How to Use Nslookup Command in Windows

ByChase Smith Hours Updated on Categories Networking, System Administration

Nslookup (short for name server lookup) is an excellent network admin command-line tool for querying DNS (domain name systems) to find the associations between domain names and IP addresses, and other DNS records.

To use nslookup you simply enter ‘nslookup’ in a command prompt window followed by the desired hostname, ip address, or record name that you wish to query. However, that’s barely scratching the surface of what you can accomplish with nslookup.

Importance of DNS

DNS is such a foundational aspect of how networks and the internet work that it’s hard to categorize it as either more sysadmin or more networking related. In most of the environments I’ve worked in, it’s usually the SysAdmins that manage DNS or a dedicated DNS group in very large enterprises since DNS is a server role, yet it’s affect on network communications is pretty substantial and many a network admin will find themselves doing DNS lookups while troubleshooting.

In a nutshell, DNS helps computers on a network communicate by translating domain names to IP addressees which are used in routing.

When you type networkproguide.com into your address bar your computer queries your local DNS server which queries a public DNS server to figure out what IP address networkproguide.com has. At that point routing takes over and directs the packets from your computer to the destination.

When DNS doesn’t work right, things on your network can fail to communicate. Not good!

Using Nslookup we can quickly gather a variety of information about DNS. Most people know the basic nslookup command for checking a host name’s IP or IP’s hostname but not many know to use all the other cool features like specifying the DNS server to use or choosing what type of record to query for a given IP and so on.

Let’s dig in and learn some of these tricks!

Nslookup Command Syntax

Nslookup can be called from either command prompt or PowerShell on a Windows Server or Desktop machine (such as Windows 10 or Windows 11). The primary command for entering Nslookup is:

nslookup

You can either use the command by itself to enter a dedicated command line within the nslookup program or you can enter commands on the same line to return your result and return you to the base command prompt.

For example:

nslookup

Will return:

Default Server: UnKnown
Address: 10.2.0.1
>

Leaving you at a prompt within nslookup where you can enter more command and parameters. Whereas entering:

nslookup wikipedia.org

Will return:

Server: UnKnown
Address: 10.2.0.1

Non-authoritative answer:
Name: wikipedia.org
Addresses: 2620:0:860:ed1a::1
208.80.153.224

C:\Users\rsanchez>

Returning you back to the base command prompt.

If you want a complete list of all nslookup commands, switches, and parameters you can enter:

nslookup ?

Which results in:

Usage:
   nslookup [-opt ...]             # interactive mode using default server
   nslookup [-opt ...] - server    # interactive mode using 'server'
   nslookup [-opt ...] host        # just look up 'host' using default server
   nslookup [-opt ...] host server # just look up 'host' using 'server'

Nslookup Command Examples

The following are some examples of the most useful (in my personal opinion) nslookup commands. You can think of it as a mini nslookup cheatsheet of sorts.

Lookup Domain Name (PTR Record Lookup)

To find the domain name from an IP (IP address to domain name), enter:

nslookup 208.80.153.224

Which results in:

Server: UnKnown
Address: 10.2.0.1

Name: text-lb.codfw.wikimedia.org
Address: 208.80.153.224

Lookup IP Address of a Domain (A Record Lookup)

To lookup the IP of a domain name (domain name to IP address) enter:

nslookup wikipedia.org

Which results in:

Server: UnKnown
Address: 10.2.0.1

Non-authoritative answer:
Name: wikipedia.org
Addresses: 2620:0:860:ed1a::1
208.80.153.224

Email MX Record Lookup

This one requires that enter the nslookup prompt first, then set our record type, then enter our domain name to return our result as so:

nslookup
> set q=mx
> wikipedia.org

Which results in:

Server: UnKnown
Address: 10.2.0.1

Non-authoritative answer:
wikipedia.org MX preference = 10, mail exchanger = mx1001.wikimedia.org
wikipedia.org MX preference = 50, mail exchanger = mx2001.wikimedia.org

Start of Authority (SOA) Record Lookup

nslookup
>set q=SOA
>wikipedia.org

Which results in:

Server: UnKnown
Address: 10.2.0.1

Non-authoritative answer:
wikipedia.org
primary name server = ns0.wikimedia.org
responsible mail addr = hostmaster.wikimedia.org
serial = 2018081012
refresh = 43200 (12 hours)
retry = 7200 (2 hours)
expire = 1209600 (14 days)
default TTL = 3600 (1 hour)

Lookup CNAME

To find the alias (or redirect) of a DNS name enter:

nslookup
>set q=CNAME
>www.wikipedia.org

Which results in:

Non-authoritative answer:
www.wikipedia.org       canonical name = dyna.wikimedia.org

Lookup TXT Record

To find the text associated with a TXT record (such a SPF record), enter:

nslookup
> set q=txt
> wikipedia.org

Which results in:

Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
wikipedia.org   text =

        "v=spf1 include:wikimedia.org ~all"
wikipedia.org   text =

        "yandex-verification: 35c08d23099dc863"
wikipedia.org   text =

        "google-site-verification=AMHkgs-4ViEvIJf5znZle-BSE2EPNFqM1nDJGRyn2qk"

Lookup All DNS Records

This is a bit of a misnomer. You can’t really return all records. You can only return the records that the particular DNS servers you’re using are aware of. To truly get all records for a domain you’d be looking at what is called a zone transfer and most DNS servers restrict those for good reason.

