C:\>nslookup
Default Server: ns1chn.vsnl.com
Address: 202.54.6.60

> ?
Commands: (identifiers are shown in uppercase, [] means optional)
NAME - print info about the host/domain NAME using default server
NAME1 NAME2 - as above, but use NAME2 as server
help or ? - print info on common commands
set OPTION - set an option
all - print options, current server and host
[no]debug - print debugging information
[no]d2 - print exhaustive debugging information
[no]defname - append domain name to each query
[no]recurse - ask for recursive answer to query
[no]search - use domain search list
[no]vc - always use a virtual circuit
domain=NAME - set default domain name to NAME
srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc.
root=NAME - set root server to NAME
retry=X - set number of retries to X
timeout=X - set initial time-out interval to X seconds
type=X - set query type (ex. A,ANY,CNAME,MX,NS,PTR,SOA,SRV)
querytype=X - same as type
class=X - set query class (ex. IN (Internet), ANY)
[no]msxfr - use MS fast zone transfer
ixfrver=X - current version to use in IXFR transfer request
server NAME - set default server to NAME, using current default server
lserver NAME - set default server to NAME, using initial server
finger [USER] - finger the optional NAME at the current default host
root - set current default server to the root
ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE)
-a - list canonical names and aliases
-d - list all records
-t TYPE - list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.)
view FILE - sort an 'ls' output file and view it with pg
exit - exit the program

Set All


command will display the current configuration settings; you can always change the settings using the same set command, but this setting only for the current session, this will change to default settings while to exit the command

> set all
Default Server: ns1chn.vsnl.com
Address: 202.54.6.60

Set options:
nodebug
defname
search
recurse
nod2
novc
noignoretc
port=53
type=A
class=IN
timeout=2
retry=1
root=A.ROOT-SERVERS.NET.
domain=
MSxfr
IXFRversion=1
srchlist=

Set type


To change the query type user the below command, by default type=A, this will only query the host record (A record) to query for the mail exchanger data, type the following:

> set type=mx
> google.com
Server: ns1chn.vsnl.com
Address: 202.54.6.60

Non-authoritative answer:
google.com MX preference = 10, mail exchanger = smtp4.google.com
google.com MX preference = 10, mail exchanger = smtp1.google.com
google.com MX preference = 10, mail exchanger = smtp2.google.com
google.com MX preference = 10, mail exchanger = smtp3.google.com

In this way you can use the different query type (A, ANY, CNAME, MX, NS, PTR, SOA, SRV).

any - displays all the records for that domain.
cname - CName (Canonical Name) is used for nicknames or aliases, it is used to redirect web address to another
mx - Mail eXchange (MX). Used to define which domain handles the email
ns - Look up the Name servers for this record
ptr - A record that points an IP address to a single name, unlike a name which can be associated with many IP addresses
soa - Start Of Authority
srv - Resource records

The first time a query is made for a remote name, the answer is authoritative, but subsequent queries are nonauthoritative. The first time a remote host is queried, the local DNS server contacts the DNS server that is authoritative for that domain. The local DNS server will then cache that information, so that subsequent queries are answered nonauthoritatively out of the local server's cache.

Set debug


Using this option you can turn on or off the debug display, nothing but the detailed lookup result, by default this option disabled (set nodebug) you can use the below command turn on the debug mode

> set debug
> google.com
Server: ns1chn.vsnl.com
Address: 202.54.6.60

------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 3, authority records = 4, additional = 4

QUESTIONS:
google.com, type = A, class = IN
ANSWERS:
-> google.com
internet address = 74.125.67.100
ttl = 235 (3 mins 55 secs)

AUTHORITY RECORDS:
-> google.com
nameserver = ns1.google.com
ttl = 170814 (1 day 23 hours 26 mins 54 secs)

ADDITIONAL RECORDS:
-> ns1.google.com
internet address = 216.239.32.10
ttl = 302197 (3 days 11 hours 56 mins 37 secs)
------------
Non-authoritative answer:
Name: google.com
Addresses: 74.125.67.100, 74.125.127.100, 74.125.45.100



We have querying “google.com, type = A, class = IN”

Normal query Nslookup will return only the IP address of google.com, in debug mode it will provide corresponding name server records and authority records which resolve to the IP addresses (Additional records)

So we came to know from where the host (google.com) getting resolved, able to find the corresponding IP address as well as holding DNS server (ns1.google.com)

Set d2

Using this Option you can turn on or off the EXHAUSTIVE debug display. Retrieves the complete dump of what is sent and received via the DNS requests

Set norecurse

Before this you should know about Iterative(norecurse) and Recursive(recurse) Queries.
Please check the below link for more info:

DNS Query Types

This will display other domain name servers to query, if the default name server does not have the information.

