How to Use Nslookup Command
Nslookup (short for name server lookup) is an excellent tool for querying DNS (domain name systems).
Importance of DNS
DNS is such a foundational aspect of how networks and the internet work that it’s hard to categorize it as either more sysadmin or more networking related. In most of the environments I’ve worked in it’s usually the SysAdmins that manage DNS or a dedicated DNS group in very large enterprises since DNS is a server role, yet it’s affect on network communications is pretty substantial and many a network admin will find themselves doing DNS lookups while troubleshooting.
In a nutshell, DNS helps computers on a network communicate by translating domain names to IP addressees which are used in routing.
When you type networkproguide.com into your address bar your computer queries your local DNS server which queries a public DNS server to figure out what IP address networkproguide.com has. At that point routing takes over and directs the packets from your computer to the destination.
When DNS doesn’t work right, things on your network can fail to communicate. Not good!
Using Nslookup we can quickly gather a variety of information about DNS. Most people know the basic nslookup command for checking a host name’s IP or IP’s hostname but not many know to use all the other cool features like specifying the DNS server to use or choosing what type of record to query for a given IP and so on.
Let’s dig in and learn some of these tricks!
Nslookup Command Syntax
The primary command for entering Nslookup is:
nslookup
You can either use the command by itself to enter a dedicated command line within the nslookup program or you can enter commands on the same line to return your result and return you to the base command prompt.
For example:
nslookup
Will return:
Default Server: UnKnown
Address: 10.2.0.1
>
Leaving you at a prompt within nslookup where you can enter more command and parameters. Whereas entering:
nslookup wikipedia.org
Will return:
Server: UnKnown
Address: 10.2.0.1
Non-authoritative answer:
Name: wikipedia.org
Addresses: 2620:0:860:ed1a::1
208.80.153.224
C:\Users\rsanchez>
Returning you back to the base command prompt.
If you want a complete list of all nslookup commands, switches, and paramaters you can enter:
nslookup ?
Nslookup Command Examples
The following are some examples of the most useful (in my personal opinion) nslookup commands. You can think of it as a mini nslookup cheatsheet of sorts.
Lookup Domain Name (PTR Record Lookup)
nslookup 208.80.153.224
Which results in:
Server: UnKnown
Address: 10.2.0.1
Name: text-lb.codfw.wikimedia.org
Address: 208.80.153.224
Lookup IP address (A Record Lookup)
nslookup wikipedia.org
Which results in:
Server: UnKnown
Address: 10.2.0.1
Non-authoritative answer:
Name: wikipedia.org
Addresses: 2620:0:860:ed1a::1
208.80.153.224
Email MX Record Lookup
This one requires that enter the nslookup prompt first, then set our record type, then enter our domain name to return our result as so:
nslookup
> set q=mx
> wikipedia.org
Which results in:
Server: UnKnown
Address: 10.2.0.1
Non-authoritative answer:
wikipedia.org MX preference = 10, mail exchanger = mx1001.wikimedia.org
wikipedia.org MX preference = 50, mail exchanger = mx2001.wikimedia.org
Start of Authority (SOA) Record Lookup
nslookup
>set q=SOA
>wikipedia.org
Which results in:
Server: UnKnown
Address: 10.2.0.1
Non-authoritative answer:
wikipedia.org
primary name server = ns0.wikimedia.org
responsible mail addr = hostmaster.wikimedia.org
serial = 2018081012
refresh = 43200 (12 hours)
retry = 7200 (2 hours)
expire = 1209600 (14 days)
default TTL = 3600 (1 hour)
Lookup All DNS Records
This is a bit of a misnomer. You can’t really return all records. You can only return the records that the particular DNS servers you’re using are aware of. To truly get all records for a domain you’d be looking at what is called a zone transfer and most DNS servers restrict those for good reason.
nslookup
>set type=all
>microsoft.com
Which results in:
microsoft.com internet address = 23.100.122.175
microsoft.com internet address = 23.96.52.53
microsoft.com internet address = 191.239.213.197
microsoft.com internet address = 104.40.211.35
microsoft.com internet address = 104.43.195.251
microsoft.com nameserver = ns4.msft.net
microsoft.com nameserver = ns1.msft.net
microsoft.com nameserver = ns2.msft.net
microsoft.com nameserver = ns3.msft.net
microsoft.com
primary name server = ns1.msft.net
responsible mail addr = msnhst.microsoft.com
serial = 2018090721
refresh = 7200 (2 hours)
retry = 600 (10 mins)
expire = 2419200 (28 days)
default TTL = 3600 (1 hour)
Nameserver Lookup
nslookup
> set q=ns
> wikipedia.org
Server: UnKnown
Address: 10.2.0.1
Non-authoritative answer:
wikipedia.org nameserver = ns1.wikimedia.org
wikipedia.org nameserver = ns2.wikimedia.org
wikipedia.org nameserver = ns0.wikimedia.org
Specify Alternate DNS Server
nslookup
>server IPofDNSServer
Example:
nslookup
>server 8.8.4.4
Default Server: google-public-dns-b.google.com
Address: 8.8.4.4
> wikipedia.org
Server: google-public-dns-b.google.com
Address: 8.8.4.4
Non-authoritative answer:
Name: wikipedia.org
Addresses: 2620:0:860:ed1a::1
208.80.153.224
You can see in the example above that the Default Server shows as google-public-dns now instead of Uknown as it did earlier, signifying that we are now using a defined server.
Verbose DNS Lookup
If you want as much information as you can get for a specific command you can enable verbose output by entering the following command:
nslookup
>set debug
>wikipedia.org
Which results in:
Server: UnKnown
Address: 10.2.0.1
– – – – – – –
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
wikipedia.org, type = A, class = IN
ANSWERS:
-> wikipedia.org
internet address = 208.80.153.224
ttl = 600 (10 mins)
– – – – – – –
Non-authoritative answer:
– – – – – – –
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
wikipedia.org, type = AAAA, class = IN
ANSWERS:
-> wikipedia.org
AAAA IPv6 address = 2620:0:860:ed1a::1
ttl = 600 (10 mins)
– – – – – – –
Name: wikipedia.org
Addresses: 2620:0:860:ed1a::1
208.80.153.224
Pretty simple, huh? I especially like the command for setting a specific DNS server. This can come in handy for ruling out DNS caching issues on specific DNS servers when making DNS changes.
Hopefully this helps you out and saves you some time and heartache!
Recommended for You: Solarwinds Server & Application Monitor (SAM)
Know which applications are having issues in your environment before users complain? Know which systems are causing those problems? How about which servers are about to have problems like running out of space or memory?
Automate collection of data and alerting on your applications and servers with Solarwinds Server & Application Monitor so you have these answers.
Get insight into Active Directory, DNS, DHCP, and your Virtual and Applications environments without needing to mess with complex templates or knowing a single line of code.