A huge number of people use the internet, but very few understand how the internet works under the hood. Considering that there are around 1.74 billion websites registered online, we need an efficient system for sorting and storing connection details for each. While we technically connect to websites and servers via an IP address, remembering these number strings can be difficult, even for IT personnel. Instead, we use something called DNS records.
How does this relate to nslookups? The nslookup tool is a network administration command-line tool used for querying DNS records to obtain domain names or IP address mapping, or for any other specific records. It's a valuable resource for server testing and troubleshooting DNS issues. It's available on many operating systems including Windows, Linux, and macOS.
In this post, we’ll explore how the nslookup tool is used for, various nslookup modes, and some of the most common nslookup commands to note down for future use.
Introducing nslookup
A DNS record is stored on a DNS (Domain Name System) server, and every internet connection uses these servers to convert hostnames into IP addresses. This means that when you type www.fasthosts.co.uk, a DNS service will query its website database, and serve you an IP address for that website. Then, you can connect via internet protocol (IP) to the host server.
But when you are having problems with your DNS lookup service, one way to diagnose these problems is via the nslookup tool in Command Prompt.
nslookup is an abbreviation of name server lookup and allows you to query your DNS service. The tool is typically used to obtain a domain name via your command line interface (CLI), receive IP address mapping details, and lookup DNS records. This information is retrieved from the DNS cache of your chosen DNS server.
There are two primary functions included with nslookup. The first is DNS lookup, whereby you enter a domain URL and retrieve the corresponding server IP address. You can also reverse this process and enter an IP address to retrieve the corresponding domain URL.
Is nslookup a DNS?
No, it’s a command line used to lookup things within a DNS such as records, IPs and more. It “requests” information from the DNS for a user to debug and troubleshoot issues if they arise, among other things which we’ll explore below.
nslookup vs ping – are they the same thing?
nslookups and ping aren’t the same. The former is a command-line tool primarily used for querying DNS to obtain information, but ping is used to test the reachability of a host on an IP network, as well as measure the round-trip time for messages sent from your host to a destination computer or server (such as a Virtual Private Server).
nslookup modes
There are two operating modes for nslookup, called non-interactive and interactive.
With non-interactive, the nslookup tool inspects the address entries in your DNS servers cache. These entries are known as resource records. You can only retrieve the current DNS server you are using, and then the domain URL and IPv4/IPv6 addresses in this mode. This is the default mode when performing a simple lookup without additional parameters.
Then we have interactive. This mode is used to query nameservers for information on hosts and domains, or print a full list of hosts for that specific domain. An interactive session is persistent in the Command Prompt window, meaning you can type commands for nslookup without having to specify that you want to use nslookup at the beginning of each command.
Testing non-interactive mode
Please note, this guide was written using Windows 10 v2004. Linux and macOS also support nslookup, but we are focusing on Windows in this guide.
Let us try our first nslookup command. This will be in non-interactive mode.
To open Command Prompt, press the Windows Key + R to open run. Type cmd and press Enter on the keyboard. You will see a Command Prompt window appear.
Now we can test nslookup. Start by typing nslookup www.google.co.uk. This will ask nslookup to query Google’s UK servers in non-interactive mode.
You should see a similar result in your Command Prompt window:
C:\Users\Fasthosts>nslookup www.google.co.uk
Server: one.one.one.one
Address: 2606:4700:4700::1111
Non-authoritative answer:
Name: www.google.co.uk
Addresses: 2a00:1450:4009:806::2003
216.58.204.3
Let us dissect this result.
The DNS server used was 1.1.1.1, which is hosted by Cloudflare. We can see that the IPv6 address for that DNS server is 2606:4700:4700::1111.
As mentioned earlier, basic nslookup commands pull data from the DNS server cache. The message Non-authoritative answer proves this, as the data was not taken directly from the server that actually hosts the data.
Next, we have the website URL which we typed earlier.
You can see that the Google server IPv4 address was 216.58.204.3, and the IPv6 address was 2a00:1450:4009:806::2003.
This is all the information you can get with the most basic nslookup command.
Using a different DNS server in non-interactive mode
To use a different DNS server, you would type the following:
nslookup www.google.co.uk 8.8.8.8
The syntax is nslookup <nameserver URL> <DNS server IP address>
In this case, we used Google’s DNS server 8.8.8.8, and got the following result:
Server: dns.google
Address: 8.8.8.8
Non-authoritative answer:
Name: www.google.co.uk
Addresses: 2a00:1450:4009:80f::2003
216.58.213.99
You may be wondering, why is the IP address different? This is simply because the DNS servers have different records saved. You will notice that both IP addresses work if you copy them into your browser, so in this case, it isn’t a problem.
