Home > Articles > Operating Systems, Server > Microsoft Servers

  • Print
  • + Share This

Using NSLOOKUP

Included with Windows 2000 is an implementation of the nslookup utility that originated with BIND. nslookup is a fairly elaborate tool that can conduct a wide variety of DNS queries. We'll cover the basics in this section. The Windows 2000 Help utility provides more information.

nslookup is used in a Command Prompt window and works in noninteractive and interactive modes. Let's look at the noninteractive approach first.

Making Noninteractive Queries

In noninteractive mode, the query parameters are included on the command line. Here is a query that seeks to resolve a domain name to an IP address:

C:\>nslookup www
Server: dc1.pseudo-corp.com
Address: 10.1.0.2

Name:  http://www.pseudo-corp.com
Address: 10.1.0.200

Note

In the previous query, nslookup used a reverse lookup query to determine the name of the DNS server being used by the client on which the command was run.


This query resolves an IP address to its associated domain name:

C:\>nslookup 10.1.0.25
Server: dc1.pseudo-corp.com
Address: 10.1.0.2

Name:  mail1.pseudo-corp.com
Address: 10.1.0.25

Finally, here is a query that fails because nslookup cannot locate a name server that is authoritative for the target reverse lookup zone:

C:\>nslookup 10.2.3.4
Server: dc1.pseudo-corp.com
Address: 10.1.0.2

*** dc1.pseudo-corp.com can't find 10.2.3.4: No

Before pursuing a query, nslookup must locate a name server. By default, nslookup uses the DNS servers that are defined in the host's TCP/IP properties, trying DNS servers in the order they appear in the DNS properties tab. What happens if nslookup cannot find an active DNS server? Before starting the following dialog, I stopped the DNS server service:

C:\>nslookup www
*** Can't find server name for address 10.1.0.2: No response from server
*** Can't find server name for address 10.1.0.3: No response from server
*** Can't find server name for address 10.1.0.2: No response from server
*** Can't find server name for address 10.1.0.3: No response from server
*** Default servers are not available
Server: UnKnown
Address: 10.1.0.2

*** UnKnown can't find www: No response from server

nslookup made two attempts to contact each of the name servers that were in the client's TCP/IP configuration and then reported failure.

Making Interactive Queries

nslookup can also be used interactively. To start an interactive session, invoke the nslookup command as in the following dialog:

C:\>nslookup
Default Server: dc1.pseudo-corp.com
Address: 10.1.0.2

>

The > is the nslookup command prompt. Here you can shape a wide variety of queries. To query a host by name, simply enter the hostname at the prompt. Here's a good example of round robin addressing:

> www.microsoft.com
Server: dc1.pseudo-corp.com
Address: 10.1.0.2

Name:  microsoft.com
Addresses: 207.46.131.30, 207.46.130.14, 207.46.130.149, 207.46.130.150
     207.46.130.45, 207.46.131.137, 207.46.131.28
Aliases: http://www.microsoft.com

Notice that the DNS server has responded with all IP addresses that are associated with the target name. The order in which the IP addresses will vary to distribute usage across all the servers.

By default, nslookup queries for Address resource records. You can query for other types of resource records by changing the querytype, abbreviate as q. Here's how you can view the SOA record for a domain:

> set q=soa
> pseudo-corp.com
Server: dc1.pseudo-corp.com
Address: 10.1.0.2

pseudo-corp.com
    primary name server = dc1.pseudo-corp.com
    responsible mail addr = administrator.pseudo-corp.com
    serial = 71
    refresh = 900 (15 mins)
    retry  = 600 (10 mins)
    expire = 86400 (1 day)
    default TTL = 3600 (1 hour)
dc1.pseudo-corp.com   internet address = 10.1.0.2
dc1.pseudo-corp.com   internet address = 10.2.0.1

Here is another example that identifies any MX resource records that might be defined for a given hostname:

> set q=mx
> mail1
Server: dc1.pseudo-corp.com
Address: 10.1.0.2

pseudo-corp.com
    primary name server = dc1.pseudo-corp.com
    responsible mail addr = administrator.pseudo-corp.com
    serial = 71
    refresh = 900 (15 mins)
    retry  = 600 (10 mins)
    expire = 86400 (1 day)
    default TTL = 3600 (1 hour)

I'll leave it to you to experiment further with NSLOOKUP. Use the help option to see a list of available commands. For more detail, use the Windows 2000 Help utility.

  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.