Introduction

NSlookup is a command-line tool used for testing and troubleshooting DNS servers. It is one of most powerful and frequently used tools used by Systems and Network Engineers / Administrators.

This Wiki article explains how to use NSlookup for beginners by providing most of the available options and real usage examples.

Getting Started

Let’s start with doing your first NSlookup query.



To do that, you can proceed like the following:

  • Open CMD and then type nslookup. Once the program is launched, you will be able to see the Default Server name which reflects your DNS server name and Address which reflects your DNS server IP address

  • Type www.bing.com or any DNS domain you would like to get its IP address. Your computer will contact your DNS server to ask for the DNS resolution of your DNS domain and will display to you the IP address(es) once it gets an answer.

At this step, we would like to congratulate you for your first DNS query using NSlookup. Bravo!

If you were not able to do it properly then the following options would help for troubleshooting.

NSlookup options

NSlookup has many available options. Most of them are described below.

Default Server

NSlookup uses the primary DNS server in your IP settings as Default Server for DNS querying. You can update the Default Server used by NSlookup program without changing your IP settings using two methods:

Method 1: By running nslookup x y command where x is the DNS name / IP address to query and y is the the DNS name / IP address of the DNS server you would like to use for doing the DNS resolution. By using this method, you are changing the Default Server to query only when querying the DNS name you specified.

Method 2: By running NSlookup and then running server x where x is the IP address of the new Default Server to query.

By using Method 2, you will be able to use the new Default Server for DNS querying as long as you have not closed NSlookup program.

Note here that, if you would like to do a DNS query using your initial Default Server, you can use lserver x option where x is the IP address or the DNS name to query.

Query Type

By default, NSLookup looks for DNS records with A or AAAA as type. This could be changed using set type parameter.

You can then change the query type to query records with other types (Example: SRV, NS, CNAME, MX, PTR …).

Let’s take the example where you would like to query MX record for outlook.com. We will need to run NSlookup and then run set type=MX. This sets the query type to be MX.

All what is left now is to specify the DNS record to resolve.

You can do the same using set querytype option.

Retry

By default, NSlookup is configured to retry DNS resolution once when it fails. You can increase the number of retries by using set retry=x option where x is the number of retries (Example: set retry=4).

Timeout

When a reply to a request is not received within the specified time period, the time-out is doubled and the request is sent again. By default, the specified time period is equal to two (2) seconds. This could be updated using set timeout=x option where x is the number of the time period in seconds (Example: set timeout=5).

Class

This is a setting that you might never have to change it as almost all of name servers are using the Internet class nowadays. However, there are two known classes (other than Internet class) which are Chaos and MIT Athena Hesiod classes.

If you would like to switch to another class then you can use set class=x option where x is the class name (in for Internet class, chaos for Chaos class and Hesiod for MIT Athena Hesiod class).

Search List

NSlookup program uses a search list to be able to create a Fully Qualified Domain Name when you specify unqualified single-label name before submission of a DNS query for that name.

As an example, let’s suppose that you use NSlookup to resolve a record named “Server1” and that you have “contoso.com” configured as DNS suffix. “Server1” is an unqualified single-label name and, in this case, NSlookup will append the suffix to this name and it will become “Server1.contoso.com”.

Note: An unqualified single-label name contains no “.”.

Once the new Fully Qualified Domain Name is composed then NSlookup will try to do the name resolution.

Remark: We have seen that, even with name resolution of names containing “.”, NSlookup will append a suffix. You can clearly see that when you run NSLookup using the debugging mode. Example: If you are trying to resolve “www.1” using NSlookup while “contoso.com” is configured as DNS suffix then NSlookup will try to resolve “www.1.contoso.com”.

NSlookup takes its search list from the configuration of your NIC card.

When multiple DNS suffixes are configured then NSlookup will try them in the specified order and will continue down in the list as long as it is not able to do the resolution. Example: If you are trying to solve www and your DNS suffixes are configured as shown in the previous figure then NSlookup will try http://www.contoso.com/ for name resolution. If it is unable to do the resolution then it will try www.fabrikam.com.

