How to Use NSLookup Command on Windows (Examples). Nslookup is a command in Windows used for obtaining information about domain names and the Internet Protocol (IP) addresses associated with those domain names. For example, the nslookup command is highly useful in obtaining different types of information using DNS queries, such as mail exchange server information, authoritative information, doing a reverse lookup, and so on.
Simply put, nslookup searches a local or remote DNS server for information on the requested domain. This command is critical for system and network engineers and admins who manage DNS services within their organizations and therefore, it is imperative to learn its syntax, applications, and limitations. This tutorial illustrates how to use the nslookup command with detailed explanations and plenty of practical examples.
Nslookup Modes
Interactive mode
To use NSlookup in interactive mode, type “nslookup” on the command prompt and press “enter.” This will return with a display of the the local DNS server together with the IP address associated with your machine.
Alternatively, the nslookup command can enter interactive mode when no arguments are given, or when the first argument is a – (minus sign) and the second argument is the host name or internet address of a name server. When no arguments are given, the command queries the default name server. To illustrate this let’s execute a basic nslookup command.
nslookup
You’ll see the following output:
Default Server: dns.google
Address: 8.8.8.8
Once the nslookup returns the information, you will be presented with a nslookup prompt to continue running the commands. For example, enter your select domain name and you will receive information regarding it. In this case the domain name is www.google.com
www.google.com
The following output appears:
Server: dns.google
Address: 8.8.8.8
Non-authoritative answer:
Name: www.google.com
Addresses: 2a00:1450:401a:800::2004
172.217.170.164
The command allows you to specify options. Specifying options while using the interactive mode is done on a separate line before the query and needs to be preceded with “set” keyword.
set type-ns
www.google.com
Carrying out this command gives the following output:
Server: dns.google
Address: 8.8.8.8
google.com
primary name server = ns1.google.com
responsible mail addr = dns-admin.google.com
serial 515288775
refresh 900 (15 mins)
retry = 900 (15 mins)
expire = 1800 (30 mins)
default TTL= 60 (1 min)
Finally use the “exit” command to exit the interactive mode.
exit
Non-interactive mode
This mode is useful if you’d like nslookup to issue single queries. Both the query and the command are all on the same line. The nslookup command enters non-interactive mode when you give the name or internet address of the host to be looked up as the first argument. The optional second argument specifies the host name or address of a name server. You can specify options on the command line if they precede the arguments and are prefixed with a hyphen.
nslookup -type-ns www.google.com
This command gives the following output:
Server: dns.google
Address: 8.8.8.8
google.com
primary name server = ns1.google.com
responsible mail addr = dns-admin.google.com
serial = 515590537
refresh 900 (15 mins) retry = 900 (15 mins) expire = 1800 (30 mins) default TTL= 60 (1 min)
Nslookup syntax
nslookup [-option] [name | -] [server]
Option: This is where you are required to provide the parameter(s) that you wish to use together with the IP address or the domain name. The option ranges from debugging, a port to be used, timeout, and type of the DNS record to many more.
Name: In this part, you are required to provide the IP address or the hostname (domain name). It is the target for which your DNS query is aiming.
Additional Options: This allows you to add an extra option as a parameter depending on the nature of your DNS query.
Server: This specifies from where you want your DNS query to be performed. Omit it to use the default server or to specify another server.
Nslookup options
There are many different options available with the nslookup command:
Nslookup options | Description |
Nslookup set domain=[domain-name] | Changes the default DNS name to the one specified in the option. |
Nslookup set debug | Shows the debugging information |
Nslookup set port=[port-number] | Specifies the query port. Port 53 is default when not passed. |
Nslookup set timeout=[seconds] | Used to set server response time. After this time, the command returns DNS server not responding or not found. |
Nslookup set type=a | Used to view information about the specified DNS A address records |
Nslookup set type=any | This command shows all the records for the specified DNS |
Nslookup set type=hinfo | Used to view the hardware related information regarding the host |
Nslookup set type=mx | To view the information regarding server’s Mail Exchange |
Nslookup set type=ns | Shows the records for the Name Server |
Nslookup set type=ptr | Reverses DNS lookups to view the Pointer records |
Nslookup set type=soa | Shows Start of Authority records |
Nslookup exit | Exits the nslookup command prompt |
Nslookup finger | Used to connect the finger server with on the current machine |
Nslookup help | This command displays brief information regarding the other subcommands |
Nslookup set all | Used to return the current values of the configuration settings |
Nslookup set class | Changes the query class. The class specifies the protocol group of the information |
Nslookup set d2 | Used to turn the exhaustive debugging mode on or off. It prints all the fields of every packet |
Nslookup set retry | Used to specify the number of times for the retries. |
Nslookup set search | Appends the DNS domain search list to the request until an answer is returned. |
Try our Active Directory & Office 365 Reporting & Auditing Tools
Try us out for Free. 100’s of report templates available. Easily customise your own reports on AD, Azure AD & Office 355.
