How to Use Nslookup Command with Examples

The Nslookup (which stands for name server lookup) is a basic, yet popular, networking command-line utility used to query a DNS server for resource records for a domain. This tool is often used for troubleshooting DNS or name resolution issues. With nslookup, a query can be sent to a specific DNS server, or the list of DNS servers in the IP settings can be used. Nslookup can also be used to query several different types of DNS records.

These commands shown here are tested on Windows 10 but most will work in other versions of Windows as well.

Table of Content

How to Open Command Prompt

To use this utility, you will need to launch the Command Prompt window. The three common ways to launch the Command Prompt window are:

  1. Search for cmd using the built-in Windows search tool.
  2. Right-click on the Start icon and select Command Prompt.



  3. Press the keyboard combination WinKey + R, then type cmd at the Run window that appears.

    Run cmd

Overview

Interactive vs Non-Interactive Mode

The nslookup utility can be used in one of two modes: interactive and non-interactive. In interactive mode, you are able to query for information about a website or a server, and to also print a list of hosts on a domain. To go into interactive mode, type nslookup at the command window then press Enter.

In the screenshot example below, you can tell you are in interactive mode by looking at style of the prompt.

nslookup - interactive mode

To get help on available switches, type help then press Enter.

To exit interactive mode, simply type exit then press Enter.

With non-interactive mode, you would typically use this when you only need to execute a single lookup.

Authoritative vs Non-Authoritative Response

In the output of nslookup, you will often notice the statement "non-authoritiative answer" (as illustrative below) as part of the lookup result. This is to tell you know that the results was provided by a server that is not the authoritative (primary) source. Typically, this means the result was provided by a server (such as your Internet service provider) that held a cached copy of the DNS record. This is important because the DNS record may have been changed recently and the cached copy may not reflect the most up-to-date information.

nslookup - non-authoritative answer

An authoritative answer is when the DNS server hosting the primary copy of the DNS record responses to your lookup. See the example below on how to get an authoritative response.

The reason why the primary authoritative server isn't involved in responding to all nslookup queries is to reduce server load. By maintaining cached copy of DNS records on secondary servers (which is updated from the primary server at a defined interval), query response time is minimized and the primary server isn't inundated with queries.

How to Find the A Record (IP Address) of a Domain or Server

The simpliest function of Nslookup, and also commonly used, is to query for the IP address of a remote host. The host can be a website, an email server, or other servers that you can lookup with a hostname. As an example, to obtain the IP address for the website www.meridianoutpost.com, type the following in the command window then press Enter: nslookup www.meridianoutpost.com

In the screenshot example below, the lookup identifies 72.47.244.140 as the IP address for the website www.meridianoutpost.com.

nslookup - get ip address

If the screenshot example below, the lookup identifies multiple IP addresses for mail server smtp.yahoo.com.

nslookup

How to Find the NS Record for a Domain

The NS record of a domain is a map to all name servers that are authoritative for that domain. You can query for the NS records using the switch -type=ns. For example, to obtain the NS record for the website www.meridianoutpost.com, type the following in the command window then press Enter: nslookup -type=ns meridianoutpost.com

If the example below, the lookup identifies ns1.mediatemple.net and ns2.mediatemple.net as the two name servers for the domain meridianoutpost.com.

nslookup - type NS

How to Find the MX Records (Email Servers) for a Domain

To check the MX records (email servers) for a domain, use the -type=ns switch. For example, to find out the email server for the domain meridianoutpost.com, type the following in the command window then press Enter: nslookup -type=mx meridianoutpost.com

If the screenshot below, the lookup identifies mail.meridianoutpost.com as the email server for the domain meridianoutpost.com.

nslookup - mx lookup

How to Perform a Reverse DNS Lookup

A reverse DNS lookup with querying for a server name based on an IP address you provide. For example, to identify the server name for the IP address 98.139.253.105, type the following in the command window then press Enter: nslookup 98.139.253.105.

