Default Server: ns1chn.vsnl.com

> ?
Commands: (identifiers are shown in uppercase, [] means optional)
NAME - print info about the host/domain NAME using default server
NAME1 NAME2 - as above, but use NAME2 as server
help or ? - print info on common commands
set OPTION - set an option
all - print options, current server and host
[no]debug - print debugging information
[no]d2 - print exhaustive debugging information
[no]defname - append domain name to each query
[no]recurse - ask for recursive answer to query
[no]search - use domain search list
[no]vc - always use a virtual circuit
domain=NAME - set default domain name to NAME
srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc.
root=NAME - set root server to NAME
retry=X - set number of retries to X
timeout=X - set initial time-out interval to X seconds
type=X - set query type (ex. A,ANY,CNAME,MX,NS,PTR,SOA,SRV)
querytype=X - same as type
class=X - set query class (ex. IN (Internet), ANY)
[no]msxfr - use MS fast zone transfer
ixfrver=X - current version to use in IXFR transfer request
server NAME - set default server to NAME, using current default server
lserver NAME - set default server to NAME, using initial server
finger [USER] - finger the optional NAME at the current default host
root - set current default server to the root
ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE)
-a - list canonical names and aliases
-d - list all records
-t TYPE - list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.)
view FILE - sort an 'ls' output file and view it with pg
exit - exit the program

Set All

command will display the current configuration settings; you can always change the settings using the same set command, but this setting only for the current session, this will change to default settings while to exit the command

> set all
Default Server: ns1chn.vsnl.com

Set options:

Set type

To change the query type user the below command, by default type=A, this will only query the host record (A record) to query for the mail exchanger data, type the following:

> set type=mx
> google.com
Server: ns1chn.vsnl.com

Non-authoritative answer:
google.com MX preference = 10, mail exchanger = smtp4.google.com
google.com MX preference = 10, mail exchanger = smtp1.google.com
google.com MX preference = 10, mail exchanger = smtp2.google.com
google.com MX preference = 10, mail exchanger = smtp3.google.com

In this way you can use the different query type (A, ANY, CNAME, MX, NS, PTR, SOA, SRV).

any - displays all the records for that domain.
cname - CName (Canonical Name) is used for nicknames or aliases, it is used to redirect web address to another
mx - Mail eXchange (MX). Used to define which domain handles the email
ns - Look up the Name servers for this record
ptr - A record that points an IP address to a single name, unlike a name which can be associated with many IP addresses
soa - Start Of Authority
srv - Resource records

The first time a query is made for a remote name, the answer is authoritative, but subsequent queries are nonauthoritative. The first time a remote host is queried, the local DNS server contacts the DNS server that is authoritative for that domain. The local DNS server will then cache that information, so that subsequent queries are answered nonauthoritatively out of the local server's cache.

Set debug

Using this option you can turn on or off the debug display, nothing but the detailed lookup result, by default this option disabled (set nodebug) you can use the below command turn on the debug mode

> set debug
> google.com
Server: ns1chn.vsnl.com

Got answer:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 3, authority records = 4, additional = 4

google.com, type = A, class = IN
-> google.com
internet address =
ttl = 235 (3 mins 55 secs)

-> google.com
nameserver = ns1.google.com
ttl = 170814 (1 day 23 hours 26 mins 54 secs)

-> ns1.google.com
internet address =
ttl = 302197 (3 days 11 hours 56 mins 37 secs)
Non-authoritative answer:
Name: google.com

We have querying “google.com, type = A, class = IN”

Normal query Nslookup will return only the IP address of google.com, in debug mode it will provide corresponding name server records and authority records which resolve to the IP addresses (Additional records)

So we came to know from where the host (google.com) getting resolved, able to find the corresponding IP address as well as holding DNS server (ns1.google.com)

Set d2

Using this Option you can turn on or off the EXHAUSTIVE debug display. Retrieves the complete dump of what is sent and received via the DNS requests

Set norecurse

Before this you should know about Iterative(norecurse) and Recursive(recurse) Queries.
Please check the below link for more info:

DNS Query Types

This will display other domain name servers to query, if the default name server does not have the information.

Turn off recursion and then try to look up a name that is not cached locally. since our default name server does not have the entry, this will display other name servers that might know the answer

> set norecurse
> iit.co.in
Server: ns1chn.vsnl.com

Name: iit.co.in
Served by:
- b0.cctld.afilias-nst.org
- a0.cctld.afilias-nst.info
- a2.in.afilias-nst.info
- b2.in.afilias-nst.org
- d0.cctld.afilias-nst.org
- c0.cctld.afilias-nst.info
- a1.in.afilias-nst.in
- b1.in.afilias-nst.in

> iit.co.in b0.cctld.afilias-nst.org
Server: b0.cctld.afilias-nst.org

Name: iit.co.in
Served by:
- ns409.websitewelcome.com

- ns410.websitewelcome.com


> iit.co.in ns409.websitewelcome.com
Server: ns409.websitewelcome.com

Name: iit.co.in

In the above example I have using iit.co.in, if you query iit.co.in with set norecurse this will display other name servers that might know the answer, since our default name server does not. I have used b0.cctld.afilias-nst.org name server to look for the answer, this will lists the ns server that has the authoritive answer. Then have the Name server for one more time, iit.co.in ns409.websitewelcome.com and we will get the A record

This will help to troubleshoot the DNS related issues, able to find the problematic name servers and able to find trace the DNS issue.

> set recurse
> iit.com
Server: ns1chn.vsnl.com

Non-authoritative answer:
Name: iit.com

With set recurse we will get the direct answer

Set srchlis

Command to change search list and default Domain Name System (DNS) domain name

Set srchlist=N1[N2/../N6]

Specifies one or up to six domain names to be appended to unqualified host names when attempting to resolve the host name. Each domain name specified is tried in turn until a match is found.
This option also directs the default domain to be set to the first domain name specified in the search list. The minimum abbreviation for this option is srchl.

While querying the host name no need to provide the FQDN, only host name enough, domain from the Srchlist added to the given host name to make the FQDN


To set the DNS domain to test.com
set srchlist=test.com/test1.com
> set srchlist=test.com
> test0001
Server: ns1chn.vsnl.com

Non-authoritative answer:
Name: test0001.test.com

In the above example I have only provide the host name (test0001) but Nslookup able to query the FQDN (test0001.test.com) using the set srchlist=test.com command.


Look up a given domain name (NAME1) using this name server (NAME2). See example below

> iit.co.in ns409.websitewelcome.com
Server: ns409.websitewelcome.com

Name: iit.co.in

set root

Changes the name of the root server to the name specified by the HOST parameter, The root server by default is defined to be "A.ROOT-SERVERS.NET"


set retry

Changes the number of times to retry quering a name server, Default retries is 1.

set retry=2

Set timeout

Sets the initial time out value in seconds, Default timeout value is 2 seconds.

>set timeout=4


Rerieve the zone list of this domain. Note: On almost all Name Servers this operation is restricted or turned off

Most of the time, when using this command you would get a query refused output.Options:-a - list canonical names and aliases-d - list all records-t TYPE - list records of the given type (i.e. cname, mx, ns etc.)


Nslookup suffixing behavior-By Ace Fekay