12 examples of NSlookup command usage
There are various DNS record types that nslookup helps you check out. Below are some examples.
1. Nslookup IP address (IP to Domain Name)
In Powershell this command is used to check for domain name provided you know its IP address. See from this code snippet below, the command returns dns.google.com as the domain name for the IP address, 8.8.8.8.
nslookup 8.8.8.8
Result:
Server: Unknown
Address: fe80::7404:37ff:fe53:a5d2
Name: dns.google
Address: 8.8.8.8
2. Nslookup Domain Name (Domain to IP address)
This command is used when one knows the domain name but is looking to find the IP address that correspondent to the domain name. Looking at the code snippet below, several IP addresses comes up as a result of running the command using mydomain.com domain name. Replace mydomain.com with your domain name.
nslookup mydomain.com
Running this command gives the following output:
Server: Unknown
Address: 192.168.100.10
Name: mydomain.com
Addresses: 192.168.100.12
192.168.100.10
192.168.100.11
3. Nslookup MX record
The mail server that is tasked with accepting emails for a specific domain can be found by running a MX record lookup. To be able to find the mx records, one needs to use the option “–type=mx” followed by the domain name. Please replace mydomain.com with your domain name.
nslookup -type-mx mydomain.com
The following is the output:
Server: Unknown
Address: 192.168.100.10
Non-authoritative answer:
mydomain.com MX preference = 0, mail exchanger mydomain-com.mail.eo.outlook.com
mydomain.com.mail.eo.outlook.com internet address 104.47.58.110
mydomain.com.mail.eo.outlook.com internet address 104.47.55.110
4. Nslookup SOA record
At times, one may want to know which DNS server is the best source for information for a given domain. For this, the Start of Authority record comes into aid. It shows the default ttl, responsible mail addresses, the primary name server, and more.
nslookup -type-soa mydomain.com
Result:
Server: Unknown
Address: 192.168.100.10
mydomain.com
primary name server = dc1.mydomain.com
responsible mail addr = hostmaster.mydomain.com
serial = 667
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
dc1.mydomain.com internet address = 192.168.100.10
5. Nslookup CNAME
Used to redirect or alias one DNS name to another DNS name.
nslookup -type=cname www.mydomain.com
Result:
Server: Unknown
Address: fe80::7404:37ff: fe53:a5d2
Non-authoritative answer:
www.mydomain.com canonical name = mydomain.com
6. Nameserver lookup
Useful when one needs to know a domain’s name servers.
nslookup -type-ns www.google.com
Result:
Server: Unknown
Address: fe80::7404:37ff: fe53: a5d2
Non-authoritative answer:
google.com text =
"atlassian-domain-verification=5YjTmWmj192ewqkx20XmBaD60Td9zWon9n
7. Nslookup TXT record
Used to check a domain’s text DNS records.
nslookup -q=TXT www.google.com
Result:
Server: dns.google
Address: 8.8.8.8
google.com
primary name server = ns1.google.com
responsible mail addr = dns-admin.google.com
serial = 515590537
refresh = 900 (15 mins)
retry = 900 (15 mins)
expire = 1800 (30 mins)
default TTL = 60 (1 min)
8. Nslookup all DNS records
Run this command to view all the records for a domain.
nslookup -type=any google.com
Result:
Server: dns.google
Address: 8.8.8.8
Non-authoritative answer:
google.com internet address = 142.250.184.110
google.com AAAA IPv6 address = 2a00:1450:4002:406::200e
google.com text -
"atlassian-domain-verification-5Yjmwmj192ewqkx2oXmBaD60Td9zWon9r6eakvHX6877zzkFQto8PQ9QsKnbf41"
9. Nslookup domain controller
Used to show all the domain’s controllers for the specified domain. Follow these instructions to generate a complete list of domain controllers for a given domain.
