NSLookup Reference
NSLookup Windows Reference Guide
List of commands and subcommands used by nslookup
(Identifiers shown in upper case, [] means optional)
- DOMAIN - print info about the host/domain using the default name server
- DOMAIN SERVER - as above, but use SERVER as the name server
- help or ? - prints this page (list of commands)
- set OPTION - set an option
- all - print options, current domain-name and name-server
- [no]debug - print debugging information
- [no]d2 - print exhaustive debugging information
- [no]defname - append domain name to each query
- [no]recurse - ask for recursive answer to query
- [no]search - use domain search list
- [no]vc - always use a virtual switch
- domain=NAME - set default domain name to NAME
- srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1, N2, etc..
- root=NAME - set root server to NAME
- retry=X - set number of retries to X
- timeout=X - set initial time-out interval to X seconds
- type=X - set query type (ex. A,ANY,CNAME,MX,NS,PTR,SOA,SRV)
- querytype=X - same as above
- class=X - set query class (ex. IN (Internet), ANY)
- [no]msxfr - Use MS fast zone transfer
- ixfrver=X - current version to use in IXFR transfer request
- server NAME - set default server to NAME, using current default server
- lserver NAME - set default server to NAME, using initial server
- finger [USER] - finger the optional NAME at the current default host
- root - set current default server to the root
- ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE)
- -a - list canonical names and aliases
- -d - list all records
- -t TYPE - list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.)
- view FILE - sort an 'ls' output file and view it with pg
- exit - exit the program
|
|
1. DOMAIN
The first command is used to look up the domain using the
default settings. For example
>elouai.com
Server: Unknown
Address: 66.82.4.8
Non-authoritive answer:
Name: elouai.com
Address: 64.246.1.38
|
Using the name server "66.82.4.8" it returns the results ...
"Non-authoritive answer", meaning cached copy of results for
the domain "elouai.com", is located at "64.246.1.38"
|
2. DOMAIN SERVER
Look up a given domain name (NAME1) using this name server (NAME2). See example below
>cnn.com ns1.webhostingcanada.org
Server: ns1.webhostingcanada.org
Address: 64.246.1.13
Non-authoritative answer:
Name: cnn.com
Address: 64.236.16.116, 64.236.24.4, 64.236.24.12, 64.236.24.20,
64.236.24.28, 64.236.16.20, 64.236.16.52, 64.236.16.84
|
We wished to look up the IP address of the domain name
cnn.com using the name server ns1.webhostingcanada.org to
find this information.
Since the domain name is not part of its zone list
it will always retrieve the IP address as a "Non-authoritative answer" (cached).
|
3. help or ?
Displays the list of commands used by nslookup
>help
Commands: (identifiers are shown in uppercase, [] means optional)
NAME - print info about the host/domain NAME using default server
NAME1 NAME2 - as above, but use NAME2 as server
help or ? - print info on common commands
set OPTION - set an option
all - print options, current server and host
[no]debug - print debugging information
[no]d2 - print exhaustive debugging information
[no]defname - append domain name to each query
[no]recurse - ask for recursive answer to query
[no]search - use domain search list
[no]vc - always use a virtual circuit
domain=NAME - set default domain name to NAME
srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc.
root=NAME - set root server to NAME
retry=X - set number of retries to X
timeout=X - set initial time-out interval to X seconds
type=X - set query type (ex. A,ANY,CNAME,MX,NS,PTR,SOA,SRV)
querytype=X - same as type
class=X - set query class (ex. IN (Internet), ANY)
[no]msxfr - use MS fast zone transfer
ixfrver=X - current version to use in IXFR transfer request
server NAME - set default server to NAME, using current default server
lserver NAME - set default server to NAME, using initial server
finger [USER] - finger the optional NAME at the current default host
root - set current default server to the root
ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE)
-a - list canonical names and aliases
-d - list all records
-t TYPE - list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.)
view FILE - sort an 'ls' output file and view it with pg
exit - exit the program
|
help or ? displays the list of commands understood by nslookup.
|
4.1. Options "set all"
Displays the default name server and last domain name queried.
