mag72

NSLOOKUP – Tutorial & How-To Check DNS Records, etc

nslookup how to troubleshoot and check dns records

Marc Wilson

There are many different good reasons why you would need to check DNS resource records. Maybe you need to test whether the updates on the DNS configuration took effect, or you could also be attempting to troubleshoot a problem related to access to a specific server.

The easiest and most efficient way to test and troubleshoot DNS is with the command-line utility, known as, Nslookup. With this tool, you can determine the name to IP address mappings, the mail server IP, the authoritative DNS server, and more.

In this post, you are going to learn how to use NSlookup to Check DNS Records and also to troubleshoot DNS issues.

What is DNS and How it Works?

Before jumping into Nslookup examples, it is critical to understand how DNS works. This knowledge will help you identify and solve DNS problems much faster.

DNS (Domain Name System) is probably one of the most important components on the Internet. Without DNS, the Internet wouldn’t be as user-friendly as it is. Without it, people would have to remember the IP addresses of all the websites and services they frequent.

DNS solves this issue, as it provides a system for recording and looking up names, much like a phonebook. The DNS Servers distributed across the Internet keep a directory of these names and translate them to their respective IP address.

So, How DNS Works Step-by-step?

The whole DNS lookup process is triggered, once you input a domain name such as google.com, or use an application that uses a name, it could be anything from web browsers, email, Active Directory, databases, P2P, multiplayer games, and more.

Your computer will likely don’t know where the google.com server is located, so it initiates a DNS  lookup.

DNS  lookup diagram

  1. The name of the webpage or service is initially looked on the computer’s internal cache. Applications such as webpages and Operating Systems have an internal DNS cache that is used to store DNS records information. The DNS cache helps improve load times.
  2. If the domain name (or hostname) is not found on the internal cache, the computer’s DNS service will send a query to the local DNS server (or a Recursive DNS resolver). The query would be something like, “What is the IP address of the Fully Qualified Domain Name (FQDN) google.com?”
  3. This first DNS query goes to the Recursive DNS server, which is usually geographically closer to where the DNS query was originated. The information for this server can be given via DHCP by local ISP or from the network, or by manually entering a public DNS server or local DNS server. The recursive DNS takes the name query and checks its local records obtained from authoritative DNS servers.
  4. If the recursive server is unable to find the DNS record in its cache, it will forward the query to the highest level of the DNS hierarchy, the root DNS. These root DNS servers have the DNS resources for the TLD nameserver, which in turn have information for the authoritative nameserver for that domain. Below is the DNS hierarchical tree.

DNS Hierarchical Tree

DNS Zone Files and Resource Record Types.

All the DNS mappings between domain names and IP addresses are contained within a DNS zone file. A DNS zone file is a simple text file with all the details of the DNS resource records.

The DNS resource record is configured at the DNS server, but understanding its contents is critical for troubleshooting DNS.

As you can see below in the DNS query response packet capture from the packet sniffer Wireshark, DNS provides more than just the IP to DNS mapping. It also contains information such as Record type, Class, Timestamp, and Time-to-Live.

DNS query response packet capture

A brief description of some of these fields:

  • Resource Record Type: There are many DNS record types, but the most common are, the A Record (hostname to IPv4 address), the AAAA Record (hostname to IPv6 address), PTR (Points IP to name), ALIAS (Auto-resolved alias), CNAME (Canonical name to an alias), MX (Mail eXchange to IP), SoA (Start of Authority), and NS (Name Server).
  • DNS Class: The class represents the protocol family, which in most cases, is (IN) for the Internet class.
  • TTL: Specifies how long a DNS resolver should cache the DNS query before it expires. TTL is in seconds.

Starting with Nslookup

When you cannot browse the Internet, send an email, or connect to a domain server, then you might have a DNS problem. A quick and easy way to troubleshoot DNS issues is through the nslookup command.

 

The nslookup is a built-in command-line tool available in most Operating Systems. It is used for querying the DNS and obtaining domain names, IP addresses, and DNS resource record information.

 

Before using this command, you need to be familiar with how DNS works. If you are not, please go back to the previous section.

Nslookup Command Syntax

To start with Nslookup in Windows OS, let’s see its command syntax:

nslookup [<-SubCommand …>] [{<computerTofind> | -<Server>}]

  • For more information on how to operate the command, open the Command Prompt (cmd) and type “nslookup”.
  • When you see the prompt “>” open the help menu by typing “?”.

nslookup

3. Check DNS Records with Nslookup.

To give you an idea of how to use Nslookup and find DNS records, let’s start with some common commands.

  1. Find the A record: These types of records are the most common. They map a domain name to an IP address.

nslookup-example

  1. Find the PTR record: The Pointer (PTR) record type is the reverse of the A record. It resolves an IP to a domain or hostname. Use this command in case you know the IP address, but don’t know the domain name.

nslookup ptr record

  1. Find the MX Records: This type of resource record will identify the IP address of the servers responsible for a specific Mail Exchange (MX) service.

