The Nslookup (which stands for name server lookup) is a basic, yet popular, networking command-line utility used to query a DNS server for resource records for a domain. This tool is often used for troubleshooting DNS or name resolution issues. With nslookup, a query can be sent to a specific DNS server, or the list of DNS servers in the IP settings can be used. Nslookup can also be used to query several different types of DNS records.
These commands shown here are tested on Windows 10 but most will work in other versions of Windows as well.
To use this utility, you will need to launch the Command Prompt window. The three common ways to launch the Command Prompt window are:
cmdusing the built-in Windows search tool.
cmdat the Run window that appears.
The nslookup utility can be used in one of two modes: interactive and non-interactive. In interactive mode, you are able to query for information about a website or a server, and to also print a list of hosts on a domain. To go into interactive mode, type
nslookup at the command window then press Enter.
In the screenshot example below, you can tell you are in interactive mode by looking at style of the prompt.
To get help on available switches, type
help then press Enter.
To exit interactive mode, simply type
exit then press Enter.
With non-interactive mode, you would typically use this when you only need to execute a single lookup.
In the output of nslookup, you will often notice the statement "non-authoritiative answer" (as illustrative below) as part of the lookup result. This is to tell you know that the results was provided by a server that is not the authoritative (primary) source. Typically, this means the result was provided by a server (such as your Internet service provider) that held a cached copy of the DNS record. This is important because the DNS record may have been changed recently and the cached copy may not reflect the most up-to-date information.
An authoritative answer is when the DNS server hosting the primary copy of the DNS record responses to your lookup. See the example below on how to get an authoritative response.
The reason why the primary authoritative server isn't involved in responding to all nslookup queries is to reduce server load. By maintaining cached copy of DNS records on secondary servers (which is updated from the primary server at a defined interval), query response time is minimized and the primary server isn't inundated with queries.Back to Top
The simpliest function of Nslookup, and also commonly used, is to query for the IP address of a remote host. The host can be a website, an email server, or other servers that you can lookup with a hostname. As an example, to obtain the IP address for the website www.meridianoutpost.com, type the following in the command window then press Enter:
In the screenshot example below, the lookup identifies 220.127.116.11 as the IP address for the website www.meridianoutpost.com.
If the screenshot example below, the lookup identifies multiple IP addresses for mail server smtp.yahoo.com.
Back to Top
The NS record of a domain is a map to all name servers that are authoritative for that domain. You can query for the NS records using the switch
-type=ns. For example, to obtain the NS record for the website www.meridianoutpost.com, type the following in the command window then press Enter:
nslookup -type=ns meridianoutpost.com
If the example below, the lookup identifies ns1.mediatemple.net and ns2.mediatemple.net as the two name servers for the domain meridianoutpost.com.
To check the MX records (email servers) for a domain, use the
-type=ns switch. For example, to find out the email server for the domain meridianoutpost.com, type the following in the command window then press Enter:
nslookup -type=mx meridianoutpost.com
If the screenshot below, the lookup identifies mail.meridianoutpost.com as the email server for the domain meridianoutpost.com.
Back to Top
A reverse DNS lookup with querying for a server name based on an IP address you provide. For example, to identify the server name for the IP address 18.104.22.168, type the following in the command window then press Enter:
As the screenshot below shows, the nslookup returns the server name of mrout2-b.corp.bf1.yahoo.com for the IP address 22.214.171.124.
Back to Top
To query for the SOA (Start of Authority) record for a domain, such as www.google.com, type the following in the command window then press Enter:
nslookup -type=soa www.google.com. The SOA record is a special resource record that contains administrative details for a particular DNS zone such as the domain name administrator's contact information and synchronization parameters for other DNS servers.
Back to Top
Typically, most of the responses to your nslookup queries are going to be non-authoritative. Meaning the response is from a cached copy from a third-party and not from the primary DNS server holding the master copy. For troubleshooting purposes, it's important to realize that a cached copy may not contain the most up-to-date information.
To get an authoritative answer, you will need to specify the authoritative name server as part of your request. To do this, include the
-type=soa switch and nslookup will respond back with the name of the authoritative name server. For example, to find out the authoritative name server for yahoo.com, type the following in the command window then press Enter:
nslookup -type=soa yahoo.com
As highlighted in the illustration above, the name server for yahoo.com is ns1.yahoo.com. With this information, we can now perform nslookup queries and specify this name server to get authoritative responses. For example, to get an authoritative response to the smtp.yahoo.com we used in an example above, type the following in the command window then press Enter:
nslookup smtp.yahoo.com ns1.yahoo.com
As the illustration above shows, the result does not state this is a non-authoritative response - as was the case when we performed the same nslookup in a previous example.Back to Top
Connection Refused or Network is Unreachable - The connection to the DNS name server or finger server could not be made. This error commonly occurs with ls and finger requests.
Format Error - The DNS name server found that the request packet was not in the proper format. It may indicate an error in nslookup.
No Records - The DNS name server does not have resource records of the current query type for the computer, although the computer name is valid. The query type is specified with the set querytype command.
No Response From Server - No DNS name server is running on the server computer.
Non-Existent Domain - The computer or domain name does not exist. Check to make sure your spelling is correct.
Refused - The DNS name server refused to service the request.
Server Failure - The DNS name server found an internal inconsistency in its database and could not return a valid answer.
Timed Out - The server did not respond to a request after a certain amount of time and a certain number of retries. You can set the time-out period with the set timeout subcommand. You can set the number of retries with the set retry subcommand.Back to Top
This will create a file named nslookup-results.txt in the folder path c:\temp that will have your result. You can then open this file with any text editor, such as Notepad on a Windows computer, as illustrated below.
nslookup www.meridianoutpost.com > c:\temp\nslookup-results.txt
An investment in knowledge always pays the best interest.
The nslookup utility can provide a wealth of information for troubleshooting DNS issues.While not a common tool used for most troubleshooting calls, it is a useful utility to use when transferring a domain from one hosting provider to another or when configuring the DNS record for a new domain name.Back to Top