Command to troubleshoot DNS issues (Nslookup Advance Usage)
Nslookup is a command-line tool used to test and troubleshoot the DNS issues
Find the advance help for Nslookup
C:\>nslookup
Default Server: ns1chn.vsnl.com
Address: 202.54.6.60
> ?
Commands: (identifiers are shown in uppercase, [] means optional)
NAME - print info about the host/
domain NAME using default server
NAME1 NAME2 - as above, but use NAME2 as server
help or ? - print info on common commands
set OPTION - set an option
all - print options, current server and host
[no]debug - print debugging information
[no]d2 - print exhaustive debugging information
[no]defname - append domain name to each query
[no]recurse - ask for recursive answer to query
[no]search - use
domain search list
[no]vc - always use a virtual circuit
domain=NAME - set default domain name to NAME
srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc.
root=NAME - set root server to NAME
retry=X - set number of retries to X
timeout=X - set initial time-out interval to X seconds
type=X - set query type (ex. A,ANY,CNAME,MX,NS,PTR,SOA,SRV)
querytype=X - same as type
class=X - set query class (ex. IN (Internet), ANY)
[no]msxfr - use MS fast zone transfer
ixfrver=X - current version to use in IXFR transfer request
server NAME - set default server to NAME, using current default server
lserver NAME - set default server to NAME, using initial server
finger [USER] - finger the optional NAME at the current default host
root - set current default server to the root
ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE)
-a - list canonical names and aliases
-d - list all records
-t TYPE - list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.)
view FILE - sort an 'ls' output file and view it with pg
exit - exit the program
Set All
command will display the current configuration settings; you can always
change the settings using the same set command, but this setting only
for the current session, this will change to default settings while to
exit the command
> set all
Default Server: ns1chn.vsnl.com
Address: 202.54.6.60
Set options:
nodebug
defname
search
recurse
nod2
novc
noignoretc
port=53
type=A
class=IN
timeout=2
retry=1
root=A.ROOT-SERVERS.NET.
domain=
MSxfr
IXFRversion=1
srchlist=
Set type
To change the query type user the below command, by default type=A, this
will only query the host record (A record) to query for the mail
exchanger data, type the following:
> set type=mx
> google.com
Server: ns1chn.vsnl.com
Address: 202.54.6.60
Non-authoritative answer:
google.com MX preference = 10, mail exchanger = smtp4.google.com
google.com MX preference = 10, mail exchanger = smtp1.google.com
google.com MX preference = 10, mail exchanger = smtp2.google.com
google.com MX preference = 10, mail exchanger = smtp3.google.com
In this way you can use the different query type (A, ANY, CNAME, MX, NS, PTR, SOA, SRV).
any - displays all the records for that domain.
cname - CName (Canonical Name) is used for nicknames or aliases, it is used to redirect web address to another
mx - Mail eXchange (MX). Used to define which domain handles the email
ns - Look up the Name servers for this record
ptr - A record that points an IP address to a single name, unlike a name which can be associated with many IP addresses
soa - Start Of Authority
srv - Resource records
The first time a query is made for a remote name, the answer is
authoritative, but subsequent queries are nonauthoritative. The first
time a remote host is queried, the local DNS server contacts the DNS
server that is authoritative for that domain. The local DNS server will
then cache that information, so that subsequent queries are answered
nonauthoritatively out of the local server's cache.
Set debug
Using this option you can turn on or off the debug display, nothing but
the detailed lookup result, by default this option disabled (set
nodebug) you can use the below command turn on the debug mode
> set debug
> google.com
Server: ns1chn.vsnl.com
Address: 202.54.6.60
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 3, authority records = 4, additional = 4
QUESTIONS:
google.com, type = A, class = IN
ANSWERS:
-> google.com
internet address = 74.125.67.100
ttl = 235 (3 mins 55 secs)
AUTHORITY RECORDS:
-> google.com
nameserver = ns1.google.com
ttl = 170814 (1 day 23 hours 26 mins 54 secs)
ADDITIONAL RECORDS:
-> ns1.google.com
internet address = 216.239.32.10
ttl = 302197 (3 days 11 hours 56 mins 37 secs)
------------
Non-authoritative answer:
Name: google.com
Addresses: 74.125.67.100, 74.125.127.100, 74.125.45.100
We have querying “google.com, type = A, class = IN”
Normal query Nslookup will return only the IP address of google.com, in
debug mode it will provide corresponding name server records and
authority records which resolve to the IP addresses (Additional records)
So we came to know from where the host (google.com) getting resolved,
able to find the corresponding IP address as well as holding DNS server
(ns1.google.com)
Set d2
Using this Option you can turn on or off the EXHAUSTIVE debug display.