It is possible to have a different Search List in NSlookup without modifying your NIC configuration by using set srchlist=x/y option where x and y are the DNS suffixes in the order you would like to apply. This option supports until six (6) DNS suffixes and “/” should be used as delimiter (Example: set srchlist=contoso.com/fabrikam.com).

You can enable / disable using Domain Search List by running set search / no search – By default, this option is enabled.

Default Domain Name

As described previously, you can set a DNS Search List. The first DNS domain set in the list is your Default Domain Name. Example: If your Search list is “contoso.com/fabrikam.com” then the Default Domain Name is “contoso.com”.

If you update your Search List then your Default Domain Name is updated.

It is also possible to manually update your Default Domain Name but this will update your DNS Search List too.

Example 1: If you set “fabrikam.com” as Default Domain Name then your Search List will be “fabrikam.com”.

Example 2: If you set “child.fabrikam.com” as Default Domain Name then your Search List will be “child.fabrikam.com/fabrikam.com”.

To set a Default Domain Name, you can use set domain=x option where x is your Default Domain Name.

You can enable / disable appending domain names when using NSlookup by running set defname / no defname – By default, this option is enabled.

Recursivity

By default, NSlookup is running using recurse mode. This means that it tells the DNS server to query other servers if it does not have the information about your query.

As an example, we can suppose that you have two DNS servers: Server1 and Server 2. Server1 is authoritative on contoso.com domain while Server2 is authoritative on fabrikam.com domain. Server1 is configured with a conditional forwarder for fabrikam.com so that requests get redirected to Server2. Let’s suppose now that you are using Server1 as DNS server and you are querying www.fabrikam.com. Server1 does not know the answer by default and will redirect the request to Server 2. So, if recursivity is enabled then you will receive the answer from Server1 after it has received it from Server2. If not then Server1 will not be able to respond to your query.

Recursivity can be enabled / disabled by running set recurse / set norecurse

Virtual Circuit

When a DNS server returns a response to a DNS query that contains more DNS records than can fit into a single UDP packet, the client may decide to send the query again using TCP instead of UDP. The advantage by using TCP is that multiple packets can deliver all the DNS records in the response.

You can then decide to use TCP or UDP for DNS queries using NSlookup by enabling / disabling Virtual Circuit option using set vc / set novc option. When enabled TCP is used but when disabled UDP is used.

Zone Transfer

NSlookup can be used to do zone transfers and get the full content of a DNS zone. To do that, it is required that your DNS server is configured to allow DNS zone transfers to the host from which you are running NSlookup program.

A zone transfer can be launched via NSlookup program by running ls x command where x is the domain name (Example: ls contoso.com).



Three extra options are available:

  • -a : list canonical names and aliases
  • -d : list all records
  • -t x: list records of a given type (Example: A, AAAA,NS,MX,PTR,CNAME,SRV…) where x is the record type

The output can be saved in a file by redirecting the output (Example: ls –d contoso.com > contosozone.txt). It is already possible to read the file content using NSlookup program by running view x where x is the file name (Example: view contosozone.txt).

Debugging

When you need more details about the DNS resolution you performed using NSlookup, you can enable debugging.

You can enable / Disable debugging in NSlookup using:

  • set debug / set nodebug to print debugging information
  • set d2 / set nod2 to print exhaustive debugging information

The debugging provides enough information to understand what was done to perform the DNS resolution.

Display NSlookup Configuration

NSlookup configuration can be printed by using set all option.



Conclusion

NSlookup program has many advanced options to test name resolution and a verbose debugging mode for advanced troubleshooting, Mastering this program is very important for System and Network Engineers / Administrators managing DNS service within their organization. This Wiki shared most of the available options within this program and detailed the purpose of each one of them. We hope that this helps our readers for a better understanding about how NSlookup program works.

Reference