header banner

Our funding comes from our readers, and we may earn a commission if you make a purchase through the links on our website.

NSLOOKUP – Tutorial & How-To Check DNS Records, etc

NSLOOKUP – Tutorial and how To Check DNS Records

Marc Wilson UPDATED: December 11, 2023

There are many different good reasons why you would need to check DNS resource records. Maybe you need to test whether the updates on the DNS configuration took effect, or you could also be attempting to troubleshoot a problem related to access to a specific server.

The easiest and most efficient way to test and troubleshoot DNS is with the command-line utility, known as, Nslookup. With this tool, you can determine the name-to-IP address mappings, the mail server IP, the authoritative DNS server, and more.

In this post, you are going to learn how to use NSlookup to Check DNS Records and also to troubleshoot DNS issues.

There is no Internet connection

What is DNS and How it Works?

Before jumping into Nslookup examples, it is critical to understand how DNS works. This knowledge will help you identify and solve DNS problems much faster.

DNS (Domain Name System) is probably one of the most important components on the Internet. Without DNS, the Internet wouldn’t be as user-friendly as it is. Without it, people would have to remember the IP addresses of all the websites and services they frequent.

DNS solves this issue, as it provides a system for recording and looking up names, much like a phonebook. The DNS Servers distributed across the Internet keep a directory of these names and translate them to their respective IP address.

So, How DNS Works Step-by-step?

The whole DNS lookup process is triggered, once you input a domain name such as google.com, or use an application that uses a name, it could be anything from web browsers, email, Active Directory, databases, P2P, multiplayer games, and more.

Your computer will likely don’t know where the google.com server is located, so it initiates a DNS  lookup.

DNS lookup diagram

  1. The name of the webpage or service is initially looked on the computer’s internal cache. Applications such as webpages and Operating Systems have an internal DNS cache that is used to store DNS records information. The DNS cache helps improve load times.
  2. If the domain name (or hostname) is not found on the internal cache, the computer’s DNS service will send a query to the local DNS server (or a Recursive DNS resolver). The query would be something like, “What is the IP address of the Fully Qualified Domain Name (FQDN) google.com?”
  3. This first DNS query goes to the Recursive DNS server, which is usually geographically closer to where the DNS query was originated. The information for this server can be given via DHCP by local ISP or from the network, or by manually entering a public DNS server or local DNS server. The recursive DNS takes the name query and checks its local records obtained from authoritative DNS servers.
  4. If the recursive server is unable to find the DNS record in its cache, it will forward the query to the highest level of the DNS hierarchy, the root DNS. These root DNS servers have the DNS resources for the TLD nameserver, which in turn have information for the authoritative nameserver for that domain. Below is the DNS hierarchical tree.

DNS Hierarchical Tree

DNS Zone Files and Resource Record Types

All the DNS mappings between domain names and IP addresses are contained within a DNS zone file. A DNS zone file is a simple text file with all the details of the DNS resource records.

The DNS resource record is configured at the DNS server, but understanding its contents is critical for troubleshooting DNS.

As you can see below in the DNS query response packet capture from the packet sniffer Wireshark, DNS provides more than just the IP to DNS mapping. It also contains information such as Record type, Class, Timestamp, and Time-to-Live.

DNS query response packet capture

A brief description of some of these fields:

  • Resource Record Type: There are many DNS record types, but the most common are, the A Record (hostname to IPv4 address), the AAAA Record (hostname to IPv6 address), PTR (Points IP to name), ALIAS (Auto-resolved alias), CNAME (Canonical name to an alias), MX (Mail eXchange to IP), SoA (Start of Authority), and NS (Name Server).
  • DNS Class: The class represents the protocol family, which in most cases, is (IN) for the Internet class.
  • TTL: Specifies how long a DNS resolver should cache the DNS query before it expires. TTL is in seconds.

Starting with Nslookup

When you cannot browse the Internet, send an email, or connect to a domain server, then you might have a DNS problem. A quick and easy way to troubleshoot DNS issues is through the nslookup command. The nslookup is a built-in command-line tool available in most Operating Systems. It is used for querying the DNS and obtaining domain names, IP addresses, and DNS resource record information.

Before using this command, you need to be familiar with how DNS works. If you are not, please go back to the previous section.

What is Nslookup?

Users can enter a hostname into an application called nslookup (Name Server Lookup.) to obtain the appropriate IP address or Domain Name System (DNS) record. Basically, it is a command-line utility used in networking and system management to query DNS servers. Additionally, users can use the nslookup command to perform a reverse DNS lookup and discover the hostname associated with a given IP address. It further allows administrators to discover the ports in use and the timeout.

It is a built-in tool in many Linux distributions as well as computer operating systems like Windows and macOS. Server admins can even use it to look at pointer records. Through the use of a reverse DNS query, you can use this to confirm whether an IP address is associated with a domain name.

