Using Nslookup in Windows to List DNS Servers and Records

1.6K

Nslookup (name server lookup) is a command-line tool that is used to diagnose and validate DNS servers and records, and to find name resolution problems in the DNS subsystem. The nslookup tool was originally developed as a part of the BIND package and ported to Windows by Microsoft. Nslookup is currently a built-in tool in all supported versions of Windows.

What is Domain Name System (DNS)?

DNS is like the “phone book” of the Internet that translates the friendly names we type into the underlying IP addresses assigned to the web or other servers we connect to. A local DNS server generally translates local web servers on a LAN into the IP addresses needed for internal DNS names while public DNS servers resolve public resources.

How to Use Nslookup to Check DNS Records?

Using the nslookup command line tool utility, you can determine the IP address of any server by its DNS name, perform the reverse DNS lookup, and get information about the various DNS records for a specific domain name.

When running, Nslookup sends queries to the DNS server that is specified in your network adapter settings. This address is considered the default (preferred) DNS server. If the preferred server is not responding, nslookup will not switch to an alternate DNS server. The user can specify the address of any other available DNS server. As a result, all subsequent DNS requests will be sent to it.

You can view or change your preferred and alternative DNS server IP addresses in the network connection properties.

Or you can get your DNS server setting from the CLI prompt using the ipconfig command:

ipconfig /all

You can use the nslookup tool in interactive or non-interactive mode.

To run a DNS query using the nslookup tool in non-interactive mode, open a Command prompt, and run the command below for basic nslookup syntax:

Nslookup theitbros.com

In this example, we requested the IP address of theitbros.com domain. The nslookup utility queries the DNS server (it is specified in the Server line) and it returned that this name matches the IP address 37.1.214.145 (A and AAAA records are shown by default).

This response indicates that your DNS server is available, works properly, and processes requests for resolving DNS names.

If you received such an answer:

Server: dns1.contoso.com

Address: хх.хх.хх.хх

*** dns1.contoso.com can’t find theitbros.com: Non-existent domain

This means that no entries were found for this domain name on the DNS server.

If your DNS server is unavailable or not responding, you will receive a DNS request timed out error.

In this case, check if you have specified the correct DNS server address and whether there is a problem with the network connection from the IS provider.

Hint. Make sure your DNS server is available on port 53 UDP and TCP and this port is not blocked by a firewall.

The Non-authoritative answer means that the DNS server that executed the request is not the owner of the theitbros.com zone (there are no records about this domain in its database) and to perform name resolution a recursive query to another DNS server was used.

You can enable and disable the recursive nslookup mode using the commands (by default, recursive DNS queries are enabled):

set recurse

set norecurse

You can access an authoritative DNS server by specifying its address directly in the parameters of the nslookup utility. For example, to resolve a name on the authoritative DNS server (that contains this domain) use the command:

Nslookup theitbros.com ns1.theitbros.com

When you run nslookup without parameters, the utility switches to the interactive mode. In this mode, you can execute various commands. A complete list of available internal commands of the nslookup utility can be displayed by typing a question.

Tip. Note that nslookup commands are case-sensitive.

To close the interactive nslookup session, type exit and press Enter.

To find the DNS servers that are responsible for a specific domain (Name Server authoritative servers), run the following commands:

set query=ns

theitbros.com

You can perform reverse lookups (get DNS name by IP address). Just type the IP address in the nslookup interactive prompt and press Enter.

