Active Directory & Office 365 Reporting Tool

How to Use NSLookup Command on Windows (Examples). Nslookup is a command in Windows used for obtaining information about domain names and the Internet Protocol (IP) addresses associated with those domain names. For example, the nslookup command is highly useful in obtaining different types of information using DNS queries, such as mail exchange server information, authoritative information, doing a reverse lookup, and so on.

Simply put, nslookup searches a local or remote DNS server for information on the requested domain. This command is critical for system and network engineers and admins who manage DNS services within their organizations and therefore, it is imperative to learn its syntax, applications, and limitations. This tutorial illustrates how to use the nslookup command with detailed explanations and plenty of practical examples.

Nslookup Modes

Interactive mode

To use NSlookup in interactive mode, type “nslookup” on the command prompt and press “enter.” This will return with a display of the  the local DNS server together with the IP address associated with your machine.

Alternatively, the nslookup command can enter interactive mode when no arguments are given, or when the first argument is a – (minus sign) and the second argument is the host name or internet address of a name server. When no arguments are given, the command queries the default name server. To illustrate this let’s execute a basic nslookup command.


You’ll see the following output:

Default Server: dns.google

Once the nslookup returns the information, you will be presented with a nslookup prompt to continue running the commands. For example, enter your select domain name and you will receive information regarding it. In this case the domain name is www.google.com



The following output appears:

					Server: dns.google 
Non-authoritative answer:
Name: www.google.com
Addresses: 2a00:1450:401a:800::2004

The command allows you to specify options. Specifying options while using the interactive mode is done on a separate line before the query and needs to be preceded with “set” keyword.

					set type-ns 


Carrying out this command gives the following output:

					Server: dns.google

         primary name server = ns1.google.com
         responsible mail addr = dns-admin.google.com 
         serial 515288775
         refresh 900 (15 mins)
         retry = 900 (15 mins) 
         expire = 1800 (30 mins) 
         default TTL= 60 (1 min)


Finally use the “exit” command to exit the interactive mode.


Non-interactive mode

This mode is useful if you’d like nslookup to issue single queries. Both the query and the command are all on the same line. The nslookup command enters non-interactive mode when you give the name or internet address of the host to be looked up as the first argument. The optional second argument specifies the host name or address of a name server. You can specify options on the command line if they precede the arguments and are prefixed with a hyphen.

					nslookup -type-ns www.google.com 


This command gives the following output:

Server: dns.google
       primary name server = ns1.google.com
       responsible mail addr = dns-admin.google.com
       serial = 515590537
       refresh 900 (15 mins) retry = 900 (15 mins) expire = 1800 (30 mins) default TTL= 60 (1 min)


Nslookup syntax

nslookup [-option] [name | -] [server]

Option: This is where you are required to provide the parameter(s) that you wish to use together with the IP address or the domain name. The option ranges from debugging, a port to be used, timeout, and type of the DNS record to many more.

Name: In this part, you are required to provide the IP address or the hostname (domain name). It is the target for which your DNS query is aiming.

Additional Options: This allows you to add an extra option as a parameter depending on the nature of your DNS query.

Server: This specifies from where you want your DNS query to be performed. Omit it to use the default server or to specify another server.

Nslookup options

There are many different options available with the nslookup command:

Nslookup options


Nslookup set domain=[domain-name]

Changes the default DNS name to the one specified in the option.

Nslookup set debug

Shows the debugging information

Nslookup set port=[port-number]

Specifies the query port. Port 53 is default when not passed.

Nslookup set timeout=[seconds]

Used to set server response time. After this time, the command returns DNS server not responding or not found.