Further, it is possible to test and troubleshoot DNS servers using the nslookup program. This program can be used by entering “nslookup” into a command-line interface (CLI), such as Command Prompt on Windows or Terminal on Linux and macOS.

For requesting information from other domains, there are numerous types of nslookup commands one can use, including:

  • name Uses the default server to display all details related to the hostname or domain name.
  • server name uses the information from the current DNS server to set an alternative default DNS server.
  • root gives the root server default status.
  • set type=<record type> searches an individual DNS record type, such as A, PTR, MX, or SOA. All server records can be seen by using ANY.
  • set debug reveals debugging details for each query and the related response.
  • set recurse instructs the DNS nameserver to contact more servers if it is unable to supply the information.
  • help  lists the nslookup commands along with what each one does.
  • exit returns users to the CLI after quitting the nslookup program.

What Is Nslookup Used For?

Mostly, Nslookup is used by network administrators for security or to troubleshoot server connections. While a few server admins even use it for testing their networks.

Additionally, users can choose a root server, select options like timeout and retry, or obtain debugging data. NsLookup can also be used to verify mail exchanger records, or MX records, which specify email routing based on the servers connected to a given domain.

There are various benefits to using Nslookup command. One can even use the command for security purposes. DNS spoofing is a common tactic used by threat actors in their phishing assaults. To trick the victims into visiting a fake website, they purposefully misspell a domain name and add or remove a punctuation mark. Regular users might not distinguish, for example, between instagram.com and innstagram.com.

Another benefit of using the Nslookup command is it prevents DNS cache poisoning as well. In this attack, fraudsters place false information and spread it to DNS recursive servers, pointing to an erroneous authoritative server. Here, hackers disseminate information to caching resolvers that are linked to a phony authoritative server.

Nslookup Command Syntax

To start with Nslookup in Windows OS, let’s see its command syntax:

nslookup [<-SubCommand …>] [{<computerTofind> | -<Server>}]

  • For more information on how to operate the command, open the Command Prompt (cmd) and type “nslookup”.
  • When you see the prompt “>” open the help menu by typing “?”.

nslookup

Check DNS Records with Nslookup

To give you an idea of how to use Nslookup and find DNS records, let’s start with some common commands.

  1. Find the A record: These types of records are the most common. They map a domain name to an IP address.

nslookup-example

  1. Find the PTR record: The Pointer (PTR) record type is the reverse of the A record. It resolves an IP to a domain or hostname. Use this command in case you know the IP address, but don’t know the domain name.

nslookup ptr record

  1. Find the MX Records: This type of resource record will identify the IP address of the servers responsible for a specific Mail Exchange (MX) service.

The command is: nslookup -query=mx [domain]

nslookup -query=mx

  1. Find the SoA Record of a domain: The Start of Authority record contains administrative information about the zone transfers. This record shows the DNS server that contains the best (Authoritative) source of information for that specific domain. The output includes the primary name server, mail address, TTL, and more.

The command is: nslookup -type=soa [domain]

nslookup -type=soa

  1. Find the NS records: The Name Server (NS) resource record shows you the authoritative DNS server for that domain. This record shows the actual server that contains the original DNS records.

The command is: nslookup -type=ns [domain]

nslookup -type=ns

Note: The non-authoritative answer means that the query response was not fetched from the authoritative DNS but from some other server.

  1. Find all available records of a domain. To know all available records of a domain, including A, AAA, MX, NS, and more, use the following command:
    nslookup -type=any [domain]

nslookup -type=any

Troubleshooting DNS Issues

Failure in the Recursive DNS server or internal DNS cache doesn’t mean that you are suddenly cut off from the entire Internet. But a crash on the local DNS used for services such as Authentication or Active Directory can leave the whole company without access to critical services.

Additionally, a failure from a root DNS, TLD, authoritative DNS, is serious trouble for the entire Internet. But fortunately, as an end-user, you wouldn’t have to worry about solving that!

1. Isolate the problem

The first step into troubleshooting a DNS issue is to start from the client itself.

Which application is not working? Is it only email? Or web browsing? Is it access to all the Internet?

To isolate the problem from internal cache issues, software problems, or connectivity problems, try using other applications and workstations.

For example, try browsing with other web browsers. If Chrome is not working, but Mozilla does, then you might only need to clear the registries such as cookies, history, cache images, URLs, etc.

To clean the Chrome DNS cache, go to Chrome and type:

Go to “chrome://net-internals/#dns” and click on “Clear host cache

Clear host cache

To make sure that you have connectivity to the Internet, you can perform a ping to an IP address. Pinging an IP address directly will bypass the DNS lookup process. If you have a response, that means there is an Internet connection, if you don’t, then something is wrong with your connection, and is probably not related to DNS.

ping command

If you do have a response from an IP address but not from a name, then the problem must be related to DNS.