Also displays the current state of the options, in the example below the
last lookup we did was for cnn.com.
>set all
Default Server: UnKnown
Address: 66.82.4.8
host = cnn.com
Address: 64.236.16.116, 64.236.24.4, 64.236.24.12, 64.236.24.20,
64.236.24.28, 64.236.16.20, 64.236.16.52, 64.236.16.84
Set options:
nodebug
defname
search
nod2
novc
noignoretc
port=53
type=A
class=IN
timeout=2
retry=1
root=A.ROOT-SERVERS.NET.
domain=
IXFRversion=1
srchlist=
|
First the default Name Server that we are using is displayed,
in this case its the "UnKnown" name server.
Next the last domain/host is displayed, in this case
its the domain cnn.com
Then the current settings of the options are displayed,
more detailed information is provided for each each subheading.
|
4.2. Options "set debug"
Turn on (or off) the debug display.
Retrieves a more comprehensive answer to the DNS query.
>set debug
>elouai.com
Server: UnKnown
Address: 66.82.4.8
------------
Got answer:
HEADER:
opcode = QUERY, id = 16, rcode = NOERROR
header flags: response, want recursion, recursion avail.
question = 1, answers = 1, authority records = 2, additional = 2
QUESTIONS:
elouai.com, type = A, class = IN
ANSWERS:
-> elouai.com
internet address = 64.246.1.38
ttl = 18958 (5 hours 15 mins 58 secs)
AUTHORITY RECORDS:
-> elouai.com
nameserver = ns2.ev1servers.net
ttl = 18958 (5 hours 15 mins 58 secs)
-> elouai.com
nameserver = ns1.ev1servers.net
ttl = 18958 (5 hours 15 mins 58 secs)
ADDITIONAL RECORDS:
-> ns1.ev1servers.net
internet address = 207.218.245.135
ttl = 166666 (1 day 22 hours 17 mins 46 secs)
-> ns2.ev1servers.net
internet address = 207.218.247.135
ttl = 166666 (1 day 22 hours 17 mins 46 secs)
------------
Non-authoritative answer:
Name: elouai.com
Address: 64.246.1.38
>set nodebug
>elouai.com
Server: UnKnown
Address: 66.82.4.8
Non-authoritative answer:
Name: elouai.com
Address: 64.246.1.38
|
To turn on the debug mode write "set debug",
to turn it off write "set nodebug".
One question was asked, "elouai.com, type = A, class = IN"
for the domain elouai.com, retrieve the A records for the Internet class
(the only practical class to lookup)
One answer, told to use the following authority records (2)
which resolve to the following IP addresses (Additional records)
|
4.3. Options "set d2"
Turn on (or off) the EXHAUSTIVE debug display.
Retrieves the complete dump of what is sent and received via the DNS requests.
>set d2
>elouai.com
Server: UnKnown
Address: 66.82.4.8
------------
SendRequest(), len 28
HEADER:
opcode = QUERY, id = 30, rcode = NOERROR
header flags: response, want recursion, recursion avail.
question = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
elouai.com, type = A, class = IN
------------
------------
HEADER:
opcode = QUERY, id = 30, rcode = NOERROR
header flags: response, want recursion, recursion avail.
question = 1, answers = 1, authority records = 2, additional = 2
QUESTIONS:
elouai.com, type = A, class = IN
ANSWERS:
-> elouai.com
type = A, class = IN, dlen = 4
internet address = 64.246.1.38
ttl = 28000 (7 hours 46 mins 40 secs)
AUTHORITY RECORDS:
-> elouai.com
type = NS, class = IN, dlen = 20
nameserver = ns2.ev1servers.net
ttl = 12879 (3 hours 34 mins 39 secs)
-> elouai.com
type = NS, class = IN, dlen = 6
nameserver = ns1.ev1servers.net
ttl = 12879 (3 hours 34 mins 39 secs)
ADDITIONAL RECORDS:
-> ns1.ev1servers.net
type = A, class = IN, dlen = 4
internet address = 207.218.245.135
ttl = 166666 (1 day 22 hours 17 mins 46 secs)
-> ns2.ev1servers.net
type = A, class = IN, dlen = 4
internet address = 207.218.247.135
ttl = 166666 (1 day 22 hours 17 mins 46 secs)
------------
Non-authoritative answer:
Name: elouai.com
Address: 64.246.1.38
|
To turn on the extensive debug mode write "set d2",
to turn it off write "set nod2" followed
by "set nodebug".
|
4.4. Options "set defname"
Appends the default DNS domain name to a single component request.