- Enter nslookup at the command prompt.
nslookup
Result:
Server: Unknown
Address: ::1
- After pressing enter, type set type=SRV.
set type=SRV
- Then, hit enter after typing _ldap._tcp.mydomain.com. (substitute your own domain name for mydomain.com).
_ldap._tcp.mydomain.com
This returns a list of all domain controllers for the specified domain.
10. Nslookup Verbose
When you need to show much more information regarding a particular resource record such as default TTL, mail addresses, primary name server, and much more, all you have to do is to turn debugging on.
nslookup
In our case the output is:
Default Server: dns9.quad9.net
Address: 9.9.9.9
Then use the command set debug and then enter the domain name.
set debug
google.com
Output:
Server: dns9.quad9.net
Address: 9.9.9.9
----------------
Got answer:
HEADER:
opcode QUERY, id = 2, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
google.com.mhs, type = A, class = IN
AUTHORITY RECORDS:
-> (root)
ttl=559 (9 mins 19 secs)
primary name server = a.root-servers.net responsible mail addr = nstld.verisign-grs.com
serial = 2021090600
refresh = 1800 (30 mins)
retry = 900 (15 mins)
expire = 604800 (7 days)
11. Nslookup use External DNS server
During a troubleshooting process this is very useful. You may find that a website loads when you are outside your internal network but once inside the network it ceases to load. In such a situation, use this command to see if the results returned by an external DNS server differs from that returned by your internal DNS server. Google or your ISP DNS server can be used for this.
Type nslookup and press “enter” to change the DNS server. Follow by typing the server IP ADDRESS. For example, “server 8.8.8.8” and then press enter. By performing these commands, the nslookup command is instructed to run the DNS record lookups while using the 8.8.8.8 server.
nslookup
Output:
Default Server: Unknown
Address: 192.168.100.10
Then next enter the server info which in our case is: 8.8.8.8
server 8.8.8.8
You get:
Default Server: dns.google
Address: 8.8.8.8
Then, if, for example, we run a DNS lookup on yahoo.com, we will have changed to 8.8.8.8 as the DNS server, as you’ll see below:
yahoo.com
Server: dns.google
Address: 8.8.8.8
Non-authoritative answer:
Name: yahoo.com
Addresses: 2001:4998:24:120d::1:1
2001:4998:44:3507::8001
2001:4998:24:120d::1:0
2001:4998:124:1507::f000
2001:4998:124:1507::f001
2001:4998:44:3507::8000
74.6.143.26
98.137.11.164
12. Checking for PTR record
By performing a reverse DNS query, it becomes possible to verify whether a certain IP address is allocated to any domain name. To be able to accomplish this, one needs to look at the PTR record that is used to link a domain name to an IP address. For this to be done, you are required to rearrange the IP address, so that it is in a reverse order. For example “185.136.96.96” changes to “96.96.136.185”. Additionally, considering the fact that it is stored in arpa’s top-level-domain, you have to add in-addr.arpa at the end of the IP address.
nslookup -type-ptr 96.96.136.185.in-addr.arpa
The output:
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
96.96.136.185.in-addr.arpa name = pns21.cloudns.net.
Thank you for reading article How to Use NSLookup Command on Windows (Examples). We shall now conclude.
How to Use NSLookup Command on Windows (Examples) Conclusion
In this article, I demonstrated various instances of how to utilize the nslookup Windows command. The nslookup command is an excellent tool for troubleshooting and verifying DNS records. Many network issues are often tied to DNS, thus knowing how to rapidly verify whether DNS is functioning properly saves a lot of time. Nslookup is quite simple to use in Windows’ command prompt.
Now, for the more tech savvy readers among you, the nslookup command also be used for testing out DNS servers. The nslookup command includes a number of sophisticated options for testing name resolution, as well as a verbose debug mode for enhanced debugging. This tutorial should provide you with sufficient knowledge of how to use the command.
It is crucial to remember, however, that for websites that do not have a dedicated IP address, the results may vary each time you run this command.
Try InfraSOS for FREE
Invite your team and explore InfraSOS features for free
- Free 15-Days Trial
- SaaS Reporting & Auditing Solution
- Full Access to All Features