Nslookup set type=a

Used to view information about the specified DNS A address records

Nslookup set type=any

This command shows all the records for the specified DNS

Nslookup set type=hinfo

Used to view the hardware related information regarding the host

Nslookup set type=mx

To view the information regarding server’s Mail Exchange

Nslookup set type=ns

 Shows the records for the Name Server

Nslookup set type=ptr

Reverses DNS lookups to view the Pointer records

Nslookup set type=soa

Shows Start of Authority records

Nslookup exit

Exits the nslookup command prompt

Nslookup finger

Used to connect the finger server with on the current machine

Nslookup help

This command displays brief information regarding the other subcommands

Nslookup set all

Used to return the current values of the configuration settings

Nslookup set class

Changes the query class. The class specifies the protocol group of the information

Nslookup set d2

Used to turn the exhaustive debugging mode on or off. It prints all the fields of every packet

Nslookup set retry

Used to specify the number of times for the retries.

Nslookup set search

Appends the DNS domain search list to the request until an answer is returned.

Try our Active Directory & Office 365 Reporting & Auditing Tools

Try us out for Free.  100’s of report templates available. Easily customise your own reports on AD, Azure AD & Office 355.

12 examples of NSlookup command usage

There are various DNS record types that nslookup helps you check out. Below are some examples.

1. Nslookup IP address (IP to Domain Name)

In Powershell this command is used to check for domain name provided you know its IP address. See from this code snippet below, the command returns dns.google.com as the domain name for the IP address,



Server: Unknown
Address: fe80::7404:37ff:fe53:a5d2
Name: dns.google


2. Nslookup Domain Name (Domain to IP address)

This command is used when one knows the domain name but is looking to find the IP address that correspondent to the domain name. Looking at the code snippet below, several IP addresses comes up as a result of running the command using mydomain.com domain name. Replace mydomain.com with your domain name.

					nslookup mydomain.com 


Running this command gives the following output:

Server: Unknown

Name: mydomain.com

3. Nslookup MX record

The mail server that is tasked with accepting emails for a specific domain can be found by running a MX record lookup. To be able to find the mx records, one needs to use the option “–type=mx” followed by the domain name. Please replace mydomain.com with your domain name.

					nslookup -type-mx mydomain.com


The following is the output:

					Server: Unknown

Non-authoritative answer:
mydomain.com MX preference = 0, mail exchanger mydomain-com.mail.eo.outlook.com
mydomain.com.mail.eo.outlook.com     internet address
mydomain.com.mail.eo.outlook.com     internet address


4. Nslookup SOA record

At times, one may want to know which DNS server is the best source for information for a given domain. For this, the Start of Authority record comes into aid. It shows the default ttl, responsible mail addresses, the primary name server, and more.

					nslookup -type-soa mydomain.com



Server: Unknown
          primary name server = dc1.mydomain.com
          responsible mail addr = hostmaster.mydomain.com
          serial = 667
          refresh = 900 (15 mins)
          retry = 600 (10 mins)
          expire = 86400 (1 day)
          default TTL = 3600 (1 hour)
dc1.mydomain.com internet address =


5. Nslookup CNAME

Used to redirect or alias one DNS name to another DNS name.

					nslookup -type=cname www.mydomain.com



					Server:   Unknown
Address:  fe80::7404:37ff: fe53:a5d2

Non-authoritative answer:
www.mydomain.com     canonical name = mydomain.com


6. Nameserver lookup

Useful when one needs to know a domain’s name servers.

					nslookup -type-ns www.google.com 



					Server:  Unknown
Address:  fe80::7404:37ff: fe53: a5d2

Non-authoritative answer:
google.com       text =

7. Nslookup TXT record

Used to check a domain’s text DNS records.

					nslookup -q=TXT www.google.com


					Server:  dns.google

         primary name server = ns1.google.com
         responsible mail addr = dns-admin.google.com
         serial = 515590537
         refresh = 900 (15 mins) 
         retry = 900 (15 mins) 
         expire = 1800 (30 mins) 
         default TTL = 60 (1 min)


8. Nslookup all DNS records

Run this command to view all the records for a domain.

					nslookup -type=any google.com


Server: dns.google

Non-authoritative answer:
google.com       internet address =
google.com       AAAA IPv6 address = 2a00:1450:4002:406::200e
google.com       text -


9. Nslookup domain controller

Used to show all the domain’s controllers for the specified domain. Follow these instructions to generate a complete list of domain controllers for a given domain.

