookup -type=mx meridianoutpost.com
If the screenshot below, the lookup identifies mail.meridianoutpost.com as the email server for the domain meridianoutpost.com.
How to Perform a Reverse DNS Lookup
A reverse DNS lookup with querying for a server name based on an IP address you provide. For example, to identify the server name for the IP address 98.139.253.105, type the following in the command window then press Enter: nslookup 98.139.253.105
.
As the screenshot below shows, the nslookup returns the server name of mrout2-b.corp.bf1.yahoo.com for the IP address 98.139.253.105.
How to Find the SOA Record of a Domain
To query for the SOA (Start of Authority) record for a domain, such as www.google.com, type the following in the command window then press Enter: nslookup -type=soa www.google.com
. The SOA record is a special resource record that contains administrative details for a particular DNS zone such as the domain name administrator’s contact information and synchronization parameters for other DNS servers.
How to Find an Authoritative Response
Typically, most of the responses to your nslookup queries are going to be non-authoritative. Meaning the response is from a cached copy from a third-party and not from the primary DNS server holding the master copy. For troubleshooting purposes, it’s important to realize that a cached copy may not contain the most up-to-date information.
To get an authoritative answer, you will need to specify the authoritative name server as part of your request. To do this, include the -type=soa
switch and nslookup will respond back with the name of the authoritative name server. For example, to find out the authoritative name server for yahoo.com, type the following in the command window then press Enter:
nslookup -type=soa yahoo.com
As highlighted in the illustration above, the name server for yahoo.com is ns1.yahoo.com. With this information, we can now perform nslookup queries and specify this name server to get authoritative responses. For example, to get an authoritative response to the smtp.yahoo.com we used in an example above, type the following in the command window then press Enter:
nslookup smtp.yahoo.com ns1.yahoo.com
As the illustration above shows, the result does not state this is a non-authoritative response — as was the case when we performed the same nslookup in a previous example.
Common Error Messages
Connection Refused or Network is Unreachable — The connection to the DNS name server or finger server could not be made. This error commonly occurs with ls and finger requests.
Format Error — The DNS name server found that the request packet was not in the proper format. It may indicate an error in nslookup.
No Records — The DNS name server does not have resource records of the current query type for the computer, although the computer name is valid. The query type is specified with the set querytype command.
No Response From Server — No DNS name server is running on the server computer.
Non-Existent Domain — The computer or domain name does not exist. Check to make sure your spelling is correct.
Refused — The DNS name server refused to service the request.
Server Failure — The DNS name server found an internal inconsistency in its database and could not return a valid answer.
Timed Out — The server did not respond to a request after a certain amount of time and a certain number of retries. You can set the time-out period with the set timeout subcommand. You can set the number of retries with the set retry subcommand.
Tips
Redirect Output to Text File
- Instead of displaying the results on the screen, you can have the results saved automatically to a text file on your computer. To do this, simply use the «>» symbol followed by the folder path and file name of your choice. For example, to redirect the output of nslookup www.meridianoutpost.com, type the following in the command window then press Enter:
nslookup www.meridianoutpost.com > c:tempnslookup-results.txt
This will create a file named nslookup-results.txt in the folder path c:temp that will have your result. You can then open this file with any text editor, such as Notepad on a Windows computer, as illustrated below.
Recommended Reading
Improve confidence and job performance
Improve productivity and efficiency
Learn more,
earn more
Life-long
investment
To learn more about this topic, we are providing you with recommendations to help you further your knowledge. These are our affiliate links to Amazon where you can purchase them and also explore a variety of other relevant books.
Summary
The nslookup utility can provide a wealth of information for troubleshooting DNS issues.While not a common tool used for most troubleshooting calls, it is a useful utility to use when transferring a domain from one hosting provider to another or when configuring the DNS record for a new domain name.