Aerosol Posted December 8, 2014 Report Posted December 8, 2014 Nslookup is a great utility specially designed for troubleshooting Domain Name System (DNS) servers and finding DNS related problems. The name means "name server lookup" - nslookup, but tool itself can be used for manual name resolution querying against DNS servers, getting information about the DNS configuration, getting DNS records and IP addresses of a particular netowrk resource, mail servers of domain, name servers (NS) and general DNS server diagnosis. It's available on most of todays modern operating systems including Windows and Linux/Unix like, and can be easily accessed from command prompt by simple entering "nslookup" command. Basic syntax and usageTo access nslookup on Windows, open command promt by going to Start > run and enter "cmd".Once in cmd, simply enter nslookup which will start the tool and bring You in 'interactive' mode : and provide You with information of name and IP address of the DNS server it is using: C:\>nslookup Default Server: google-public-dns-a.google.com Address: 8.8.8.8 > quit C:\>To perform a DNS lookup, You can simply enter 'nslookup' folowing the domain you would like to query: C:\>nslookup ittutorials.org Server: google-public-dns-a.google.com Address: 8.8.8.8 Non-authoritative answer: Name: ittutorials.org Address: 64.37.52.52 C:\>(In the example above, for our query we got the IP address of a server which is hoting the site, but as it can be seen the answer is Non-authoritative. This is because Nslookup assumes that you are querying your internal domain from your local private network. However, nslookup in this case queries an external domain for which our chosen DSN server google-public-dns-a.google.com is not authoritative.) Finding authoritative serverTo find authoritative name serve for specific external domain, first we have to enter interactive mode. Once in nslookup, we have to setup SOA query type "set type=SOA" which will basicly ask our DNS server who is responsible for domain we're looking for. SOA or Start of Authority record tells us exactly which DNS name server is responsible for specific zone or domain: C:\> nslookup Default Server: google-public-dns-a.google.com Address: 8.8.8.8 > set type=SOA > > ittutorials.org Server: google-public-dns-a.google.com Address: 8.8.8.8 Non-authoritative answer: ittutorials.org primary name server = 1.nsjet.com responsible mail addr = colo.minmaxgroup.com serial = 2012110500 refresh = 86400 (1 day) retry = 7200 (2 hours) expire = 3600000 (41 days 16 hours) default TTL = 86400 (1 day) > > server 1.nsjet.com Default Server: 1.nsjet.com Address: 198.136.54.12 > ittutorials.org Server: 1.nsjet.com Address: 198.136.54.12 ittutorials.org primary name server = 1.nsjet.com responsible mail addr = colo.minmaxgroup.com serial = 2012110500 refresh = 86400 (1 day) retry = 7200 (2 hours) expire = 3600000 (41 days 16 hours) default TTL = 86400 (1 day) >Once SOA query type is set, we can ask for a domain simply by entering it's FQDN (Fully qualified domain name) - ittutorials.org for example. The field "primary name server" tells us authoritative DNS server of domain we just queried. Querying authoritative serverOne we got the name of the authoritative server, to query it instead of non-authoritative one, we can simply enter "server" after which folow the FQDN of a server: > server 1.nsjet.com Default Server: 1.nsjet.com Address: 198.136.54.12>> Now querying authoritative server for a domin, gives us an authoritative answer: > ittutorials.org Server: 1.nsjet.com Address: 198.136.54.12 ittutorials.org nameserver = 1.nsjet.com ittutorials.org nameserver = 2.nsjet.com 1.nsjet.com internet address = 198.136.54.12 > >We can also query many diferent types, depending on what kind of DNS zone records we want to get. For example to find out which email server is responsible for mail exchange in a domain, we can setup an query MX (mail exchanger) record: > set type=mx > ittutorials.org Server: 1.nsjet.com Address: 198.136.54.12 ittutorials.org MX preference = 0, mail exchanger = ittutorials.org ittutorials.org internet address = 64.37.52.52>In the example above, the MX record for ittutorials.org points to ittutorials.org 64.37.52.52, which is in this case the address of both, web an email server for ittutorials.org. Source Quote