As the screenshot below shows, the nslookup returns the server name of mrout2-b.corp.bf1.yahoo.com for the IP address 98.139.253.105.

NSLookup - Reverse Query

How to Find the SOA Record of a Domain

To query for the SOA (Start of Authority) record for a domain, such as www.google.com, type the following in the command window then press Enter: nslookup -type=soa www.google.com. The SOA record is a special resource record that contains administrative details for a particular DNS zone such as the domain name administrator's contact information and synchronization parameters for other DNS servers.

NSlookup - SOA

How to Find an Authoritative Response

Typically, most of the responses to your nslookup queries are going to be non-authoritative. Meaning the response is from a cached copy from a third-party and not from the primary DNS server holding the master copy. For troubleshooting purposes, it's important to realize that a cached copy may not contain the most up-to-date information.

To get an authoritative answer, you will need to specify the authoritative name server as part of your request. To do this, include the -type=soa switch and nslookup will respond back with the name of the authoritative name server. For example, to find out the authoritative name server for yahoo.com, type the following in the command window then press Enter:

nslookup -type=soa yahoo.com

nslookup - soa

As highlighted in the illustration above, the name server for yahoo.com is ns1.yahoo.com. With this information, we can now perform nslookup queries and specify this name server to get authoritative responses. For example, to get an authoritative response to the smtp.yahoo.com we used in an example above, type the following in the command window then press Enter:

nslookup smtp.yahoo.com ns1.yahoo.com

nslookup - authoritative response

As the illustration above shows, the result does not state this is a non-authoritative response - as was the case when we performed the same nslookup in a previous example.

Common Error Messages

Connection Refused or Network is Unreachable - The connection to the DNS name server or finger server could not be made. This error commonly occurs with ls and finger requests.

Format Error - The DNS name server found that the request packet was not in the proper format. It may indicate an error in nslookup.

No Records - The DNS name server does not have resource records of the current query type for the computer, although the computer name is valid. The query type is specified with the set querytype command.

No Response From Server - No DNS name server is running on the server computer.

Non-Existent Domain - The computer or domain name does not exist. Check to make sure your spelling is correct.

Refused - The DNS name server refused to service the request.

Server Failure - The DNS name server found an internal inconsistency in its database and could not return a valid answer.

Timed Out - The server did not respond to a request after a certain amount of time and a certain number of retries. You can set the time-out period with the set timeout subcommand. You can set the number of retries with the set retry subcommand.

Tips

Redirect Output to Text File

  • Instead of displaying the results on the screen, you can have the results saved automatically to a text file on your computer. To do this, simply use the ">" symbol followed by the folder path and file name of your choice. For example, to redirect the output of nslookup www.meridianoutpost.com, type the following in the command window then press Enter:

    nslookup www.meridianoutpost.com > c:\temp\nslookup-results.txt

    This will create a file named nslookup-results.txt in the folder path c:\temp that will have your result. You can then open this file with any text editor, such as Notepad on a Windows computer, as illustrated below.

    nslookup redirected output

Recommended Reading


Improve confidence and job performance

Improve productivity and efficiency

Learn more,
earn more

Life-long
investment
To learn more about this topic, we are providing you with recommendations to help you further your knowledge. These are our affiliate links to Amazon where you can purchase them and also explore a variety of other relevant books.

Summary

The nslookup utility can provide a wealth of information for troubleshooting DNS issues.While not a common tool used for most troubleshooting calls, it is a useful utility to use when transferring a domain from one hosting provider to another or when configuring the DNS record for a new domain name.


Suggestion

Windows Command Line Administration Instant Reference



Buy from Amazon

Suggestion

Microsoft Windows Command-Line Administrator's Pocket Consultant



Buy from Amazon

Suggestion

Windows PowerShell Cookbook: The Complete Guide to Scripting Microsoft's Command Shell



Buy from Amazon