In some instances, this can be a problem, however. If you change your website’s static IP address, presuming you have a single hosting server, an incorrect DNS record can render your website inaccessible. In this case, you would need to flush the DNS cache for that specific domain name to force a refresh on the DNS server. Google offers a DNS flushing service isolated to a single domain name. Fasthosts also offers DNS flushing within the Control Panel, as detailed in our guide to using Fasthosts name servers here.
Interactive mode for nslookup
Interactive mode allows you to create a persistent nslookup session with more advanced functionality. To do this, simply type nslookup into your Command Prompt window.
Now you can type commands without needing to type nslookup first.
Common interactive mode commands
Find mail exchange nameservers
Let’s try setting the nameserver type that we will request to an MX (mail exchange) server.
Type the following into your Command Prompt window:
Set type=MX
You will not see a response, but this has set nslookup to query for MX servers.
Now type:
gmail.com
You should see similar to the following appear:
Non-authoritative answer:
gmail.com MX preference = 10, mail exchanger = alt1.gmail-smtp-in.l.google.com
gmail.com MX preference = 40, mail exchanger = alt4.gmail-smtp-in.l.google.com
gmail.com MX preference = 30, mail exchanger = alt3.gmail-smtp-in.l.google.com
gmail.com MX preference = 20, mail exchanger = alt2.gmail-smtp-in.l.google.com
gmail.com MX preference = 5, mail exchanger = gmail-smtp-in.l.google.com
Here you can see the server addresses for every mail exchange server used by gmail.com. The MX preference attribute shows us the preferred server, which is alt4 in this case.
Get an authoritative response
Now change your server type to a standard of authority (SOA) by typing:
set type=soa.
This will force the DNS server to return a response from the authoritative DNS server.
Now find out the primary name server by typing:
google.co.uk
The trimmed result is:
primary name server = ns1.google.com
Now type:
google.co.uk ns1.google.com
The result:
Server: ns1.google.com
Addresses: 2001:4860:4802:32::a
216.239.32.10
google.co.uk
primary name server = ns1.google.com
responsible mail addr = dns-admin.google.com
serial = 322751975
refresh = 900 (15 mins)
retry = 900 (15 mins)
expire = 1800 (30 mins)
default TTL = 60 (1 min)
Now you have the most recent and up-to-date records for google.co.uk. You can rely on this due to the authoritative nature of the response, where non-authoritative may be outdated or incorrect.
Other common nslookup commands and switches
The nslookup tool can be used with several commands in addition to the above to troubleshoot issues with a network and/or server. Here are some of the most commonly used commands and switches:
1. Lookup a domain's IP address:
nslookup “webaddress.com”
2. Lookup IP address' domain name:
nslookup XXX.XXX.XXX.XXX
(*Replace "XXX.XXX.XXX.XXX" with the IP address you want to lookup.*)
3. Set a DNS server to use for your nslookup queries:
nslookupserver XXX.XXX.XXX.XXX
(*Replace "XXX.XXX.XXX.XXX" with the IP of the DNS server you want to use.*)
4. Query a specific DNS record type:
nslookup -query=type webaddress.com
(*Replace "type" with the DNS record type such as A, MX, CNAME, NS, etc.*)
5. Perform reverse lookup:
nslookup -type=PTR XXX.XXX.XXX.XXX
(*Replace "XXX.XXX.XXX.XXX" with the IP address you want to do a reverse lookup for.*)
6. Lookup mail exchange servers for a domain:
nslookup -query=MX webaddress.com
7. Lookup name servers for a domain:
nslookup -query=NS webaddress.com
8. Change default timeout value:
nslookup -timeout=X webaddress.com
(*Replace "X" with the timeout value you want to set.*)
9. Command to exit nslookup:
exit
Remember to replace "webaddress.com" with your own domain name and "XXX.XXX.XXX.XXX" with your specific IP address in the examples above. Read more about CNAME and ALIAS records in our helpful guide.
Join the Fasthosts domain
Web hosting can be complicated, but Fasthosts keeps things simple. We offer dedicated servers that automatically use our in-house nameservers to minimise latency during DNS lookups.
Enter the Fasthosts domain by contacting our friendly sales team on 0808 1686 777, or email us at sales@fasthosts.co.uk.
