using nslookup for dns server diagnosis

8/6/2019 Using NSLOOKUP for DNS Server Diagnosis

1/9

Admin KnowledgeBase

Articles & Tutorials

Authors

Blogs

Free Tools

Hardware

Message Boards

NewslettersRSS

Software

White Papers

Site Search

Advanced Search

Using NSLOOKUP for DNS Server diagnosis

The DNS protocol has been around for decades and is a stable and reliable

protocol. Even so, DNS does occasionally have problems. PING is a great tool

for DNS server diagnosis, and I tend to use it quite frequently myself. However,

sometimes PING just doesnt give you enough information about the problem at

hand. When you need more information about a DNS problem than what PING

provides you with, you can always turn to the NSLOOKUP command. In this

article, I will show you how to use NSLOOKUP.

Published: Sep 27, 2005

Updated: Sep 27, 2005

Section: Articles & Tutor ials :: Networ k Tr oubleshooting

Author: Brien M. Posey

Printable Version

Adjust font size:

Rating: 4/5 - 274 Votes

1

2

3

4

5

The DNS protocol has been around for decades and is a stable and reliable protocol. Even so, DNS does

occasionally have problems. These problems might stem from a loss of connectivity, an invalid DNSrecord, or a number of other issues. When a DNS server doesnt behave in the way that it is expected to,

many people turn to the PING command for help. PING is a great tool for DNS server diagnosis, and I

tend to use it quite frequently myself. However, sometimes PING just doesnt give you enough information

ng NSLOOKUP for DNS Server diagnosis http:/ /www.windowsnetworking.com/articles_tutorials/using-nslookup-...

9


2/9

about the problem at hand. When you need more information about a DNS problem than what PING

provides you with, you can always turn to the NSLOOKUP command. NSLOOKUP is a built in DNS

diagnostic utility thats available to both Windows and UNIX Administrators. In this article, I will show

you how to use NSLOOKUP.

The Basics

NSLOOKUP has a fairly rich syntax and can be a bit confusing for those who have not worked with DNSa great deal. Therefore, I want to start out by showing you some of the basics. Although NSLOOKUP

exists in both UNIX and Windows, there are some differences in the way that it behaves in the two

operating systems. For the purposes of this article, I will be using the Windows version.

The first thing that you need to understand about NSLOOKUP is that when you use the NSLOOKUP

command, it assumes that you are querying a local domain on your private network. You can query an

external domain, but NSLOOKUP will try to search for the domain internally first. For example, the

brienposey.com domain is external to my network. If I perform an NSLOOKUP against brienposey.com,

NSLOOKUP returns the information thats shown in Figure A.

Figure A: This is what happens when NSLOOKUP queries an external domain

If you look at the figure, you will see that there are non existent domain error messages for the IP

addresses 147.100.100.34 and 147.100.100.5. These are the addresses of my internal DNS servers. Below

this information however is the non authoritative answer. This means that my DNS server queried an

external DNS server in an effort to resolve the IP address associated with the brienposey.com domain.

Now, lets take a look at what happens when you query an internal domain. One of the local domains on

my private network is production.com. If I perform an NSLOOKUP against production.com, I get the

results shown in Figure B.


9


3/9

Figure B: This is what it looks like when I query an internal domain

If you look at the top portion of this screen, you will notice that Im getting the exact same non-existent

domain error messages as I got when I queried an external domain. At first, this may seem puzzling. The

reason why I got this error message was because I performed an NSLOOKUP outside of the NSLOOKUP

shell. I will talk more about the NSLOOKUP shell in the next section. For now though, you need to know

that you can enter the NSLOOKUP command by itself. When you do, you will see the familiar

non-existent domain error messages, but you will then be taken to the NSLOOKUP prompt (the > sign).

From there you can enter various NSLOOKUP commands. When you are done, you can use the EXIT

command to return to the command prompt.