2. Verify and Change your Recursive DNS Server

As mentioned before, the local recursive DNS server configured in your client might have come with a DHCP response or manually entered by an administrator. Let’s make sure that you are able to reach the server.

  1. Open the “Command Prompt” and type “ipconfig /all”.
  2. Find the IP address of the DNS and ping it.
  3. If you were able to reach the DNS server through a ping, then that means that the server is alive. Try performing simple nslookup commands. If you are still unable to resolve names, then that must be a problem with the recursive DNS server.
  4. Test alternative DNS servers. Fortunately, you don’t have to use a specific DNS server given by your local ISP or internal network. If web browsing is the issue, then you can test other DNS servers available for free. Some most popular DNS servers are:
  • Google DNS: 8.8.8.8 and 8.8.4.4
  • Cloudflare: 1.1.1 and 1.0.0.1
  • Open DNS: 67.222.222 and 208.67.220.220

To change the DNS server use the following command:

nslookup > server [DNS-Server-IP]

nslookup

  1. Test the new server with a query.
  2. If your DNS server is an authoritative DNS or a local DNS providing services like Active Directory, then you might need to check the DNS server itself. Checking Active Directory services, zone files, zone transfers, or other DNS configuration parameters, is out of the scope for this tutorial.

3. Renew IP information and flush DNS cache

Renewing your IP information will release and request new information from the DHCP, which includes DNS information.

  • Open the Command Prompt with administrator rights, and type the commands:
    ipconfig /release
    ipconfig /renew
  • Now let’s clear the cache and reload information from the DNS server with the commands:
    ipconfig /flushdns

ipconfig-flush

4. Resolve a name from the Authoritative DNS Server

If the internal DNS server is resolving some names but not specific ones, try resolving a name from the authoritative DNS server itself.

  • First find the server with the command:
    nslookup -type=soa [domain]
  • Then resolve from that server with:
    nslookup [domain] [server]

nslookup-soa

3.3 Other Solutions

If none of the solutions above worked for you, try the following alternatives:

  • Reboot your local router. Performing an administrative or power-cycle reboot to your local router might renew routes towards a DNS server, or load new DHCP information.
  • Turn off any filters like VPNs or Proxies. These services filter your Internet connection, including the DNS lookup requests.
  • Scan your computer for viruses. Viruses and Malware can redirect traffic from your web browser. Scan your computer and make sure it is free from Malware.

Final Words

Before you start attempting to troubleshoot DNS issues with nslookup, you must understand the realms of DNS. Knowing how DNS works, what happens during the DNS lookup process, and knowing about its resource types, should give you a solid foundation for troubleshooting with nslookup.

Nslookup is free and easy to use, and you can find it in all Operating systems, as long as they have TCP/IP protocol installed.

Related Post: How To Scan Network For IP Addresses

NSLOOKUP FAQs

How do I use NSLOOKUP to find the IP address of a domain name?

To use NSLOOKUP to find the IP address of a domain name, open a command prompt and type "nslookup domainname.com", replacing "domainname.com" with the name of the domain you want to look up. The tool will return the IP address(es) associated with that domain name.

How do I use NSLOOKUP to find the DNS server responsible for resolving a domain name?

To use NSLOOKUP to find the DNS server responsible for resolving a domain name, open a command prompt and type "nslookup -type=ns domainname.com", replacing "domainname.com" with the name of the domain you want to look up. The tool will return the name server(s) responsible for resolving that domain name.

How do I use NSLOOKUP to troubleshoot DNS issues?

To use NSLOOKUP to troubleshoot DNS issues, you can use the tool to query different types of DNS records, such as A records, MX records, and CNAME records, to see if they are resolving correctly. If there are issues, you can also use NSLOOKUP to query specific DNS servers to see if the problem is with the server or with your local DNS settings.

What are the different types of queries that can be performed using NSLOOKUP?

Some of the different types of queries that can be performed using NSLOOKUP include:

  • A (Address) record queries, which return the IP address associated with a domain name
  • MX (Mail exchange) record queries, which return the mail servers for a domain
  • NS (Name server) record queries, which return the name servers for a domain
  • SOA (Start of Authority) record queries, which return information about the zone of authority for a domain
  • CNAME (Canonical name) record queries, which return the true hostname associated with a domain name

How can I switch between DNS server while using NSLOOKUP?

To switch between DNS servers while using NSLOOKUP, you can use the "server" command followed by the IP address or hostname of the server you want to use. For example, "server 8.8.8.8" would switch to using Google's public DNS server.

Is NSLOOKUP a built-in command in Windows and Linux?

Yes, NSLOOKUP is a built-in command in Windows and Linux.

footer banner