A single component request contains no periods.
>set defname
|
To turn on use, set defname or
set def.
To turn off use, set nodefname or
set nodef.
|
4.5. Options "set recurse"
Tells the domain name server to query other servers if it does not have the information.
>set norecurse
>charrua.ca
Server: ns.direcpc.com
Address: 66.82.4.8
Name: charrua.ca
Served by:
- MERLE.CIRA.ca
64.26.149.98
ca
- RELAY.CDNNET.ca
ca
- CLOUSO.RISQ.QC.ca
192.26.210.1
ca
- NS-EXIT.VIX.COM
ca
- NS1CIRA.ca
129.33.164.84
ca
- CA02.CIRA.ca
192.0.34.140
ca
- CA06.CIRA.ca
192.228.30.9
ca
>charrua.ca ns1cira.ca
Server: ns1cira.ca
Address: 129.33.164.84
Name: charrua.ca
Served by:
- ns1.webhostingcanada.org
charrua.ca
- ns2.webhostingcanada.org
charrua.ca
>charrua.ca ns1.webhostingcanada.org
Server: ns1.webhostingcanada.org
Address: 64.246.1.13
Name: charrua.ca
Address: 64.246.1.38
|
In the example to the left, we turn off recursion and then try to look up a
name that is not cached locally. we start off by typing charrua.ca,
We get a few other name servers that might now the answer, since our default name
server does not. We pick ns1cira.ca name server to look for the answer,
charrua.ca ns1cira.ca, this then lists the ns server
that has the authoritive answer. We try one more time, charrua.ca ns1.webhostingcanada.org,
and sure enough we finally get the A record (Address: 64.246.1.38)
To turn recursion back on, we type set recurse
Can also be written shorthand as "set rec" instead of "set recurse"
Also applies to "set norecurse", shortened to "set norec".
|
4.6. Options "set search"
Used in conjungtion with the search list. Toggles the
usage of this search list on or off.
>set search
|
To turn on use, set search or
set sea.
To turn off use, set nosearch or
set nosea.
|
4.7. Options "set vc"
Toggles the use of a Virtual Circuit (vc). Default setting is off (novc).
>set vc
|
To turn on use, set vc or
set v.
To turn off use, set novc or
set nov.
|
4.8. Options "set domain=NAME"
Set the default domain name (similar to the command server).
>set domain=ns1.ev1servers.net
|
Changes the default domain name to the "name" value specified.
The default domain name is appended to a lookup request,
depending on the state of the "defname" and "search" options.
The domain search list contains the parents of the default domain
if the search list has at least two components in its name.
For example, if the default domain is ns1.ev1servers.net,
the search list is ns1.ev1servers.net and ev1servers.net.
Use the "set srchlist" command to specify a different list.
Use the "set all" command to display the list.
|
4.9. Options "set srchlist=N1[N2/../N6]"
Changes the default domain name to the name specified by the N1..N6 parameters,
and changes the domain search list to those names specified.
Takes a maximum of six names ('/' seperator).
Use the set all command to display the list of names.
>set srchlist=ns.direcpc.com/ns1.ev1servers.net
|
In this example, the search list first tries to use the name
server "ns.direcpc.com" followed by "ns1.ev1servers.net".
|
4.10. Options "set root=HOST"
Changes the name of the root server to the name specified by the HOST parameter.
>set root=A.ROOT-SERVERS.NET
|
The root server by default is defined to be
"A.ROOT-SERVERS.NET".
|
4.11. Options "set retry=X"
Changes the number of times to retry quering a name server.
>set retry=2
|
Default retries is 1.
|
4.12. Options "set timeout=X"
Sets the initial time out value in seconds.