Retrieves the complete dump of what is sent and received via the DNS
requests
Set norecurse
Before this you should know about Iterative(norecurse) and Recursive(recurse) Queries.
Please check the below link for more info:
This will display other domain name servers to query, if the default name server does not have the information.
Turn off recursion and then try to look up a name that is not cached
locally. since our default name server does not have the entry, this
will display other name servers that might know the answer
> set norecurse
> iit.co.in
Server: ns1chn.vsnl.com
Address: 202.54.6.60
Name: iit.co.in
Served by:
- b0.cctld.afilias-nst.org
199.254.60.1
co.in
- a0.cctld.afilias-nst.info
199.254.59.1
co.in
- a2.in.afilias-nst.info
199.249.117.1
co.in
- b2.in.afilias-nst.org
199.249.125.1
co.in
- d0.cctld.afilias-nst.org
199.254.62.1
co.in
- c0.cctld.afilias-nst.info
199.254.61.1
co.in
- a1.in.afilias-nst.in
203.119.49.201
co.in
- b1.in.afilias-nst.in
220.226.205.253
co.in
> iit.co.in b0.cctld.afilias-nst.org
Server: b0.cctld.afilias-nst.org
Address: 199.254.60.1
Name: iit.co.in
Served by:
- ns409.websitewelcome.com
iit.co.in
- ns410.websitewelcome.com
iit.co.in
> iit.co.in ns409.websitewelcome.com
Server: ns409.websitewelcome.com
Address: 74.54.42.226
Name: iit.co.in
Address: 74.54.189.219
In the above example I have using iit.co.in, if you query iit.co.in with
set norecurse this will display other name servers that might know the
answer, since our default name server does not. I have used
b0.cctld.afilias-nst.org name server to look for the answer, this will
lists the ns server that has the authoritive answer. Then have the Name
server for one more time, iit.co.in ns409.websitewelcome.com and we will
get the A record 74.54.189.219
This will help to troubleshoot the DNS related issues, able to find the
problematic name servers and able to find trace the DNS issue.
> set recurse
> iit.com
Server: ns1chn.vsnl.com
Address: 202.54.6.60
Non-authoritative answer:
Name: iit.com
Address: 74.54.82.185
With set recurse we will get the direct answer
Set srchlis
Command to change search list and default
Domain Name System (DNS) domain name
Set srchlist=N1[N2/../N6]
Specifies one or up to six
domain names to be appended to unqualified host names when attempting to resolve the host name. Each domain name specified is tried in turn until a match is found.
This option also directs the default domain to be set to the first domain name specified in the search list. The minimum abbreviation for this option is srchl.
While querying the host name no need to provide the FQDN, only host name
enough, domain from the Srchlist added to the given host name to make
the FQDN
Examples
To set the DNS domain to test.com
set srchlist=test.com/test1.com
> set srchlist=test.com
> test0001
Server: ns1chn.vsnl.com
Address: 202.54.6.60
Non-authoritative answer:
Name: test0001.test.com
Address: 205.178.152.103
In the above example I have only provide the host name (test0001) but
Nslookup able to query the FQDN (test0001.test.com) using the set
srchlist=test.com command.
DOMAIN SERVER
Look up a given domain name (NAME1) using this name server (NAME2). See example below
> iit.co.in ns409.websitewelcome.com
Server: ns409.websitewelcome.com
Address: 74.54.42.226
Name: iit.co.in
Address: 74.54.189.219
set root
Changes the name of the root server to the name specified by the HOST
parameter, The root server by default is defined to be
"A.ROOT-SERVERS.NET"
set root=A.ROOT-SERVERS.NET
set retry
Changes the number of times to retry quering a name server, Default retries is 1.
set retry=2
Set timeout
Sets the initial time out value in seconds, Default timeout value is 2 seconds.
>set timeout=4
LS
Rerieve the zone list of this domain. Note: On almost all Name Servers this operation is restricted or turned off
Most of the time, when using this command you would get a query refused
output.Options:-a - list canonical names and aliases-d - list all
records-t TYPE - list records of the given type (i.e. cname, mx, ns
etc.)
(1)