Turn off recursion and then try to look up a name that is not cached locally. since our default name server does not have the entry, this will display other name servers that might know the answer


> set norecurse
> iit.co.in
Server: ns1chn.vsnl.com
Address: 202.54.6.60

Name: iit.co.in
Served by:
- b0.cctld.afilias-nst.org
199.254.60.1
co.in
- a0.cctld.afilias-nst.info
199.254.59.1
co.in
- a2.in.afilias-nst.info
199.249.117.1
co.in
- b2.in.afilias-nst.org
199.249.125.1
co.in
- d0.cctld.afilias-nst.org
199.254.62.1
co.in
- c0.cctld.afilias-nst.info
199.254.61.1
co.in
- a1.in.afilias-nst.in
203.119.49.201
co.in
- b1.in.afilias-nst.in
220.226.205.253
co.in


> iit.co.in b0.cctld.afilias-nst.org
Server: b0.cctld.afilias-nst.org
Address: 199.254.60.1

Name: iit.co.in
Served by:
- ns409.websitewelcome.com

iit.co.in
- ns410.websitewelcome.com

iit.co.in


> iit.co.in ns409.websitewelcome.com
Server: ns409.websitewelcome.com
Address: 74.54.42.226

Name: iit.co.in
Address: 74.54.189.219



In the above example I have using iit.co.in, if you query iit.co.in with set norecurse this will display other name servers that might know the answer, since our default name server does not. I have used b0.cctld.afilias-nst.org name server to look for the answer, this will lists the ns server that has the authoritive answer. Then have the Name server for one more time, iit.co.in ns409.websitewelcome.com and we will get the A record 74.54.189.219

This will help to troubleshoot the DNS related issues, able to find the problematic name servers and able to find trace the DNS issue.


> set recurse
> iit.com
Server: ns1chn.vsnl.com
Address: 202.54.6.60

Non-authoritative answer:
Name: iit.com
Address: 74.54.82.185

With set recurse we will get the direct answer


Set srchlis



Command to change search list and default Domain Name System (DNS) domain name

Set srchlist=N1[N2/../N6]


Specifies one or up to six domain names to be appended to unqualified host names when attempting to resolve the host name. Each domain name specified is tried in turn until a match is found.
This option also directs the default domain to be set to the first domain name specified in the search list. The minimum abbreviation for this option is srchl.

While querying the host name no need to provide the FQDN, only host name enough, domain from the Srchlist added to the given host name to make the FQDN

Examples

To set the DNS domain to test.com
set srchlist=test.com/test1.com
> set srchlist=test.com
> test0001
Server: ns1chn.vsnl.com
Address: 202.54.6.60

Non-authoritative answer:
Name: test0001.test.com
Address: 205.178.152.103

In the above example I have only provide the host name (test0001) but Nslookup able to query the FQDN (test0001.test.com) using the set srchlist=test.com command.

DOMAIN SERVER


Look up a given domain name (NAME1) using this name server (NAME2). See example below

> iit.co.in ns409.websitewelcome.com
Server: ns409.websitewelcome.com
Address: 74.54.42.226

Name: iit.co.in
Address: 74.54.189.219


set root



Changes the name of the root server to the name specified by the HOST parameter, The root server by default is defined to be "A.ROOT-SERVERS.NET"

set root=A.ROOT-SERVERS.NET

set retry


Changes the number of times to retry quering a name server, Default retries is 1.

set retry=2

Set timeout


Sets the initial time out value in seconds, Default timeout value is 2 seconds.

>set timeout=4

LS


Rerieve the zone list of this domain. Note: On almost all Name Servers this operation is restricted or turned off

Most of the time, when using this command you would get a query refused output.Options:-a - list canonical names and aliases-d - list all records-t TYPE - list records of the given type (i.e. cname, mx, ns etc.)

________________________________________________________________________________________________________________________


Nslookup suffixing behavior-By Ace Fekay
(MVP)