Using Nslookup to Get Different DNS Record Types

The default nslookup resource records type is A and AAAA, but you can use different types of resource records:

• A
• ANY
• CNAME
• GID
• HINFO:
• MB
• MG
• MINF
• MR
• MX
• NS
• PTR
• SOA
• TXT
• UID
• UINFO
• WKS

You can set specific record types to lookup using the nslookup parameter:

-type=<record_type>

For example, to list all mail servers configured for a specific domain (MX, Mail eXchange records), run the command:

nslookup -type=mx theitbros.com

Non-authoritative answer:

theitbros.com   MX preference = 10, mail exchanger = mail.theitbros.com

theitbros.com   MX preference = 20, mail exchanger = mail.theitbros.com

mail.theitbros.com      internet address = 37.1.214.145

mail.theitbros.com      internet address = 37.1.214.145

As you can see, this domain has 2 MX records with priorities 10 and 20 (the lower the number, the higher the priority of the MX address). If you don’t see MX records, they probably just aren’t configured for that domain.

To list all DNS records in the domain zone, run the command:

nslookup -type=any theitbros.com

Non-authoritative answer:

theitbros.com   internet address = 37.1.214.145

theitbros.com   nameserver = ns2.theitbros.com

theitbros.com   nameserver = ns1.theitbros.com

theitbros.com   MX preference = 10, mail exchanger = mail.theitbros.com

theitbros.com   MX preference = 20, mail exchanger = mail.theitbros.com

ns2.theitbros.com       internet address = 74.80.224.189

ns1.theitbros.com       internet address = 37.1.214.145

mail.theitbros.com      internet address = 37.1.214.145

mail.theitbros.com      internet address = 37.1.214.145

To get the SOA record (Start of Authority — start DNS zone record, which contains information about the domain zone, its administrator’s address, serial number, etc.), use the option -type=soa:

nslookup -type=soa theitbros.com

theitbros.com

primary name server = pdns1.registrar-servers.com

responsible mail addr = hostmaster.registrar-servers.com

serial = 1601449549

refresh = 43200 (12 hours)

retry = 3600 (1 hour)

expire = 604800 (7 days)

default TTL = 3601 (1 hour 1 sec)

pdns1.registrar-servers.com internet address = 156.154.130.200

pdns1.registrar-servers.com AAAA IPv6 address = 2610:a1:1022::200

• primary name server;
• responsible mail addr — domain administrator email address (hostmaster@registrar-servers.com). Since the @ symbol in the zone description has its own meaning, it is replaced by a dot in this field);
• serial — the serial number of the zone file, used to record changes. The following format is usually used: YYYYMMDDHH;
• refresh — the period of time (in seconds) after which the secondary DNS server will send a request to the primary one to check if the serial number has changed;
• retry — specifies the interval for reconnecting to the primary DNS server if for some reason it was unable to respond to the request;
• expire — specifies how long the DNS cache is kept by the secondary DNS server, after which it will be considered expired;
• default TTL — “Time to Live” seconds. Refers to how long your DNS settings must be cached before they are automatically refreshed;
• minimum — specifies the time for which the secondary DNS should cache the zone file.

If you want to list the TXT records of a domain (for example, when viewing SPF settings), run the command:

nslookup -type=TXT theitbros.com

The debug option allows you to get additional information contained in the headers of client DNS requests and server responses (lifetime, flags, record types, etc.):

set debug

You can view the current values for all specified nslookup options with the command:

> set all

Default Server: ns1.theitbros.com

Address: 192.168.1.11

Set options:

nodebug

defname

search

recurse

nod2

novc

noignoretc

port=53

type=A+AAAA

class=IN

timeout=2

retry=1

root=A.ROOT-SERVERS.NET.

domain=xxx

MSxfr

IXFRversion=1

srchlist=xxx

By default, DNS servers listen on UDP port 53, but you can specify a different port number if necessary using the -port option:

nslookup port 56 theitbros.com

or interactively:

set port = 56

You can change the interval to wait for a response from the DNS server. This is usually necessary on slow or unstable network links. By default, if no response comes within 5 seconds, the request is repeated, increasing the waiting time by 2x. But you can manually set this value in seconds using the -timeout option:

nslookup -timeout=10 theitbros.com

Most Commonly Used Nslookup Command Examples

Get an IP address of the host/domain (A record):

nslookup theitbros.com

Get and IPv6 address for a host/domain:

