Using the nslookup Command to Troubleshoot Name Resolution Issues

March 27, 2008

The nslookup command is yet another simple one available with all TCP/IP implementations.  Its purpose is to query a DNS name server to find out the name registration information for a particular host. By using nslookup, you can find out whether the address that is associated with the computer’s hostname is accurate. This can be handy for troubleshooting if you are trying to use one of the TCP/IP utilities, such as FTP or Telnet, to reach a particular host by name, yet find that you cannot establish a connection or that the remote system is not the one you thought it would be.

This utility can be run in two different modes. First, you can specify all the commands on a command line and get a result returned from a DNS name server (noninteractive mode). Second, you can enter “batch” mode (called interactive mode by Microsoft) and issue several commands in a row to the server. The basic syntax for the command in Windows operating systems is: nslookup [ -option …] [computer-to-find | – server]]

 Options you can use with this command are:

Computer-to-find: Specifies the name of the computer whose name you want to look up.
Server: Specifies a DNS name server other than the default server configured on the client.

For example:

C:> nslookup www.twoinc.com

This command sends an inquiry to the default DNS server. If information is received, it will print the name of the server that the information is from and then print the IP address of the server you inquired about. For example:

C:> nslookup www.twoinc.com
Server: home8.qwest.bellatlantic.net

Non-authoritative answer:
Name: www.twoinc.com

In this example, you can also see that the server that gave the response indicates that it is a non-authoritative answer. This means that the server is not the server that actually holds the domain name record for this domain, but has cached the name locally. The record for the domain is located elsewhere in the DNS hierarchy.

The nslookup command also enables you to enter several options on the command line or to use these features from within the interactive environment. When it’s used on the command line, precede each option with a minus (-) sign. The options and values that can be used with Windows NT through Windows 2003 Servers are listed here:

Help: Displays help text.
Exit: Exits nslookup when interactive mode.
Finger [username] [> filename] [>> filename]: Connects to the current finger server and looks up a username. You can specify a filename for the output.
ls [option] dnsdomain [> filename]  |  [>> filename]: Lists information about a domain. Generally, this includes computer names and addresses. Suboptions to this command allow you to get other information.
lserver dnsdomain: Uses the initial server to retrieve information about dnsdomain.
root: Sets the current default server to be the root server.
Server dnsdomain: Uses the current server to retrieve information about dnsdomain.
set keyword=[value]: Changes configuration settings about how nslookup works.
set all: Displays current configuration settings for the nslookup utility and shows information about the default server.

There are many set commands you can use to customize the way nslookup works. Using nslookup in interactive mode enables you to perform multiple hostname lookups without having to retype the nslookup command. Use the exit command to exit interactive mode.

%d bloggers like this: