Jump to content

Using nslookup


rev.dennis
 Share

Recommended Posts

I'm a big fan of dig instead of nslookup but by default Windows users only have the tool nslookup.  dig uses the OS resolver libraries. nslookup uses is own internal ones.

Dig (on Mac OS X and Linux) and nslookup (on Microsoft Windows) are the primary command-line tools for troubleshooting DNS issues.

nslookup has much of its options hidden by default but you can easily see these by running nslookup and then type set all like shown here..  not that any dns query will utilize the dns default server usfnt1dc001.na.thezah.com

H:\>nslookup
Default Server:  usfnt1dc001.na.thezah.com
Address:  10.6.0.5

> set all
Default Server:  usfnt1dc001.na.thezah.com
Address:  10.6.0.5

Set options:
  nodebug
  defname
  search
  recurse
  nod2
  novc
  noignoretc
  port=53
  type=A+AAAA
  class=IN
  timeout=2
  retry=1
  root=A.ROOT-SERVERS.NET.
  domain=thezah.com
  MSxfr
  IXFRversion=1
  srchlist=na.thezah.com/thezah.com

>

So some simple commands that perform similar in each tool

To lookup DNS information on example.com using your configured DNS Servers

$ dig thezah.com

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> thezah.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17537
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;thezah.com.                    IN      A

;; ANSWER SECTION:
thezah.com.             14396   IN      A       64.38.250.2

;; Query time: 3161 msec
;; SERVER: 10.43.144.51#53(10.43.144.51)
;; WHEN: Wed Jun 01 09:58:05 EDT 2016
;; MSG SIZE  rcvd: 55           
H:\>nslookup thezah.com
Server:  usfnt1dc001.na.thezah.com
Address:  10.6.0.5

Non-authoritative answer:
Name:    thezah.com
Address:  64.38.250.2

You can see that both dig and nslookup provide the same end result (dns name to IP address) but you get so much more good information when using dig.

Quote

You'll see a nonauthoritative response for one of two reasons. The first is that the name server you queried didn't have the data you were looking for and had to query a remote name server to get it. The remote name server is authoritative for the data (that's the reason it was queried!) and returns it with the "authoritative answer" bit set in the DNS message header. The Microsoft DNS Server you queried puts this data in its cache and returns it to you marked nonauthoritative. If you ask for the same data again, this time the name server can answer from its cache and will mark the data nonauthoritative: that's the second reason you'll see a nonauthoritative answer.

Now run the same command but use google DNS server (8.8.8.8) instead of local DNS configured server

dig @8.8.8.8 thezah.com

nslookup thezah.com 8.8.8.8

 

 

Link to comment
Share on other sites

 Share

×
×
  • Create New...