Querying DNS with
Nslookup
Nslookup is a
command-line tool provided in most operating systems, including the
Windows Server 2003 family. It offers the ability to perform query
testing of DNS servers and to obtain detailed responses at the command
prompt. This information can be useful for diagnosing and solving name
resolution problems, for verifying that resource records are added or
updated correctly in a zone, and for debugging other server-related
problems.
Nslookup can be run
either as a simple command executed once (noninteractive mode) or as a
program that accepts serial commands and queries (interactive mode).
Performing Simple
Queries
You can use Nslookup in
noninteractive mode to determine the IP address(es) associated with a
single host name. For example, the following command executed at the
command prompt returns the IP addresses associated with the fully
qualified domain name (FQDN) www.microsoft.com:
C:\>nslookup www.microsoft.com
The following sample output is generated from this
command:
C:\>nslookup www.microsoft.com
Server: localhost
Address: 127.0.0.1
Non-authoritative answer:
Name: www.microsoft.akadns.net
Addresses: 207.46.230.220, 207.46.197.102, 207.46.197.100, 207.46.230.218
Aliases: www.microsoft.com
To resolve the
query, the Nslookup utility submits the name to the DNS server specified
for the primary connection on the local client computer. This DNS
server can then answer the query from its cache or through recursion.
If you would like
to troubleshoot a specific DNS server instead of the one specified for
the primary connection on the local client computer, you can specify
that DNS server in the Nslookup command. For example, the following
command executed at the command prompt queries the DNS server at
207.46.123.2 for the name www.microsoft.com:
C:\>nslookup www.microsoft.com 207.46.138.20
You can also use
Nslookup to resolve IP addresses to host names. For example, the
following command executed at the command prompt returns the FQDN
associated with the address 207.46.230.220, as shown in this output:
C:\>nslookup 207.46.249.222
Server: localhost
Address: 127.0.0.1
Name: www.microsoft.com
Address: 207.46.249.222
Note
Reverse lookups
rely on pointer (PTR) resource records configured in reverse lookup
domains. Reverse lookup domains are not available for all Internet
hosts. |
Using Interactive
Mode
If you need to resolve
more than a single host name or IP address, or if you want to
troubleshoot DNS by performing various functions, you can use Nslookup
as an interactive program. To enter interactive mode, simply type nslookup at the
command prompt and press Enter.
In interactive mode, Nslookup accepts commands
that allow the program to perform a variety of functions, such as
displaying the specific contents of messages included in DNS exchanges,
simulating a zone transfer, or searching for any or all records of a
specific type at a given server. These commands can be displayed by
entering the Help or ? command, as shown in Figure 1.
Exploring
Nslookup Options
When in interactive mode,
you can also use the Set command to configure Nslookup options that
determine how the resolver carries out queries. For example, Nslookup
can be set to Debug or Nodebug. By default, the Nodebug option is
enabled, but when you enable the Debug option by using the Set Debug
command, Nslookup enters Debug mode. In Debug mode, Nslookup displays
the DNS response messages communicated from the DNS server.
Important
Commands
entered in Nslookup interactive mode are case-sensitive and must be
typed in lowercase. |
You can view the
options currently configured for Nslookup by running the Set All
command, as shown in Figure 2.
Table 1 describes the most common options configured with the Set
command.
Table 1. Command-Line Options Available with
Set
| Option | Purpose |
|---|
| set all | Shows
the configuration status of all options. |
| set [no]debug | Puts
Nslookup in Debug mode. With Debug mode turned on, more information is
printed about the packet sent to the server and the resulting answer. |
| set [no]d2 | Puts
Nslookup in Verbose Debug mode so you can examine the query and
response packets between the resolver and the server. |
| set domain=<domain name> | Tells the resolver
which domain name to append for unqualified queries, including all
queried names not followed by a trailing dot. |
| set timeout=<time-out value> | Tells
the resolver which time-out value to use, in seconds. This option is
useful for slow links where queries frequently time out and the wait
time must be lengthened. |
| set type=<record
type> or set querytype=<record
type> or set q=<record type> | Tells
the resolver which type of resource records to search for (for example,
A, PTR, or SRV). If you want the resolver to query for all types of
resource records, type set type=all. |
The next section
describes how to perform common tasks by using Nslookup in interactive
mode.