nslookup -type=AAAA mx.theitbros.com

List domain MX records:

nslookup -query=mx theitbros.com

Query NS records (list of DNS servers authoritative of the domain):

nslookup -type=ns theitbros.com

Get the SOA record for the domain:

nslookup -type=soa theitbros.com

List all the available DNS records for the specific domain:

nslookup -type=any theitbros.com

Reverse DNS lookup (get the DNS record by an IP address):

nslookup 35.209.36.0

Query a specific DNS server instead of the default one (preferred DNS):

nslookup theitbros.com ns1.siteground.net

Check for a PTR record:

nslookup -type=ptr 0.36.209.35.in-addr.arpa

Query DNS server using the debug mode of the nslookup:

nslookup -debug theitbros.com

Change the default timeout interval for a reply:

nslookup -timeout=20 theitbros.com

Common Nslookup Errors

In this section, we list common errors that the nslookup tool may return:

• DNS request timed out — the server doesn’t respond to the request, after some time (timeout), and a certain number of request attempts. You can set the request timeout using the set timeout subcommand. You can set the number of retry requests using the set retry.
• Non-existent domain — domain/host name does not exist;
• No response from the server — DNS server not responding to nslookup requests;
• No records — there are no records on the DNS server for your query;
• Connection refused/ Network is unreachable — connection to DNS server not established;
• Server failure — the DNS server has encountered an internal error in its database and cannot provide a correct answer;
• Refused — the DNS server dropped the connection.

Frequently Asked Questions

1. How can I leverage nslookup in DNS troubleshooting?

nslookup is an invaluable tool for diagnosing DNS issues. It allows you to verify DNS server responses, confirm domain record details, and troubleshoot resolution problems, providing a clear path to resolving network snags.

2. Why is DNS likened to the “phone book” of the Internet?

DNS essentially functions as the Internet’s directory. Just like a phone book matches people’s names to their phone numbers, DNS matches domain names (like www.example.com) to IP addresses, making web navigation user-friendly and efficient.

3. How does nslookup interact with my network adapter settings?

When running, nslookup sends queries to the DNS server specified in your network adapter settings, this server is considered your default (preferred) DNS server. Understanding this interaction can help in adjusting settings for optimal network performance.

4. What’s the significance of the ‘Non-authoritative answer’ I see when using nslookup?

A ‘Non-authoritative answer’ means the DNS server executing the request is not the owner of the queried domain and has performed recursive query to another DNS server. It’s a key point in understanding the path your query took to get resolved.

5. What does the ‘-type’ parameter do in nslookup commands?

The ‘-type’ parameter in nslookup commands helps you specify and query different types of DNS records like A, MX, SOA, and more. This parameter broadens the utility of nslookup, providing detailed insights into different aspects of DNS.

6. What does the term ‘reverse lookup’ mean in DNS context?

A reverse lookup refers to getting the domain name by entering the IP address. This nslookup function assists in identifying the source of traffic or attacks and is a critical tool in network forensics.

7. What are some common errors I might encounter when using nslookup?

While using nslookup, you might encounter errors such as ‘DNS request timed out’, ‘Non-existent domain’, or ‘No response from the server’. Understanding these errors can help diagnose network or server issues efficiently.

Wrapping up

Understanding and effectively using nslookup in Windows can be a game-changer for network troubleshooting. This powerful tool, embedded right within your operating system, provides a valuable insight into the world of DNS servers and records. Whether it’s a simple task of checking the IP address of a domain or a complex investigation of DNS records, nslookup is an excellent tool.

In this guide, we’ve explored the multifaceted functionality of nslookup – from basic syntax to complex commands, from querying different record types to handling common errors. We’ve also looked at how nslookup can help diagnose and resolve DNS issues, boosting the reliability and performance of your network. By effectively troubleshooting DNS issues with nslookup, you will be able to eliminate one of the most common problems behind many client connectivity issues.