In this tutorial, you’re going to learn how to use the Nslookup command to check DNS records.
You’ll also learn how Nslookup can be used to troubleshoot DNS issues. I walk through the exact steps and provide several Nslookup examples.
And in this post, I’ll show you my tips for troubleshooting DNS.
Let’s get started!
Table of contents
- How DNS Works
- Why you must learn the nslookup command
- Nslookup Syntax
- Nslookup Examples
- DNS Troubleshooting Tips
How DNS works
Understanding how DNS works will help you troubleshoot DNS issues faster. It will help you identify if it’s a client, a local DNS issue, or another DNS server (forwarding server or ISP).
Computer and other network devices communicate by IP address. It would be hard to remember the IP address of every website or resource you access, words are easier to remember. DNS will take the easy to remember name and map it to the IP address so devices can communicate.
Below I walk through how a computer uses DNS to resolve names.
1. User types in google.com into their browser. This will send a query to the DNS server to go fetch the IP address for google.com
2. The DNS server that the client uses may not know the IP address. This can be your local Active Directory DNS server or your ISP DNS server. If it doesn’t know the IP address of the domain it will forward it on to the next DNS server.
3. The next DNS server says it knows the IP address and sends the request back to the computer.
4. The computer is then able to communicate to google.com.
DNS uses resource records to provide details about systems on a network. The above example used an A resource record which maps a domain name to an IP address.
In the examples below I will show you how to query different resource records.
Why you must learn the Nslookup command line tool
When DNS is not working devices cannot communicate. You will be unable to browse websites, send an email, chat online, stream videos, and so on.
If you have a local DNS server issue then your employees can’t work and business is impacted.
You need a way to quickly troubleshoot and resolve these issues.
That is why it’s important to know how to use the Nslookup command.
This command is built into all Windows operating systems, it’s free and easy to use.
If you are a system or network administrator it’s very important that you know how to quickly resolve DNS related issues.
To view the syntax just type nslookup hit enter then type ?
Here is a screenshot
There is a lot of options but in most cases, you will only need a few of them to verify DNS records. The most useful command switches are set type, server and debug. I’ll show you the most commonly used commands below.
In each example, I show you the commands then a screenshot with the results.
PTR Record Lookup (IP to Domain Name)
Use this command if you know the IP address and what to find the domain name.
A Record Lookup (Domain to IP Address)
If you want to find the IP address of a domain name then use this command:
An MX record lookup will find mail server that is responsible for accepting email for the domain.
nslookup hit enter set q=mx hit enter type domain, hit enter
SOA Record Lookup
The Start of Authority record indicates which DNS server is the best source of information for the domain. This will return the primary name server, responsible mail addresses, default ttl and more.
type nslookup hit enter type set q=SOA hit enter type domain name, hit enter
This command will return the name servers a domain is using.
type nslookup hit enter type set q=ns hit enter type in domain to query hit enter
Using an alternative DNS Server
This is very useful in troubleshooting. Maybe a website isn’t loading on your internal network but does when you are off the network. You can use this to see if your internal DNS is returning different results than an external DNS server. You can use your ISP DNS server or google.
nslookup hit enter server=DNS-Server-IP hit enter type in domain name hit enter
Turning on debug will display a lot more details about the resource record such as primary name server, mail address, default TTL, and much more. To turn on debug use the command below
nslookup set debug
Tips for troubleshooting DNS Problems
Here are my tips for troubleshooting DNS issues.
Step#1 Make sure you have connectivity to the DNS server?
If your client has communication issues with the DNS server then name resolution is not going to work.
To check what DNS is set on a Windows system use this command:
Now take the IP listed for the DNS server and see if the client can ping it or communicate with it.
Step #2 Are other users or devices having name resolution issues?
You need to determine how big of a problem you have. Is it just one, two, or many devices that have name resolution issues?
If it’s just one then you may just have a client issue. If it’s all or many then you may have an issue with the local or upstream DNS server.
Step #3 Use NSLookup to test local server
Use NSLookup to verify the local DNS server is working correctly. Use the command to verify DNS records on local servers. If you need examples see the previous section.
Step #4 Use DCDiag to check the AD Health
If you are having issues internally you will want to check the health of your Active Directory environment. Since DNS and AD are very tightly integrated a faulty domain controller could be causing your DNS issues.
See my tutorial on how to check domain controller health.
Step #5 Use NSlookup server to test forwarding DNS Server (UPstream)
If everything is resolving correctly internally but not externally you can test the forwarding DNS server with the NSLookup command. This could be your ISP DNS server or the root hint servers. Use NSLookup server option followed by the forwarding DNS server IP to run queries.
Step #6 Scan for viruses and spyware
Viruses and spyware can install all kinds of nasty things on computers to redirect traffic to malicious sites. Browser hijacking is very common
Step #7 Check the client’s host file
I don’t recommend adding entries to the host file but if it contains incorrect or outdated data, you won’t be able to connect. Viruses can also modify the host file which would redirect you to malicious websites.
Step #8 Flush DNS Cache
The client’s cache could be the problem to flush the cache run this command
I hope this article helped you understand the NSLookup and how it can be used to verify and troubleshoot DNS. If you liked this video or have questions leave a quick comment below.