nslookup command : Verifying DNS name resolution

Table of Contents

1

What is the nslookup command?

Normally, IP address queries to DNS servers are done automatically; users are not aware of queries to DNS servers when viewing Web sites with a Web browser or sending and receiving e-mail with e-mail software.

Although we are not usually aware of it, we may have to verify the registration of resource records on DNS servers or manually query DNS servers when DNS behavior is not correct due to some failure or misconfiguration of DNS servers.

The nslookup command allows you to manually query the DNS server for an IP address.

Mode of the nslookup command

The nslookup command has two modes

non-interactive mode
interactive mode

The non-interactive mode specifies arguments such as hostname and option specifications directly after the nslookup command. The command then exits as soon as the results are displayed.

On the other hand, the interactive mode does not terminate execution of a command after a single query, but allows successive queries one after another. At that time, you can specify options and switch the DNS servers to query. To run interactive mode, enter only the nslookup command. Then you will see only “>”, indicating that you are in interactive mode. To exit from the interactive mode, type “exit” or “Ctrl+C”.

Figure: nslookup non-interactive and interactive modes

Example of nslookup command

The nslookup command has many options and can perform a variety of queries to the DNS servers. The following example of querying the following resource records in interactive mode is explained.

A record
PTR record
MX record
NS record

IP addresses and hostnames in the following examples are current at the time of writing, and are subject to change.

Example of A Record query

The A record contains the IP address for the hostname, and the most common query to a DNS server is an A record query. The following is an example of an A record query for www.google.co.jp.

C:\Users\gene>nslookup
既定のサーバー:  UnKnown
Address:  192.168.1.1

> www.google.co.jp
サーバー:  UnKnown
Address:  192.168.1.1

権限のない回答:
名前:    www.google.co.jp
Addresses:  2404:6800:4004:80c::2003
          172.217.25.227

“Server” and “Address” are the DNS servers being queried. “Server” is Unknown because the hostname of the DNS server is unknown. Since the DNS server to be queried is not specified, the information of the DNS server configured on the PC is displayed. In a home network, it is usually the IP address of the broadband router.

The part below that is the result of the query. The “unauthorized response” indicates that the information is not registered with the DNS server that made the query, but with another DNS server. “Name” is the host name of the server and “Addresses” is the corresponding IP address. And the corresponding IP addresses are IPv4 address “172.217.25.227” and IPv6 address “2404:6800:4004:80c::2003”.

Example of PTR record query

A PTR record is information about the host name corresponding to an IP address. When a server receives some request from a client, it may know the IP address of the client but not the hostname. In such cases, the PTR record can be queried to find out the hostname information corresponding to the IP address.

DNS servers do not always have PTR records registered; some DNS servers do not have PTR records registered.

The nslookup command automatically determines whether it is an A record query or a PTR record query; for a PTR record query, simply specify the IP address. Let’s try a PTR record query by specifying the IP address that we looked up in the A record of www.google.co.jp earlier.

C:\Users\gene>nslookup
既定のサーバー:  UnKnown
Address:  192.168.1.1

> 172.217.25.227
サーバー:  UnKnown
Address:  192.168.1.1

名前:    nrt12s14-in-f227.1e100.net
Address:  172.217.25.227

You can see that it is “nrt12s14-in-f227.1e100.net” as the hostname for “172.217.25.227”. There are actually several Google web servers, each with its own hostname and IP address. The hostname for the grouping of a number of web servers is “www.google.co.jp”.

Example of MX record query

An MX record is a registration of information about the mail server.E-mails are forwarded from mail server to mail server. An MX record query is performed to find out information about the forwarding mail server. The following is an example of an MX record query for the domain “n-study.com”.

C:\Users\gene>nslookup
既定のサーバー:  UnKnown
Address:  192.168.1.1

> set tyep=MX
> n-study.com
サーバー:  UnKnown
Address:  192.168.1.1

権限のない回答:
n-study.com     MX preference = 50, mail exchanger = mx01.lolipop.jp

The “set type=MX” changes the query to query MX records. Then, when you enter a domain name, a query is made for the MX record for the domain name you entered. The domain name is the part of the e-mail address to the right of @. The mail server information for the specified domain will then be displayed.

Multiple mail server information can be registered. The “MX preference” indicates the priority of multiple mail servers. The higher the value, the higher the priority mail server.

The MX record gives the hostname of the mail server; to find out the IP address, a further query of the A record is made.

Example of NS record query

NS records contain information about the domain’s DNS servers, where NS stands for Name Server. The following is an example of an NS record query.

C:\Users\gene>nslookup
既定のサーバー:  UnKnown
Address:  192.168.1.1

> set type=NS
> n-study.com
サーバー:  UnKnown
Address:  192.168.1.1

権限のない回答:
n-study.com     nameserver = dns01.muumuu-domain.com
n-study.com     nameserver = dns02.muumuu-domain.com

The “set type=NS” changes the query to query NS records. Then, when you enter the domain name, it will query the NS records for the domain name you entered, and you will see that the DNS servers for n-study.com are the servers “dns01.muumuu-domain.com” and “dns02.muumuu-domain.com”.