You can use the nslookup command to query the Domain Name System (DNS) server and diagnose different issues with DNS. The most common reason to use nslookup
is to check for records. For example, you can use it to determine
whether an A or Host record exists for a specific hostname. If the
record exists, DNS can resolve it to an IP address. The basic syntax is
Figure 1 shows the results of two simple nslookup
queries. The first query looks for an A record for a server named Web1
to resolve it to an IP address. The second query looks for a PTR
(pointer) record to resolve the IP address to a host name. Both queries
succeed and return the desired information. Notice that the DNS server
that responded is dc1.pearson.pub, identified by name and IP address in
the first two lines after each query.
The following table outlines what is shown in Figure 1.
Using nslookup to Verify Records | Comments |
---|
c:\>nslookup
Default Server: dc1.pearson.pub
Address: 192.168.1.5
| This puts nslookup into interactive mode as a shell. It’s also possible to enter the complete nslookup command without entering interactive mode. It also identifies the name and IP address of the DNS server. |
> web1
Server: dc1.pearson.pub
Address: 192.168.1.5
| The
first part of the response is only related to DNS. Because the system
is configured with 192.168.1.5 as the IP address of the DNS server, nslookup shows that IP address. nslookup
also tries to do a reverse lookup to determine the name of the system
with that IP address.
If a PTR record exists in the reverse lookup zone, the query is
successful (as shown here), and it displays the name of the DNS server
(dc1.pearson.pub in the example). |
Name: web1.pearson.pub
Address: 192.168.1.41
| The
next part of the response queries DNS for an A or host record for the
host (web1 in this example). If a record exists, DNS gives the IP
address of the host. |
> 192.168.1.41
Server: dc1.pearson.pub
Address: 192.168.1.5
| The next example gives the IP address of a computer with the goal of getting the name.
As before, the first two lines provide information on the server that is answering. |
Name: web1.pearson.pub
Address: 192.168.1.41
| Because the DNS server includes a PTR record for the server, the response shows the IP address. |
Figure 2 shows the DNS console for the pearson.pub domain. Notice that an A (Host) record exists for web1.pearson.pub.
Pointer (PTR) records exist in the reverse lookup zone of a DNS console, and Figure 3 shows the reverse lookup zone in the pearson.pub domain. Notice the PTR record for dc1.pearson.pub exists. This allows the nslookup query to identify the name of the DNS server’s IP address.
Note
The reverse lookup zone is optional, and pointer
records are optional. You’ll see different results depending on whether
the reverse lookup zone exists and the PTR record exists within the
reverse lookup zone.
In contrast, the following listing shows the result if an A record doesn’t exist and if a PTR record doesn’t exist.
C:\Users\Administrator>nslookup
Default Server: dc1.pearson.pub
Address: 192.168.1.5
> web2
Server: dc1.pearson.pub
Address: 192.168.1.5
*** dc1.pearson.pub can't find web2: Non-existent domain
> 192.168.1.42
Server: dc1.pearson.pub
Address: 192.168.1.5
*** dc1.pearson.pub can't find 192.168.1.42: Non-existent domain