Looking Up
Different Data Types
By default, names queried for in Nslookup return
only matching host address (A) resource records. To look up different
data types within the domain namespace, use the Set Type or Set
Querytype (Set Q) command at the command prompt. For example, to query
for mail exchanger (MX) resource records only instead of A resource
records, type set q=mx, as shown
here:
C:\>nslookup
Default Server: localhost
Address: 127.0.0.1
set q=mx
> microsoft.com
Server: localhost
Address: 127.0.0.1
Non-authoritative answer:
microsoft.com MX preference = 10, mail exchanger = mailc.microsoft.com
microsoft.com MX preference = 10, mail exchanger = maila.microsoft.com
microsoft.com MX preference = 10, mail exchanger = mailb.microsoft.com
microsoft.com nameserver = dns1.cp.msft.net
microsoft.com nameserver = dns1.tk.msft.net
microsoft.com nameserver = dns3.uk.msft.net
microsoft.com nameserver = dns1.dc.msft.net
microsoft.com nameserver = dns1.sj.msft.net
mailc.microsoft.com internet address = 131.107.3.121
mailc.microsoft.com internet address = 131.107.3.126
maila.microsoft.com internet address = 131.107.3.124
maila.microsoft.com internet address = 131.107.3.125
mailb.microsoft.com internet address = 131.107.3.122
mailb.microsoft.com internet address = 131.107.3.123
dns1.cp.msft.net internet address = 207.46.138.20
dns1.tk.msft.net internet address = 207.46.245.230
dns3.uk.msft.net internet address = 213.199.144.151
dns1.dc.msft.net internet address = 64.4.25.30
dns1.sj.msft.net internet address = 65.54.248.222>
To query for a
record of any type, execute the Nslookup command Set q=any. |
The first time a query is
made for a remote name, the answer is authoritative, but subsequent
queries are nonauthoritative. This pattern appears for the following
reason: The first time a remote host is queried, the local DNS server
contacts the DNS server that is authoritative for that domain. The local
DNS server then caches that information so that subsequent queries are
answered nonauthoritatively out of the local server’s cache.
Querying Another
Name Server Directly
To query another
name server directly, use the Server or Lserver commands to switch to
that name server. The Lserver command uses the local server to get the
address of the server to switch to, whereas the Server command uses the
current default server to get the address.
After you execute either
of these commands, all subsequent lookups in the current Nslookup
session are performed at the specified server until you switch servers
again. The following lines illustrate such a server switch:
C:\> nslookup
Default Server: nameserver1.lucernepublishing.com
Address: 10.0.0.1
server nameserver2
Default Server: nameserver2.lucernepublishing.com
Address: 10.0.0.2
>
Using Nslookup to
View Zone Data
You can use
Nslookup to simulate a zone transfer using the Ls command, which is
useful to see all the hosts within a remote domain. The syntax for the
Ls command is as follows:
ls [- a | d | t type] domain [> filename]
Using Ls with no switches
returns a list of all address and name server data. The –a switch
returns alias and canonical names, –d returns all data, and –t filters
by type. The following lines present an example Ls output when this
command is used without switches:
>ls contoso.com
[nameserver1.contoso.com]
nameserver1.contoso.com. NS server = ns1.contoso.com
nameserver2.contoso.com NS server = ns2.contoso.com
nameserver1 A 10.0.0.1
nameserver2 A 10.0.0.2
>
Zone transfers can be
blocked at the DNS server so that only authorized addresses or networks
can perform this function. The following error is returned if zone
transfer security has been set:
*** Can't list domain <example>.: Query refused
Tip
For
the exam, you need to remember that the Ls command simulates a zone
transfer, and that zone transfers are restricted by default in Windows
Server 2003. To query a Windows Server 2003 DNS server with the Ls
command, be sure to allow zone transfers to the computer on which you
are running Nslookup. |