The command is: nslookup -query=mx [domain]

nslookup -query=mx

  1. Find the SoA Record of a domain: The Start of Authority record contains administrative information about the zone transfers. This record shows the DNS server that contains the best (Authoritative) source of information for that specific domain. The output includes the primary name server, mail address, TTL, and more.

The command is: nslookup -type=soa [domain]

nslookup -type=soa

  1. Find the NS records: The Name Server (NS) resource record shows you the authoritative DNS server for that domain. This record shows the actual server that contains the original DNS records.

The command is: nslookup -type=ns [domain]

nslookup -type=ns

Note: The non-authoritative answer means that the query response was not fetched from the authoritative DNS but from some other server.

  1. Find all available records of a domain. To know all available records of a domain, including A, AAA, MX, NS, and more, use the following command:
    nslookup -type=any [domain]

nslookup -type=any

Troubleshooting DNS Issues

Failure in the Recursive DNS server or internal DNS cache doesn’t mean that you are suddenly cut off from the entire Internet. But a crash on the local DNS used for services such as Authentication or Active Directory can leave the whole company without access to critical services.

Additionally, a failure from a root DNS, TLD, authoritative DNS, is serious trouble for the entire Internet. But fortunately, as an end-user, you wouldn’t have to worry about solving that!

1. Isolate the problem

The first step into troubleshooting a DNS issue is to start from the client itself.

Which application is not working? Is it only email? Or web browsing? Is it access to all the Internet?

To isolate the problem from internal cache issues, software problems, or connectivity problems, try using other applications and workstations.

For example, try browsing with other web browsers. If Chrome is not working, but Mozilla does, then you might only need to clear the registries such as cookies, history, cache images, URLs, etc.

To clean the Chrome DNS cache, go to Chrome and type:

Go to “chrome://net-internals/#dns” and click on “Clear host cache

Clear host cache

To make sure that you have connectivity to the Internet, you can perform a ping to an IP address. Pinging an IP address directly will bypass the DNS lookup process. If you have a response, that means there is an Internet connection, if you don’t, then something is wrong with your connection, and is probably not related to DNS.

ping command

If you do have a response from an IP address but not from a name, then the problem must be related to DNS.

2. Verify and Change your Recursive DNS Server

As mentioned before, the local recursive DNS server configured in your client might have come with a DHCP response or manually entered by an administrator. Let’s make sure that you are able to reach the server.

  1. Open the “Command Prompt” and type “ipconfig /all”.
  2. Find the IP address of the DNS and ping it.
  3. If you were able to reach the DNS server through a ping, then that means that the server is alive. Try performing simple nslookup commands. If you are still unable to resolve names, then that must be a problem with the recursive DNS server.
  4. Test alternative DNS servers. Fortunately, you don’t have to use a specific DNS server given by your local ISP or internal network. If web browsing is the issue, then you can test other DNS servers available for free. Some most popular DNS servers are:
  • Google DNS: 8.8.8.8 and 8.8.4.4
  • Cloudflare: 1.1.1 and 1.0.0.1
  • Open DNS: 67.222.222 and 208.67.220.220

To change the DNS server use the following command:

nslookup > server [DNS-Server-IP]

nslookup

  1. Test the new server with a query.
  2. If your DNS server is an authoritative DNS or a local DNS providing services like Active Directory, then you might need to check the DNS server itself. Checking Active Directory services, zone files, zone transfers, or other DNS configuration parameters, is out of the scope for this tutorial.

3. Renew IP information and flush DNS cache

Renewing your IP information will release and request new information from the DHCP, which includes DNS information.

 

  • Open the Command Prompt with administrator rights, and type the commands:
    ipconfig /release
    ipconfig /renew
  • Now let’s clear the cache and reload information from the DNS server with the commands:
    ipconfig /flushdns

ipconfig-flush

4. Resolve a name from the Authoritative DNS Server

If the internal DNS server is resolving some names but not specific ones, try resolving a name from the authoritative DNS server itself.

  • First find the server with the command:
    nslookup -type=soa [domain]
  • Then resolve from that server with:
    nslookup [domain] [server]

nslookup-soa

3.3 Other Solutions

If none of the solutions above worked for you, try the following alternatives:

  • Reboot your local router. Performing an administrative or power-cycle reboot to your local router might renew routes towards a DNS server, or load new DHCP information.
  • Turn off any filters like VPNs or Proxies. These services filter your Internet connection, including the DNS lookup requests.
  • Scan your computer for viruses. Viruses and Malware can redirect traffic from your web browser. Scan your computer and make sure it is free from Malware.

Final Words

Before you start attempting to troubleshoot DNS issues with nslookup, you must understand the realms of DNS. Knowing how DNS works, what happens during the DNS lookup process, and knowing about its resource types, should give you a solid foundation for troubleshooting with nslookup.

Nslookup is free, easy to use, and you can find it in all Operating systems, as long as they have TCP/IP protocol installed.