Nslookup Windows Command

Nslookup is an administrator tool used to test and troubleshoot the Domain Name System (DNS). Nslookup is available for Windows, Linux and there are even websites that have setup Nslookup to run from a browser. This article focuses on using Nslookup for windows. I will first go over the basics and how Nslookup works then at the end of this article you will find examples and syntax of the command.

Domain Name Server (DNS) (A brief overview)
DNS translates domain names into IP addresses. The DNS protocol has been around a long time and has evolved into a stable and reliable protocol. When it comes to dealing with computers and all its connected components there is something that will occasionally have problems including DNS. Some of these DNS problems could be a drop in connectivity, a bad or invalid DNS record, duplicate DNS entries, a missing DNS record, or a number of other issues. When you run into these types of issues you will often need to gather more information and track down the root cause of the issue. That is when you would use the Nslookup command.

Nslookup Windows DNS Diagnostic Tool
Nslookup is built into windows and is accessed from the command prompt. The command has some pretty extensive syntax and can be a little confusing at first but after you understand how it operates it’s a simple and a very effective troubleshooting tool. Nslookup can run in two modes interactive and noninteractive. NonInteractive mode is used if you need to look up a single piece of information. So if you just need to lookup information for one IP address or computer you would use Noninteractive mode. By using interactive mode you can specify multiple IP addresses or computer names to query.

Getting started with Nslookup
To start off open a command prompt, start -> run -> CMD and hit enter. This will get you to the command prompt, from here all you need to do is type Nslookup and hit enter. This will put you into the Nslookup command and will return below (server and IP address will be different).

C:\>nslookup
Default Server:  internalserver.local
Address:  172.17.2.10
>

An important piece to know is that by default Nslookup will use the local DNS server to query for information. In the above example the default server is on my local private network. This can be changed and I give an example of this in the examples section. So now that you have started Nslookup all you have to do is type in an IP address or hostname to query for DNS information.

Non -authoritative answer
You will often see a Non authoritative answer returned for the DNS query so I thought it would be good to explain what this means. What this means is that the server that provided the DNS information does not actually hold the domain name record, it has just cached the DNS information. The record for the domain is located somewhere else in the DNS hierarchy.

Nslookup Examples

Example 1
In this first example I will do a simple DNS query for the domain ActiveDirectoryTools.net

C:\>nslookup
Default Server:  internalserver.local
Address:  172.17.2.10

> activedirectorytools.net
Default Server:  internalserver.local
Address:  172.17.2.10

Non-authoritative answer:
Name:    activedirectorytools.net
Address:  174.120.171.186
>

In the above example I typed nslookup hit enter then typed activedirectorytools.net and hit enter. This returned the IP address for the domain. Pretty simple stuff!

Example 2
In this example instead of having Nslookup use our default internal DNS server, I will change it and specify an external DNS server to use.

C:\>nslookup
Default Server:  internalserver.local
Address:  172.17.2.10

> server 66.119.2.46
Default Server:  someserver.test.com
Address:  66.119.2.46
Aliases:  46.2.119.66.in-addr.arpa
>

The above example you can see all I did to change the default server was type server and then the IP address of the DNS sever to use. Now when I type an address or hostname to query it will use this new DNS server that I specified.

Example 3
In this last example I will specify what type of DNS record I want to query for. I will be searching for the MX record.

C:\>nslookup
Default Server:  internalserver.local
Address:  172.17.2.10

> set query=mx
> 85under.com

Default Server:  internalserver.local
Address:  172.17.2.10

Non-authoritative answer:
85under.com     MX preference = 10, mail exchanger = spam.pcnetinc.com

spam.pcnetinc.com       internet address = 66.119.6.36
>

In the above example I entered Nslookup then typed set query=mx to specify the type of DNS record I want to. I then typed the domain name I wanted to query for. As you can see from the output it found that the server spam.pcnetinc.com holds the MX record for the domain 85under.com

Summary
As you can see, Nslookup is an easy to use tool to troubleshoot DNS issues, or to gather information on DNS for an IP or hostname.  I only gave a few examples of the Nslookup command it has a rich syntax with a large command set.  To see syntax and parameters see below, you can also type Nslookup /? To view the command set.

Nslookup Syntax
The basic syntax for the command in Windows operating systems is:

nslookup [ -SubCommand ...] [computer-to-find | - server]]

Options you can use with this command are:

Computer-to-find: Specifies the name of the computer whose name you want to look up.
Server: Specifies a DNS name server other than the default server configured on the client

Nslookup Parameters

-SubCommand: Specifies one or more nslookup subcommands as a command-line option. For a list of subcommands, see Related Topics.
-ComputerToFind : Looks up information for ComputerToFind using the current default DNS name server, if no other server is specified. To look up a computer not in the current DNS domain, append a period to the name.

-Server : Specifies to use this server as the DNS name server. If you omit -Server, the default DNS name server is used.

{help|?} : Displays a short summary of nslookup subcommands.