  • Enter nslookup at the command prompt.


					Server: Unknown
Address: ::1

  • After pressing enter, type set type=SRV.
					set type=SRV
  • Then, hit enter after typing _ldap._tcp.mydomain.com. (substitute your own domain name for mydomain.com).

This returns a list of all domain controllers for the specified domain.

10. Nslookup Verbose

When you need to show much more information regarding a particular resource record such as default TTL, mail addresses, primary name server, and much more, all you have to do is to turn debugging on.


In our case the output is:

					Default Server: dns9.quad9.net 

Then use the command set debug and then enter the domain name.

					set debug 


					Server:   dns9.quad9.net
Got answer:
           opcode QUERY, id = 2, rcode = NXDOMAIN
           header flags:  response, want recursion, recursion avail.
           questions = 1, answers = 0, authority records = 1, additional = 0
           google.com.mhs, type = A, class = IN
     ->   (root)
            ttl=559 (9 mins 19 secs)
            primary name server = a.root-servers.net responsible mail addr = nstld.verisign-grs.com 
            serial = 2021090600
            refresh = 1800 (30 mins)
            retry = 900 (15 mins)
            expire = 604800 (7 days)


11. Nslookup use External DNS server

During a troubleshooting process this is very useful. You may find that a website loads when you are outside your internal network but once inside the network it ceases to load. In such a situation, use this command to see if the results returned by an external DNS server differs from that returned by your internal DNS server. Google or your ISP DNS server can be used for this.

Type nslookup and press “enter” to change the DNS server. Follow by typing the server IP ADDRESS. For example, “server” and then press enter. By performing these commands, the nslookup command is instructed to run the DNS record lookups while using the server.




					Default Server: Unknown 

Then next enter the server info which in our case is:


You get:

					Default Server: dns.google 

Then, if, for example, we run a DNS lookup on yahoo.com, we will have changed to as the DNS server, as you’ll see below:

Server: dns.google 

Non-authoritative answer:
Name:          yahoo.com
Addresses:   2001:4998:24:120d::1:1


12. Checking for PTR record

By performing a reverse DNS query, it becomes possible to verify whether a certain IP address is allocated to any domain name. To be able to accomplish this, one needs to look at the PTR record that is used to link a domain name to an IP address. For this to be done, you are required to rearrange the IP address, so that it is in a reverse order. For example “” changes to “”. Additionally, considering the fact that it is stored in arpa’s top-level-domain, you have to add in-addr.arpa at the end of the IP address.

					nslookup -type-ptr


The output:


Non-authoritative answer:      name = pns21.cloudns.net.

Thank you for reading article How to Use NSLookup Command on Windows (Examples). We shall now conclude. 

How to Use NSLookup Command on Windows (Examples) Conclusion

In this article, I demonstrated various instances of how to utilize the nslookup Windows command. The nslookup command is an excellent tool for troubleshooting and verifying DNS records. Many network issues are often tied to DNS, thus knowing how to rapidly verify whether DNS is functioning properly saves a lot of time. Nslookup is quite simple to use in Windows’ command prompt. 

Now, for the more tech savvy readers among you, the nslookup command also be used for testing out DNS servers.  The nslookup command  includes a number of sophisticated options for testing name resolution, as well as a verbose debug mode for enhanced debugging. This tutorial should provide you with sufficient knowledge of how to use the command.

It is crucial to remember, however, that for websites that do not have a dedicated IP address, the results may vary each time you run this command.


Try InfraSOS for FREE

Invite your team and explore InfraSOS features for free

Josiah Mutuma

Josiah Mutuma

Josiah is a tech security expert and has been a writer for over 5 years. Follow this blog to learn more on Microsoft and Cyber security.

Leave a comment

Your email address will not be published. Required fields are marked *