Nslookup

From Postmaster Administration Wiki
Jump to: navigation, search

nslookup is an older tool used to perform DNS queries. It is supplied by default with Microsoft Windows products. Its usage is a little arcane compared to Dig.

Invoke nslookup

C:\> nslookup
Default Server:  ns.example.com
Address:  192.0.2.1

> quit
C:\> 

nslookup has a help command; the question mark (?) also works.


nslookup help

C:\> nslookup
Default Server:  ns.example.com
Address:  192.0.2.1

> help
Commands:   (identifiers are shown in uppercase, [] means optional)
NAME            - print info about the host/domain NAME using default server
NAME1 NAME2     - as above, but use NAME2 as server
help or ?       - print info on common commands
set OPTION      - set an option
    all                 - print options, current server and host
    [no]debug           - print debugging information
    [no]d2              - print exhaustive debugging information
    [no]defname         - append domain name to each query
    [no]recurse         - ask for recursive answer to query
    [no]search          - use domain search list
    [no]vc              - always use a virtual circuit
    domain=NAME         - set default domain name to NAME
    srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc.
    root=NAME           - set root server to NAME
    retry=X             - set number of retries to X
    timeout=X           - set initial time-out interval to X seconds
    type=X              - set query type (ex. A,AAAA,A+AAAA,ANY,CNAME,MX,NS,PTR,SOA,SRV)
    querytype=X         - same as type
    class="X"             - set query class (ex. IN (Internet), ANY)
    [no]msxfr           - use MS fast zone transfer
    ixfrver=X           - current version to use in IXFR transfer request
server NAME     - set default server to NAME, using current default server
lserver NAME    - set default server to NAME, using initial server
root            - set current default server to the root
ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE)
    -a          -  list canonical names and aliases
    -d          -  list all records
    -t TYPE     -  list records of the given RFC record type (ex. A,CNAME,MX,NS,PTR etc.)
view FILE           - sort an 'ls' output file and view it with pg
exit            - exit the program

> 

It is possible to do a basic DNS A record lookup direct from the command line:


Basic nslookup of host name

C:\> nslookup www.ibm.com
Non-authoritative answer:
Default Server:  ns.example.com
Address:  192.0.2.1

Name:    www.ibm.com.cs186.net
Address:  129.42.60.216
Aliases:  www.ibm.com

C:\>

Alternatively you can use nslookup interactively. Below we make three queries: A record for www.google.com, MX records for google.com, and PTR (reverse lookup) for 8.8.8.8. Note the use of the set type= command to specify the DNS record type we are interested in. Also note that when doing a PTR lookup, you need to specify the IP address unaltered, and nslookup will reverse the IP address and add the zone suffix.


Using nslookup interactively.

C:\> nslookup
Default Server:  ns.example.com
Address:  192.0.2.1

> www.google.com
Non-authoritative answer:
Server:  ns.example.com
Address:  192.0.2.1

Name:    www.google.com
Addresses:  2607:f8b0:400b:807::1013
          173.194.43.116
          173.194.43.115
          173.194.43.114
          173.194.43.113
          173.194.43.112

> set type=mx
> google.com
Non-authoritative answer:
Server:  ns.example.com
Address:  192.0.2.1

google.com      MX preference = 50, mail exchanger = alt4.aspmx.l.google.com
google.com      MX preference = 40, mail exchanger = alt3.aspmx.l.google.com
google.com      MX preference = 10, mail exchanger = aspmx.l.google.com
google.com      MX preference = 30, mail exchanger = alt2.aspmx.l.google.com
google.com      MX preference = 20, mail exchanger = alt1.aspmx.l.google.com
> set type=ptr
> 8.8.8.8
Non-authoritative answer:
Server:  ns.example.com
Address:  192.0.2.1

8.8.8.8.in-addr.arpa    name = google-public-dns-a.google.com
> quit
C:\>

Notice in the above example when querying the MX records for a domain, only the MX records are supplied. The user would then have to manually query for the DNS A and/or AAAA records for each MX host.

One other important nslookup command is the server command, which gives you the ability to select a different name server for queries and the IP address of the name server to use. In our example below we switch from the local name server 192.0.2.1 to one of Google's name servers 8.8.8.8. Our subsequent A record lookup for www.yahoo.com is made against the Google name server.


Switching name server in nslookup.

C:\> nslookup 
Default Server:  ns.example.com
Address:  192.0.2.1

> server 8.8.8.8
Default Server:  google-public-dns-a.google.com
Address:  8.8.8.8

> www.yahoo.com
Non-authoritative answer:
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    ds-any-fp3-real.wa1.b.yahoo.com
Addresses:  2001:4998:f00d:1fe::3001
          2001:4998:f00b:1fe::3001
          2001:4998:f00b:1fe::3000
          2001:4998:f00d:1fe::3000
          98.139.183.24
Aliases:  www.yahoo.com
          fd-fp3.wg1.b.yahoo.com
          ds-fp3.wg1.b.yahoo.com
          ds-any-fp3-lfb.wa1.b.yahoo.com

> quit
C:\> 

References