nslookup is right up there with
ping in terms of the most common tools for diagnosing network issues on Windows. Want to know if your DNS is set right for your website? Easy, just type
nslookup davejlong.com and you'll see that the hostname points at 126.96.36.199.
Is that it, though? Is
nslookup a one-trick pony? Of course not.
nslookup is intended for querying all sorts of dns information. Below you'll find some examples of how to use
nslookup to play with different DNS queries.
How to use nslookup options
nslookup has two ways of running. You can pass options to
nslookup like most other commands, or you can drop into the dedicated CLI. The following examples will both do the same thing:
For the rest of this post, I'll be using the CLI version of
nslookup to make it easier to understand what's happening.
Alternative record types
nslookup looks up A and CNAME records, the records that point a hostname to an IP address. What about the other types or DNS records? What about when setting up a new email service?
nslookup can query any type of DNS record using the
> set type=mx > davejlong.com ... Non-authoritative answer: davejlong.com MX preference = 10, mail exchanger = aspmx2.googlemail.com davejlong.com MX preference = 10, mail exchanger = aspmx3.googlemail.com davejlong.com MX preference = 5, mail exchanger = alt1.aspmx.l.google.com davejlong.com MX preference = 5, mail exchanger = alt2.aspmx.l.google.com davejlong.com MX preference = 1, mail exchanger = aspmx.l.google.com > set type=txt > davejlong.com ... Non-authoritative answer: davejlong.com text = "v=spf1 mx a include:_spf.google.com include:mailgun.org -all"
So now I know that all my MX records and SPF records are setup for Google Workspace.
Querying different servers
The next thing you may want to do is check with different DNS servers. If you query your local DNS server and it gives the wrong record, is it really an issue with your local DNS server or is it an issue with the upstream DNS server that yours pulls from? Here's an example. I have a local DNS server that queries 188.8.131.52 for records that aren't in it's cache:
CMD> nslookup Default Server: UnKnown Address: 192.168.1.1 > davejlong.com ... Name: davejlong.com Address: 192.168.1.1 > server 184.108.40.206 Name: davejlong.com Address: 220.127.116.11
Looks like the local DNS server has an issue. It's pointing davejlong.com to my default gateway, even though the upstream DNS server knows the correct IP.
What's the deal with "Non-authoritative answer"?
Not so much a tip, but I wanted to mention why queries will also return "Non-authoritative answer" when you query DNS records. It simply means that your querys answer did not come from the authoritative DNS server for the domain. So what is the authoritative DNS server for a domain? Let's find out with
> set type=ns > davejlong.com ... Non-authoritative answer: davejlong.com nameserver = dns1.registrar-servers.com davejlong.com nameserver = dns2.registrar-servers.com
NS record holds the authoritative Name Server of the domain.
> server dns1.registrar-servers.com Default Server: dns1.registrar-servers.com Addresses: 2610:a1:1024::200 18.104.22.168 > davejlong.com Server: dns1.registrar-servers.com Addresses: 2610:a1:1024::200 22.214.171.124 Name: davejlong.com Address: 126.96.36.199
When we use the authoritative DNS servers, we no longer get the warning. If the authoritative server returns the wrong value, that means the zone file is truly wrong and it's not a DNS caching issue.
So that's it. There are still a number of options that you can set with
nslookup to do all sorts of querying, but these 3 items are the most common uses that I find for
nslookup day to day.