nslookup – DNS Query Tool

What is nslookup?

Definition: nslookup is a command-line tool used to query Domain Name System (DNS) servers to obtain information about domain names, IP addresses, and various DNS records.

Purpose / Use Cases:

Troubleshooting DNS resolution issues
Verifying DNS records (A, MX, CNAME, etc.)
Testing DNS server responses

Basic nslookup Usage

Query a Domain Name to Get Its IP Address

nslookup example.com

Server:  8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
Name:    example.com
Address: 93.184.216.34

Interpretation: Shows which DNS server responded and the IP address for the domain.

Reverse Lookup: Query an IP to Find Its Domain Name
```
nslookup 8.8.8.8
```
```
Server:  your.local.dns.server
Address: 192.168.1.1

Name:    dns.google
Address: 8.8.8.8
        
```
Use Case: Verifies PTR (Pointer) records for IPs, useful in email and network troubleshooting.

Interactive vs. Non-Interactive Mode

Non-Interactive: Type a single query and get an immediate answer (e.g., nslookup google.com).
Interactive: Enter nslookup alone to get a prompt. Then issue multiple queries and use advanced options.
```
> nslookup
> set type=MX
> gmail.com
      
```

Query Types

Type	Description
A	Maps domain name to IPv4 address.
AAAA	Maps domain name to IPv6 address.
PTR	IP address to domain name (reverse DNS).
MX	Mail Exchange records (mail server for the domain).
NS	Name Server records (authoritative DNS servers).
CNAME	Canonical Name records (aliases).

Example (interactive):

> nslookup
> set type=MX
> gmail.com

Output: Lists mail servers for gmail.com.

Changing DNS Servers in nslookup

Specify a DNS server for a query: nslookup example.com 8.8.8.8
In interactive mode:
> server 1.1.1.1 (switches queries to Cloudflare’s DNS)

Advanced Query Options

Set Query Type: set type=MX or set q=NS
View all records (any): set type=ANY
Check authoritative answer: Some responses show “authoritative answer” if the DNS server is official for that domain.

Interpreting nslookup Output

Field	Meaning
Server	DNS server that responded.
Non-authoritative answer	Response from a cache or non-original source.
Authoritative answer	Response direct from the primary DNS server.
Name/Address	The answer to your query.

Common Troubleshooting Scenarios

DNS Resolution Failures: No response, timeout, or incorrect IP = DNS issues or misconfigurations.
Check if a DNS record exists: Verify A, MX, CNAME, etc.
Test Alternate DNS Servers: Helps distinguish between client, server, or upstream problems.

Limitations of nslookup

Some platforms (notably Unix/Linux) prefer dig or host for more detailed diagnostics.
Limited scripting capability compared to dig.
Does not support all modern DNSSEC validation features.

Platform Differences

Platform	Availability	Notes
Windows	Built-in	Always available
Linux/macOS	Common, but sometimes replaced by `dig`	Syntax and features are similar, output formatting can differ

Example: Verifying Mail Server for a Domain

nslookup -type=mx example.com

example.com   mail exchanger = 10 mail.example.com.

Use Case: Verifies which mail servers are used for a domain (useful for email setup/troubleshooting).

Exam Tips and Key Points

Remember the difference between “authoritative” and “non-authoritative” answers.
Know how to use set type= for different DNS records.
Be able to test with different DNS servers (e.g., nslookup example.com 1.1.1.1).
Practice interpreting output for both success and failure cases.
Understand basic troubleshooting with reverse lookups and alternate DNS.

Comparison Table: nslookup vs. dig vs. host

Feature	nslookup	dig (Domain Information Groper)	host
Purpose	Basic DNS queries and troubleshooting	Detailed DNS diagnostics and scripting	Simple forward and reverse DNS lookups
Availability	Default on Windows, most Unix systems	Standard on Linux/Unix; may require install	Standard on Linux/Unix; may require install
Syntax Simplicity	Easy	Slightly more advanced	Very easy
Query Types	All record types (A, MX, CNAME, etc.)	All record types, full control	Most common types
Batch/Script Support	Limited	Excellent (can use in scripts, +short output)	Limited
Output Detail	Basic to moderate	Very detailed (headers, sections, timings, etc.)	Minimal
DNSSEC Support	Limited	Full DNSSEC diagnostic info	Some
Authoritative Answers	Yes (shown in output)	Yes (full section in output)	Yes (minimal display)
Best Use Case	Quick checks, Windows environments	In-depth DNS troubleshooting, scripts	Quick lookup, scripts
Sample Command	nslookup example.com	dig example.com	host example.com

Sample Troubleshooting Steps Using nslookup

Scenario: John cannot access www.example.com from his PC.

