Remember the good old days when your Windows name resolution was Wins based? Okay, maybe those days weren’t so good. Okay, they were downright horrible, but that changed when Microsoft released Windows 2000 and migrated to the more standard TCP/IP protocol. This changed forced many NT administrators to update their networking knowledge and forced Microsoft to release of host of new tools to support the new communication system. Unfortunately, many network administrators failed to recognize the usefulness of these new tools and many tools fell through the cracks. Nslookup is one such tool. Released with Windows 2000 and later Windows versions, Nslookup is a command-line tool that lets you test and troubleshoot Domain Name System (DNS) resolution.

The job

Although DNS lets change the underlying IP address without changing the friendly name, there is always a chance the DNS server could have had difficulty in obtaining this update, or could just be running late. It’s also possible that your local system is using a cached version of this resolution. When such a situation occurs, you need to verify that your DNS server is resolving things correctly. This is just what the nslookup tool can do.

The tool

Released with Windows 2000 and later versions, Nslookup is a command-line tool that lets you test and troubleshoot Domain Name System (DNS) resolution. To start nslookup, open a command prompt and enter nslookup, see Figure A. Nslookup will display the machine’s default DNS server and IP address. You can now enter nslookup commands. Enter help at the nslookup prompt for a quick list of commands.


Figure A
Nslookup screenshot
To enter the interactive mode of nslookup, type in the nslookup command with no options. While in interactive mode you have many more options available to you. To quit interactive mode, type exit on a line by itself and press enter.


Click here to see more screenshots of nslookup in action.

By default, nslookup uses whatever your default DNS server is to test your resolution, but you can choose a different DNS server to test your resolution. This allows you to verify if an error is on the server, if there is a widespread resolution error, or if the server is possibly down. Nslookup will also display the various types of DNS records, not just primary (A) records, or all records for a domain.

Putting nslookup to the test

Querying you local Active Directory domain is a great way to use nslookup. This will give the IP address of all of your domain controllers. You can also run this on a sub domain to see the domain controllers for that domain. You can also retrieve MX records from domains with nslookup. An MX record is the mail exchanger record. This is where your mail server will deliver its mail to that domain. If you are having mail delivery issues, you should run this test first. By looking at the MX records you retrieve from your DNS servers and comparing that to the MX records returned from other DNS servers, you can determine if your servers are delivering mail to the same IP addresses. With this knowledge you will know if your mail delivery issue is DNS related or not.

The Right Tool for the Job?

On many *Nix systems nslookup has been mostly replaced by DIG. Unfortunately, this tool is an exotic beast on Windows. While DIG is a wonderful tool, nslookup is plenty powerful for most of your DNS resolution errors. It provides a fairly rich feature set that gives you a (due to it’s inclusion in Windows) quick and easy way to verify resolution. Due in large part to its inclusion in Windows nslookup is quite often the Right Tool for the Job.