Your website’s down. DNS issues? Maybe. You need answers fast. That’s where nslookup command comes in. This command-line tool queries DNS servers and retrieves domain information in seconds. It’s been around since the early internet days, and it’s still the go-to diagnostic tool for network administrators worldwide.
We’ll show you how to use nslookup for DNS troubleshooting, reverse lookups, and record verification. No fluff, just practical examples you can use right now.
DNS Lookup Tool Explained
nslookup stands for “name server lookup”. It’s a command-line utility that queries DNS servers to retrieve domain information. You can think of it as a direct line to the internet’s phonebook.
When you type a domain name into your browser, DNS servers translate that name into an IP address. nslookup lets you peek behind the curtain and see this translation process in action.
The tool works on Windows, Linux, and macOS. It’s already installed on most systems. Open Command Prompt on Windows or Terminal on Linux/macOS, type “nslookup” and you’re in.
Here’s what you can use it for:
- Find a domain’s IP address instantly
- Perform reverse DNS lookups from IP to domain
- Query specific DNS record types
- Verify nameserver configurations
Unlike ping, which checks if a server responds to network requests, nslookup focuses exclusively on DNS queries. It doesn’t verify connectivity, just DNS resolution.
DNS Troubleshooting with Nslookup
DNS problems break websites. Fast. nslookup helps you diagnose these issues before they escalate.
Let’s say your website isn’t loading. First, check if the DNS server can resolve your domain:
nslookup yourdomain.comIf this returns an IP address, DNS resolution works. If you see an error, your DNS server can’t find the domain.
Next, test a specific DNS server. Maybe your local DNS is down, but Google’s public DNS works fine:
nslookup yourdomain.com 8.8.8.8This queries Google’s DNS server directly. If it works here but not with your default DNS, you’ve isolated the problem.
Common DNS troubleshooting scenarios:
- DNS server failure – no response to queries
- Incorrect nameserver configuration – wrong NS records
- DNS propagation delays – new records not yet updated
- Cached outdated records – resolver serving old data
To check nameservers, use:
nslookup -type=ns yourdomain.comThis returns all nameservers for your domain. Verify these match what you configured with your domain registrar.
Essential Nslookup Commands List
nslookup offers several commands for different DNS queries. Here’s what you need to know.
Basic Commands
name – Shows domain information using your default DNS server
server name – Changes the default DNS server to a different one
root – Sets the root server as your default
exit – Quits nslookup and returns to command line
Record Type Queries
set type=A – Query A records (IPv4 addresses)
set type=AAAA – Query AAAA records (IPv6 addresses)
set type=MX – Query MX records (mail servers)
set type=CNAME – Query CNAME records (aliases)
set type=PTR – Query PTR records (reverse DNS)
set type=SOA – Query SOA records (authoritative info)
set type=ANY – Display all available records
Advanced Options
set debug – Shows detailed debugging information
set recurse – Forces DNS server to query other servers if needed
help – Lists all available commands
How to Use Nslookup Command
nslookup runs in two modes: interactive and non-interactive. Pick the one that fits your needs.
Non-Interactive Mode
This is your quick lookup mode. One command, one result. Perfect for scripts and single queries.
Syntax: nslookup [domain] [dns-server]
Example:
nslookup google.comThis returns Google’s IP address using your default DNS server.
Want to use a specific DNS server? Add it:
nslookup google.com 1.1.1.1This queries Cloudflare’s DNS server (1.1.1.1) instead of your default.
Interactive Mode
Interactive mode lets you run multiple queries without retyping “nslookup” every time. Just type:
nslookup
The prompt changes to >. Now you can enter domains, switch servers, and change query types.
Example session:
> google.com> server 8.8.8.8> set type=mx> google.comThis checks Google’s IP, switches to Google’s DNS server, changes to MX record queries, then checks Google’s mail servers.
Platform-Specific Usage
Windows: Open Command Prompt (cmd) and type nslookup
Linux: Open Terminal and type nslookup
macOS: Open Terminal and type nslookup
The commands work identically across all platforms. The only difference is how you access the command line.
Understanding DNS Record Types
DNS records contain different types of information. Each record type serves a specific purpose.
A Record
Maps a domain name to an IPv4 address. This is the most common DNS record.
nslookup -type=a example.comReturns: 93.184.216.34
AAAA Record
Same as A record, but for IPv6 addresses instead of IPv4.
nslookup -type=aaaa example.comReturns: 2606:2800:220:1:248:1893:25c8:1946
CNAME Record
Creates an alias from one domain to another. Useful for subdomains.
nslookup -type=cname www.example.comReturns: www.example.com canonical name = example.com
MX Record
Specifies mail servers responsible for receiving email for the domain.
nslookup -type=mx example.comReturns: mail exchanger = 10 mail.example.com
The number (10) is the priority. Lower numbers = higher priority.
PTR Record
Maps an IP address to a domain name. Used for reverse DNS lookups.
nslookup 142.250.4.113Returns: 113.4.250.142.in-addr.arpa name = sm-in-f113.1e100.net
SOA Record
Contains authoritative information about the domain including admin email, serial number, and refresh intervals.
nslookup -type=soa example.comReturns detailed zone information and the primary nameserver.
Authoritative vs Non-Authoritative Answers
When nslookup returns results, you’ll often see “non-authoritative answer” in the output. This is not an error. It’s just telling you where the information came from.
Non-Authoritative Answers
These come from your DNS resolver’s cache. Your internet service provider’s DNS server stores recent lookups to speed up future requests.
When you query a domain, your resolver checks its cache first. If the record exists there, it returns a non-authoritative answer.
Problem: cached data might be outdated. If you changed your domain’s DNS records recently, the cache might still show old information.
Authoritative Answers
These come directly from the domain’s authoritative nameserver. This is the source of truth for the domain’s DNS records.
To get an authoritative answer:
1. Find the authoritative nameserver:
nslookup -type=soa example.com2. Query that nameserver directly:
nslookup example.com ns1.example.comNow you’re getting fresh data straight from the source. No cache involved.
When troubleshooting DNS propagation issues, always get authoritative answers. They show you the current state of your DNS records, not cached versions.
Reverse DNS Lookup Guide
Reverse DNS lookup does the opposite of a normal lookup. Instead of finding an IP address from a domain name, it finds a domain name from an IP address.
This is critical for email servers. Many mail servers reject emails from IP addresses without proper reverse DNS records. It’s an anti-spam measure.
How to Perform Reverse DNS Lookup
Just type nslookup followed by the IP address:
nslookup 8.8.8.8Returns: dns.google
The system automatically detects you entered an IP address and performs a reverse lookup.
Verifying PTR Records
PTR records make reverse DNS possible. They’re stored in special DNS zones that use reversed IP addresses.
For IP 192.0.2.1, the PTR record exists at:
1.2.0.192.in-addr.arpa
To check if your mail server has a proper PTR record:
nslookup your-mail-server-ipYou should see your mail server’s hostname. If you don’t, your PTR record isn’t configured.
Common Use Cases
- Email server verification – confirming IP matches hostname
- Security analysis – identifying suspicious IP addresses
- Network troubleshooting – verifying proper DNS configuration
- Log analysis – resolving IP addresses in server logs
Nslookup vs Ping: Key Differences
People often confuse nslookup and ping. They’re both network diagnostic tools, but they serve different purposes.
What Nslookup Does
Queries DNS servers only. It resolves domain names to IP addresses and retrieves DNS records. That’s it.
nslookup doesn’t test network connectivity. It doesn’t verify if a server is online or accepting connections.
What Ping Does
Tests network connectivity. It sends ICMP packets to a target and measures response time.
Ping does perform DNS resolution as a first step, but its primary function is checking if a host is reachable.
When to Use Ping vs When to Use nslookup
Use nslookup when:
- You need to check DNS records
- You’re troubleshooting DNS resolution issues
- You want to verify nameserver configurations
- You need to query specific record types
Use ping when:
- You want to test if a server is online
- You need to measure network latency
- You’re checking for packet loss
- You want to verify basic network connectivity
Practical Example
Website won’t load. Here’s how to diagnose:
1. Run nslookup example.com
Does it return an IP? Yes? DNS works. No? DNS problem.
2. Run ping example.com
Does it get replies? Yes? Server’s online. No? Server or network problem.
See the difference? nslookup checks name resolution. Ping checks connectivity.
Nslookup Command Modes
We touched on this earlier, but let’s break down the two modes in detail.
Interactive Mode Benefits
Perfect for:
- Running multiple queries in one session
- Testing different DNS servers
- Switching between record types
- Deep troubleshooting sessions
Start interactive mode:
nslookupYou’ll see:
Default Server: [your DNS server]
Address: [DNS server IP]
>
Now you’re in. Type commands one per line:
> set type=mx> google.com> set type=a> yahoo.com> exitNon-Interactive Mode Benefits
Perfect for:
- Quick single lookups
- Automation and scripting
- Command-line one-liners
- Integration with other tools
Syntax: nslookup [options] [domain] [dns-server]
Examples:
nslookup -type=mx example.comnslookup example.com 8.8.8.8nslookup -type=ns example.com 1.1.1.1Each command runs independently. You get the result and return to your normal command prompt.
Nslookup and DNS Relationship
Let’s clear up a common misconception: nslookup is not DNS itself.
DNS is the Domain Name System, the distributed database that stores all domain information across millions of servers worldwide.
nslookup is a client tool that queries DNS servers. Think of it as a web browser for DNS records. Your browser isn’t the web, it just accesses it. Same deal here.
How They Work Together
When you run nslookup:
1. It sends a query to a DNS server
2. The DNS server processes the request
3. The server returns the requested information
4. nslookup displays the results
That’s it. nslookup doesn’t store DNS records. It doesn’t manage domains. It’s purely a query tool.
DNS Infrastructure Components
To understand nslookup’s role, here’s the DNS ecosystem:
- Authoritative nameservers – store actual DNS records
- Recursive resolvers – handle queries and cache results
- Root servers – top level of DNS hierarchy
- TLD servers – manage top-level domains (.com, .org, etc.)
nslookup interacts with all of these. It’s your window into the DNS infrastructure, letting you see what’s happening behind the scenes when you type a URL.
Want to troubleshoot DNS? nslookup is your first tool. Want to verify new records? nslookup. Need to check propagation? nslookup.
It’s simple, it’s powerful, and it’s already on your system. Master it, and you’ll solve DNS issues faster than most network administrators.