The other thing that you should notice about Figure B is the bottom portion of the output. Beneath the

reference to production.com is a string of IP addresses. These are the IP addresses of all of the domain

controllers within the domain. I should also point out that if multiple IP addresses are assigned to a singleserver then all of the servers IP addresses will be displayed by NSLOOKUP.

The NSLOOKUP Shell

Now that I have shown you how to use the NSLOOKUP command to see the IP address or addresses

associated with the domain, lets do something a little bit more useful. One of the things that you can do

with NSLOOKUP is to look up a specific type of DNS record. A good example of this is an MX record.

In case you arent yet familiar with all of the intricacies of DNS, the MX record points to the

organizations mail server. For example, suppose that someone wanted to send an E-mail message to you,

one of the first things that their mail server would have to do is to resolve your domains IP address.

However, a normal address resolution wont usually work for this purpose. In Figure A, you saw that when

I ran a DNS query against the brienposey.com domain, the domain resolved to the address 24.235.10.4.

Keep in mind though, that this is the IP address of the server that hosts my Web site, not the address of my

mail server. If someone wanted to send me an E-mail message their E-mail client would have to resolve the

IP address of my domains mail server. This is where the MX record comes into play. The MX record is a

record on a domains DNS server that specifies the IP address of the domains mail server.

As you can see, the MX record is rather important. Suppose however that your domain was having trouble

receiving E-mail and you suspected that a DNS server issue was to blame. You could use NSLOOKUP to

confirm that the domain does indeed have an MX record and that the MX record is pointed to the correctIP address.

Earlier I briefly mentioned that you could work within the NSLOOKUP shell. To troubleshoot an MX

record problem, you pretty much have to work within this shell. Therefore, you would start the process by


9


4/9

entering the NSLOOKUP command at the command prompt.

Once the NSLOOKUP shell is open, you will need to tell NSLOOKUP which DNS server you want to

query. To do so, enter the SERVER command, followed by the DNS servers IP address. You can also

enter the servers fully qualified domain name (assuming that it can be resolved) as an alternative to the

servers IP address.

Now that you have specified a DNS server for NSLOOKUP to use, you can query domains without

receiving the non-existent domain error messages that you saw earlier (as long as you remain within theNSLOOKUP shell). To do so, you would simply type the domain name that you want to query. For

example, if you look at Figure C, you can see where I have specified a particular DNS server and then

queried an external and an internal domain.

Figure C: The error messages go away if you specify a DNS server

Now, lets get back to the business of looking up a domains MX record. To do so, you need to issue a

command that tells NSLOOKUP to query based on MX records. The command that you will have to use

is:

SET QUERY=MX

Issuing this command by itself wont give you any information about the domains MX record though. For

that you have to actually query the domain by entering the domain name. If you look at Figure D, you will

see that I have specified an MX query and then entered the production.com domain name. NSLOOKUP

now returns a wealth of information pertaining to my domains MX record.


9


5/9

Figure D: When an MX query is specified, you can get a wealth of information about your

domains MX record

Conclusion

advertisement

As you can see, NSLOOKUP can provide you with a wealth of DNS server diagnostic information.

However, NSLOOKUP is not limited to providing the types of information that I have discussed. The

NSLOOKUP shell is actually a fairly rich interface with a rather large command set. You can view a list of

the available commands and their syntax by entering a question mark at the NSLOOKUP prompt (note:

you can not use NSLOOKUP /? to view the command set).

About Brien M. Posey

Brien Posey is an award winning author who has written over 3,000 articles and written or contributed to

27 books. You can visit Briens personal Web site at www.brienposey.com

Click here for Brien M. Posey 's section.

Receive all the latest ar ticles by email!

Get all articles delivered directly to your mailbox as and when they are released on

WindowsNetworking.com! Choose between receiving instant updates with the Real-Time Article Update,

or a monthly summary with the Monthly Article Update. Sign up to the WindowsNetworking.com Monthly

Newsletter, written by Dr. Tom Shinder, containing news, the hottest tips, Networking links of the month

and much more. Subscribe today and don't miss a thing!

