Beyond the Basics of nslookup

Beyond the Basics of nslookup

nslookup is right up there with ping in terms of the most common tools for diagnosing network issues on Windows. Want to know if your DNS is set right for your website? Easy, just type nslookup davejlong.com and you'll see that the hostname points at 68.183.26.177.

Is that it, though? Is nslookup a one-trick pony? Of course not. nslookup is intended for querying all sorts of dns information. Below you'll find some examples of how to use nslookup to play with different DNS queries.

How to use nslookup options

nslookup has two ways of running. You can pass options to nslookup like most other commands, or you can drop into the dedicated CLI. The following examples will both do the same thing:

cmd> rem Using the command options
cmd> nslookup -retry=5 davejlong.com
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    davejlong.com
Address:  68.183.26.177
Query davejlong.com retrying up to 5 times
cmd> rem Using the CLI
cmd> nslookup
Default server: one.one.one.one
Address: 1.1.1.1
> set retry=5
> davejlong.com

Non-authoritative answer:
Name:    davejlong.com
Address:  68.183.26.177
Query davejlong.com retrying up to 5 times

For the rest of this post, I'll be using the CLI version of nslookup to make it easier to understand what's happening.

Alternative record types

By default, nslookup looks up A and CNAME records, the records that point a hostname to an IP address. What about the other types or DNS records? What about when setting up a new email service? nslookup can query any type of DNS record using the type option:

> set type=mx
> davejlong.com
...
Non-authoritative answer:
davejlong.com   MX preference = 10, mail exchanger = aspmx2.googlemail.com
davejlong.com   MX preference = 10, mail exchanger = aspmx3.googlemail.com
davejlong.com   MX preference = 5, mail exchanger = alt1.aspmx.l.google.com
davejlong.com   MX preference = 5, mail exchanger = alt2.aspmx.l.google.com
davejlong.com   MX preference = 1, mail exchanger = aspmx.l.google.com

> set type=txt
> davejlong.com
...
Non-authoritative answer:
davejlong.com   text =

        "v=spf1 mx a include:_spf.google.com include:mailgun.org -all"

So now I know that all my MX records and SPF records are setup for Google Workspace.

Querying different servers

The next thing you may want to do is check with different DNS servers. If you query your local DNS server and it gives the wrong record, is it really an issue with your local DNS server or is it an issue with the upstream DNS server that yours pulls from? Here's an example. I have a local DNS server that queries 1.1.1.1 for records that aren't in it's cache:

CMD> nslookup
Default Server: UnKnown
Address: 192.168.1.1
> davejlong.com
...
Name: davejlong.com
Address: 192.168.1.1

> server 1.1.1.1
Name: davejlong.com
Address: 68.183.26.177

Looks like the local DNS server has an issue. It's pointing davejlong.com to my default gateway, even though the upstream DNS server knows the correct IP.

What's the deal with "Non-authoritative answer"?

Not so much a tip, but I wanted to mention why queries will also return "Non-authoritative answer" when you query DNS records. It simply means that your querys answer did not come from the authoritative DNS server for the domain. So what is the authoritative DNS server for a domain? Let's find out with nslookup:

> set type=ns
> davejlong.com
...
Non-authoritative answer:
davejlong.com   nameserver = dns1.registrar-servers.com
davejlong.com   nameserver = dns2.registrar-servers.com

The NS record holds the authoritative Name Server of the domain.

> server dns1.registrar-servers.com
Default Server:  dns1.registrar-servers.com
Addresses:  2610:a1:1024::200
          156.154.132.200

> davejlong.com
Server:  dns1.registrar-servers.com
Addresses:  2610:a1:1024::200
          156.154.132.200

Name:    davejlong.com
Address:  68.183.26.177

When we use the authoritative DNS servers, we no longer get the warning. If the authoritative server returns the wrong value, that means the zone file is truly wrong and it's not a DNS caching issue.

So that's it. There are still a number of options that you can set with nslookup to do all sorts of querying, but these 3 items are the most common uses that I find for nslookup day to day.


Liked that post? Help me keep the blog running

Buy Me A Coffee