nslookup
>set type=all
>microsoft.com

Which results in:

microsoft.com internet address = 23.100.122.175
microsoft.com internet address = 23.96.52.53
microsoft.com internet address = 191.239.213.197
microsoft.com internet address = 104.40.211.35
microsoft.com internet address = 104.43.195.251
microsoft.com nameserver = ns4.msft.net
microsoft.com nameserver = ns1.msft.net
microsoft.com nameserver = ns2.msft.net
microsoft.com nameserver = ns3.msft.net
microsoft.com
primary name server = ns1.msft.net
responsible mail addr = msnhst.microsoft.com
serial = 2018090721
refresh = 7200 (2 hours)
retry = 600 (10 mins)
expire = 2419200 (28 days)
default TTL = 3600 (1 hour)

Nameserver Lookup

To find the nameservers that a domain is using, you can set the query to ‘ns’. For example:

nslookup
> set q=ns
> wikipedia.org

Which results in:

Server: UnKnown
Address: 10.2.0.1

Non-authoritative answer:
wikipedia.org nameserver = ns1.wikimedia.org
wikipedia.org nameserver = ns2.wikimedia.org
wikipedia.org nameserver = ns0.wikimedia.org

Find Domain Controller by SRV Record

If you’re curious what the domain controllers are for a domain, you can find them by setting the query type to SRV and querying for the LDAP service on the domain. For example:

nslookup
> set q=SRV
> _ldap._tcp.example.com

Server:  UnKnown
Address:  10.0.2.10

Non-authoritative answer:
_ldap._tcp.example.com SRV service location:
priority       = 0
weight         = 100

port           = 389
svr hostname   = dc01.example.com

_ldap._tcp.example.com SRV service location:
priority       = 0
weight         = 100
port           = 389
svr hostname   = dc02.example.com

This shows two domain controllers for example.com – dc01 and dc02. The hostnames resolve to IP addresses using ‘nslookup dc01’ etc…

Specify Alternate DNS Server

When troubleshooting potential issues with your DNS environment it can be handy to switch to an alternate or external name server to see if the issues persist. For example:

nslookup
>server IPofDNSServer

Which would result in:

nslookup
>server 8.8.4.4
Default Server: google-public-dns-b.google.com
Address: 8.8.4.4

> wikipedia.org
Server: google-public-dns-b.google.com
Address: 8.8.4.4

Non-authoritative answer:
Name: wikipedia.org
Addresses: 2620:0:860:ed1a::1
208.80.153.224

You can see in the example above that the Default Server shows as google-public-dns now instead of Unknown as it did earlier, signifying that we are now using a defined server.

Verbose DNS Lookup

If you want as much information as you can get for a specific command you can enable verbose output by entering the following command:

nslookup
>set debug
>wikipedia.org

Which results in:

Server: UnKnown
Address: 10.2.0.1

- - - - - - -
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0

QUESTIONS:
wikipedia.org, type = A, class = IN
ANSWERS:
-> wikipedia.org
internet address = 208.80.153.224
ttl = 600 (10 mins)

- - - - - - -
Non-authoritative answer:
- - - - - - -
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0

QUESTIONS:
wikipedia.org, type = AAAA, class = IN
ANSWERS:
-> wikipedia.org
AAAA IPv6 address = 2620:0:860:ed1a::1
ttl = 600 (10 mins)

- - - - - - -
Name: wikipedia.org
Addresses: 2620:0:860:ed1a::1
208.80.153.224

Pretty simple, huh? I especially like the command for setting a specific DNS server. This can come in handy for ruling out DNS caching issues on specific DNS servers when making DNS changes.

Tips for Troubleshooting DNS Issues

While troubleshooting DNS issues (or issues that have the potential to be related to DNS) here are some useful troubleshooting tips:

  • Use nslookup or dig to verify DNS records are resolving correctly. Check for any NXDOMAIN or timeout errors.
  • Confirm the DNS servers configured on the affected host are reachable by pinging or using telnet on port 53.
  • Check that the DNS servers have the expected forwarders and root hints configured if they are internal DNS servers.
  • Retry lookups using a public DNS server like Google (8.8.8.8) or Cloudflare (1.1.1.1) to isolate issues.
  • Check the DNS cache on client machines with ipconfig /displaydns and clear it with ipconfig /flushdns if needed.
  • Verify the DNS zones on the servers have been updated with any recent changes and the SOA serial number has incremented.
  • Look at query logging on the DNS servers to identify any problem queries or clients.
  • If using DNSSEC, verify keys are signing records correctly and there are no RRSIG expiration issues.
  • For web traffic issues, use dig to check both A records and CNAME records are resolving.
  • Check for firewall or ACLs that may be blocking DNS traffic on UDP port 53 or TCP port 53.
  • Enable debug logging on DNS servers and dig/nslookup clients to get more detailed troubleshooting data.
  • For AD issues, follow specific guides for resolving DNS problems with Active Directory.
  • Finally, don’t forget to check for typos! Many DNS issues are due to small errors in records or zones.

Hopefully this helps you out and saves you some time and heartache!

Recommended Tool: ManageEngine OpManager

  • Multi-vendor Network Monitoring
  • Simple Installation & Setup
  • Intuitive UI
  • Complete Visibility
  • Intelligent Detections
  • Easy Resolutions

Avatar

Network Engineer III

I am a Senior Network Engineer who has spent the last decade elbow deep in enterprise System Administration and Networking in the local government and energy sectors. I can usually be found trying to warm up behind the storage arrays in the datacenter.

Leave a Reply

Your email address will not be published. Required fields are marked *