Real-Time Article Update (click for sample)

Monthly Article Update (click for sample)

Monthly Newsletter (click for sample)


9


6/9

Latest ar ticles by Brien M. Posey

Securing Wireless Network Traffic (Part 7)

Configuring the Active Directory Lightweight Directory Services (Part 6)


Configuring the Active Directory Lightweight Directory Services (Part 5)


Related links

nslookup and DNS Zone Transfers

DNS Stub Zones in Windows Server 2003

How to ""Quickly"" Test DNS Resolution

Installing DNS On Windows 2003

Understanding the DNS Protocol (Part 1)

Featured Links*

Receive all the latest ar ticles by email!

Receive Real-Time & Monthly WindowsNetworking.com article updates in your mailbox. Enter your

email below!

Click for Real-Time sample & Monthly sample

Become a WindowsNetworking.com member!

Discuss your network issues with thousands of other network administrators. Click here to join!

Community Area

Log in | Register

Featur ed Freeware!


9


7/9

SolarWinds WMI Monitor monitors any Windows application or server, giving you amazing insight into

real-time performance.

Get your free copy today!

Admin KnowledgeBase


Cloud Computing

Common for all OSes

Dial up Networking, ICS, RAS, ADSL

General NetworkingNetwork Protocols

Network Troubleshooting

Product Reviews

VoIP

Windows 7

Windows 2000

Windows 2003

Windows 95/98/ME

Windows NT 4

Windows Server 2008

Windows VistaWindows XP

Wireless Networking

Authors

Deb Shinder

Eric Geier

Brien M. Posey

David Davis

Mitch Tulloch

Robert J. Shimonski

Russell Hitchcock

Blogs

Free Tools

Hardware

Anti-Spam Hardware


9


8/9

Anti-Virus Hardware

Firewalls & VPN

Mail Archiving

Servers

Storage

Message Boards

Newsletter Signup

RSS Feed

Services

SharePoint Hosting

Software

Active Directory Management

Administration tools / Ping & trace utils

Backup software

Data recovery software

Database server software

DNS servers

Email archiving

Free ToolsHelp desk software

IP Address Management

IP PBX Servers

Misc. network administrator tools

Network Configuration Management

Network inventory software

Network Mapping

Network monitoring / management

Network Traffic Monitoring

Patch Management

Remote control softwareSharePoint Tools

Software distribution and metering

Storage and quota software

Terminal Servers

Thin Client Servers

Web content management servers

White Papers

IP PBX, SIP & VoIP FAQ Sponsored by 3CX

Featured Pr oducts

Readers' Choice

Which is your pr eferr ed data r ecovery solution?

Acronis True Image Enterprise Server

Active@ File Recovery

Altaro Backup FS for Servers

EMC NetWorker

Quest Object Restore for Active Directory

RecoverMyFiles

R-Studio Network

ShadowProtect Server Edition

Symantec Backup Exec System Recovery Server Edition


9


9/9

TimeData for NTFS

Other

TechGenix Sites

ISAserver.orgThe No.1 Forefront TMG / UAG and ISA Server resource site.

MSExchange.org

The leading Microsoft Exchange Server 2010 / 2007 / 2003 resource site.

WindowSecurity.com

Network Security & Information Security resource for IT administrators.

VirtualizationAdmin.com

The essential Virtualization resource site for administrators.

Admin KnowledgeBase


Authors

Blogs

Free Tools

Hardware

Links

Message Boards

Newsletters

RSSSoftware

White Papers

About Us : Email us : Product Submission Form : Advertising Information

WindowsNetworking.com is in no way affiliated with Microsoft Corp. *Links are sponsored by

advertisers.

Copyright 2011 TechGenix Ltd. All rights reserved. Please read ourPrivacy Policy andTerms &

Conditions.


using nslookup for dns server diagnosis

Documents