>set timeout=4
|
Default timeout value is 2 seconds.
|
4.13-14. Options "set type=X"
Set the name server query type. (A, ANY, CNAME, MX, NS, PTR, SOA, SRV).
>set q=mx
>elouai.com
Server: ns.direcpc.com
Address: 66.82.4.8
Non-authoritative answer:
elouai.com MX preference = 10, mail exchanger = mail.elouai.com
elouai.com nameserver = ns1.ev1servers.net
elouai.com nameserver = ns2.ev1servers.net
mail.elouai.com internet address = 64.246.1.38
ns1.ev1servers.net internet address = 207.218.245.135
ns2.ev1servers.net internet address = 207.218.247.135
>set q=ns
>elouai.com
Server: ns.direcpc.com
Address: 66.82.4.8
Non-authoritative answer:
elouai.com nameserver = ns1.ev1servers.net
elouai.com nameserver = ns2.ev1servers.net
ns1.ev1servers.net internet address = 207.218.245.135
ns2.ev1servers.net internet address = 207.218.247.135
>set q=a
>elouai.com
Server: ns.direcpc.com
Address: 66.82.4.8
Non-authoritative answer:
Name: elouai.com
Address: 64.246.1.38
|
Default Setting is "A", for A records..
can use "querytype", "type" or "q" interchangably
a record - Address record, "A" records are pointers for a domain to an IP address. i.e. test.mydomain.com would have an IP entry like 123.123.123.123
any - displays all the records for that domain.
cname - CName (Canonical Name) is used for nicknames or aliases, it is used to redirect web address to another (i.e. www.mydomain.com -> mydomain.com)
i.e.
mx - Acronym for Mail eXchange (MX). Used to define which domain handles the email
ns - Look up the Name servers for this record
ptr - A record that points an IP address to a single name, unlike a name which can be associated with many IP addresses
soa - Start Of Authority
srv - experimental service for locating services, also used to spread loads across multiple servers. (syntax _http._tcp.www.elouai.com, looking for the web server (_http) on the TCP network (internet) )
|
4.15. Options "set class=X"
Sets the class (networking class) to use, should always be IN for internet,
the are other specialized networking classes like MIT's, HS (Hesoid). Should never be changed
>set class=IN
|
Default value is IN.
|
4.16. Options "set msxfr"
Use MS fast zone transfer.
>set msxfr
|
Default value is on (msxfr).
To turn off, use nomsxfr.
|
4.16. Options "set ixfrver=X"
Sets the version to use in IXFR transfer request.
>set ixfrver=1
|
Default value is 1.
|
5. NAME SERVER "server NAME"
The name server to use when querying the domain name records. See also lserver.
>set server ns.direcpc.com
|
|
6. LOCAL NAME SERVER "lserver NAME"
Use the local DNS to resolve the new "NAME" server provided. (Helps to break out of the
** doman does not exist loop) for a broken name server or incorrectly set name server.
>set lserver ns.direcpc.com
|
|
7. FINGER "finger USER"
Finger the optional 'USER' name at the current default host. This service is not available
to most servers.
>finger
Finger: unknown service
|
|
8. ROOT "root"
Set the current defualt server to the root. Stores this information.
>root
|
Default value is an empty string.
|
9. LS "ls [option] domain"
Rerieve the zone list of this domain. Note: On almost all
Name Servers this operation is restricted or turned off
>ls webhostingcanada.org
[TLD1.ULTRADNS.NET]
*** Can't list domain webhostingcanada.org: Query refused
|
Most of the time, when using this command you would get a query refused output.
Options:
-a - list canonical names and aliases
-d - list all records
-t TYPE - list records of the given type (i.e. cname, mx, ns etc.)
|
References:
RFC 3467, review of the original function and purpose of the domain name system (DNS), port 53
DNS & BIND, nslookup Unix reference
Microsoft Support, nslookup error when resolving MX record query
Microsoft Support, Windows XP, cannot use the "set" command when the caps lock is turned out
Microsoft Support, Using NSlookup.exe for Windows NT
Microsoft Support, Using NSlookup for Windows XP
IBM, AIX NSlookup reference
|