Step 1: Check DNS Resolution
```
nslookup www.example.com
```
Expected Output: Should display an IP address for the domain.
If fails: Note any “timed out,” “server can’t find,” or “NXDOMAIN” errors.
Step 2: Test Alternate DNS Server
```
nslookup www.example.com 8.8.8.8
```
Purpose: Checks if problem is with John’s default DNS or upstream server.
If this works: Local DNS server issue; consider reconfiguring DNS settings.
Step 3: Reverse Lookup to Verify PTR Record
```
nslookup [IP address]
```
Purpose: Checks if the IP for the site has a reverse DNS entry (helps in mail troubleshooting).
Step 4: Query for Other Record Types
MX Record (Mail Exchange):
```
nslookup -type=mx example.com
```
NS Record (Name Server):
```
nslookup -type=ns example.com
```
Step 5: Enter Interactive Mode for Multiple Queries
```
nslookup
> set type=any
> example.com
> server 1.1.1.1
> set type=mx
> example.com
        
```
Purpose: Batch test various records and switch DNS servers without re-running the command.
Step 6: Interpret Output
- Non-authoritative answer: Response came from a cache (not original DNS).
- No answer/timeout: Possible connectivity issue, firewall blocking, or DNS misconfiguration.
- Mismatched or unexpected IP: Possible DNS poisoning/spoofing or outdated DNS record.
Step 7: Further Troubleshooting
```
dig www.example.com
```
Try another tool for detailed diagnostics.
```
ping 8.8.8.8
```
Check connectivity to DNS server.
```
ipconfig /flushdns
```
Flush DNS cache (Windows).

Exam Tips

Remember the differences in output and strengths for each tool.
Practice using set type= in nslookup for A, MX, CNAME, NS records.
Know how to specify an alternative DNS server in your queries.
Be comfortable with interpreting “authoritative” vs. “non-authoritative” answers.

nslookup – DNS Query Tool Quiz

1. What is the primary purpose of the `nslookup` tool?

A. To query DNS servers for domain and IP address information B. To scan ports on a remote server C. To configure IP routing protocols D. To monitor network bandwidth usage

Correct answer is A. nslookup queries DNS servers to resolve domain names and IP addresses.

2. Which of the following `nslookup` query types would you use to find the mail servers for a domain?

A. A B. NS C. PTR D. MX

Correct answer is D. MX records specify mail exchange servers for a domain.

3. What does a "non-authoritative answer" in `nslookup` output mean?

A. The DNS server is the primary source for the domain B. The query was unsuccessful C. The response came from a cache or secondary source, not the primary DNS server D. The DNS server blocked the request

Correct answer is C. Non-authoritative answers come from cached data, not directly from the authoritative DNS server.

4. How do you specify a different DNS server to query using `nslookup`?

A. nslookup -server <IP> B. nslookup <domain> <DNS_server_IP> C. nslookup /dns <IP> D. nslookup --dns <IP>

Correct answer is B. You specify the DNS server IP as the second argument in the command.

5. What is the use of the `set type=any` command in interactive nslookup mode?

A. Queries for all DNS record types B. Queries only A records C. Queries only MX records D. Queries only PTR records

Correct answer is A. It instructs nslookup to return all available DNS record types.

6. What is the main difference between interactive and non-interactive modes in nslookup?

A. Interactive mode only works on Windows B. Non-interactive mode allows multiple queries without restarting C. Interactive mode does not allow changing DNS servers D. Interactive mode lets you enter multiple queries and change settings without exiting

Correct answer is D. Interactive mode provides a prompt for multiple queries and settings changes.

7. Which of these nslookup features is limited compared to `dig`?

A. Querying MX records B. Performing reverse lookups C. Scripting and detailed DNSSEC diagnostics D. Basic DNS queries

Correct answer is C. nslookup has limited scripting support and lacks full DNSSEC diagnostic features compared to dig.

8. What does a reverse DNS lookup with nslookup verify?

A. The DNS server’s IP address B. The domain name associated with an IP address using PTR records C. The mail servers for a domain D. The name servers for a domain

Correct answer is B. Reverse lookups use PTR records to find domain names from IP addresses.

9. If a DNS query times out in nslookup, what could be the possible reasons?

A. DNS server unreachable, firewall blocking, or DNS misconfiguration B. Incorrect IP address assigned to client C. Slow internet connection only D. DNS server running IPv6 only

Correct answer is A. Timeouts usually happen due to unreachable servers, firewall blocks, or DNS config issues.

10. How do you interpret an "authoritative answer" in nslookup output?

A. The answer came from a cached DNS server B. The DNS server did not respond C. The query failed due to timeout D. The response came directly from the DNS server responsible for the domain

Correct answer is D. An authoritative answer is given by the DNS server that is the primary source for that domain.

← Back to Home