Nslookup And Dns Troubleshooting

Category: Network Tools and Commands
Type: Network Tools & Commands
Generated on: 2025-07-10 09:16:03
For: Network Engineering, Administration & Technical Interviews

---

Nslookup & DNS Troubleshooting Cheatsheet

This cheat sheet provides a comprehensive guide to using nslookup and related techniques for DNS troubleshooting. It covers basic syntax, practical examples, advanced usage, and security considerations.

• Nslookup: A command-line tool used to query Domain Name System (DNS) servers to obtain domain name or IP address mapping or other specific DNS records. It’s useful for verifying DNS resolution, identifying DNS server issues, and examining DNS records. While largely superseded by dig and host in many environments, it’s still valuable for its ubiquity.

• When to Use:

  • Verifying DNS resolution for a specific domain.
  • Troubleshooting DNS server issues.
  • Examining specific DNS records (A, MX, CNAME, etc.).
  • Confirming DNS propagation after changes.

Nslookup (Interactive Mode):

nslookup

Nslookup (Non-Interactive Mode):

nslookup [options] [hostname] [server]

• hostname: The domain name or IP address to query.
• server: The DNS server to use for the query (optional).

3.1. Basic Lookup:

nslookup google.com

Expected Output:

Server:  192.168.1.1  # Your DNS server
Address: 192.168.1.1#53

Non-authoritative answer:
Name:    google.com
Address: 142.250.184.142

3.2. Specifying a DNS Server:

nslookup google.com 8.8.8.8

Expected Output:

Server:  dns.google
Address: 8.8.8.8#53

Non-authoritative answer:
Name:    google.com
Address: 142.250.184.142

3.3. Querying a Specific Record Type (MX):

nslookup -type=mx google.com

Expected Output:

Server:  192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
google.com        mail exchanger = 10 aspmx.l.google.com.
google.com        mail exchanger = 20 alt1.aspmx.l.google.com.
google.com        mail exchanger = 30 alt2.aspmx.l.google.com.
google.com        mail exchanger = 40 alt3.aspmx.l.google.com.
google.com        mail exchanger = 50 alt4.aspmx.l.google.com.

aspmx.l.google.com  internet address = 142.250.152.26
alt1.aspmx.l.google.com internet address = 142.250.115.26
alt2.aspmx.l.google.com internet address = 142.250.115.26
alt3.aspmx.l.google.com internet address = 142.250.115.26
alt4.aspmx.l.google.com internet address = 142.250.152.26

3.4. Reverse DNS Lookup:

nslookup 8.8.8.8

Expected Output:

Server:  192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
8.8.8.8.in-addr.arpa name = dns.google.

• -type=<record_type>: Specifies the type of DNS record to query (A, MX, CNAME, NS, TXT, SOA, etc.).
• server: Specifies the DNS server to query.
• -debug: Enables debugging mode, providing more detailed information. Useful for diagnosing complex DNS issues.
• -timeout=<seconds>: Sets the timeout for the query.
• -retry=<number>: Sets the number of retries.
• -port=<port>: Specifies the port to use for the DNS query (default is 53).
• set q=<record_type> (in interactive mode): Equivalent to -type.
• set recurse: Forces recursive queries.
• set norecurse: Disables recursive queries.

5.1. Interactive Mode and Multiple Queries:

nslookup
> server 8.8.8.8
Default server: dns.google
Address: 8.8.8.8#53
> set type=mx
> google.com
> exit

5.2. Using dig for More Advanced Queries (Often Preferred):

While nslookup is useful, dig is generally preferred for advanced DNS troubleshooting due to its more comprehensive features and output.

dig google.com
dig MX google.com
dig +trace google.com  # Follow the resolution path
dig -x 8.8.8.8          # Reverse DNS lookup

5.3. Using host for Simple Lookups:

host provides a simpler interface for basic DNS lookups.

host google.com
host -t mx google.com
host -t ns google.com

6.1. Cannot Resolve a Domain:

• Problem: nslookup returns “server can’t find : NXDOMAIN”.
• Possible Causes:
  • Domain name does not exist.
  • DNS server is not configured correctly.
  • Network connectivity issues to the DNS server.
• Solution:
  • Verify the domain name is correct.
  • Check the DNS server configuration on the client machine.
  • Test network connectivity to the DNS server using ping or traceroute.
  • Try a different DNS server (e.g., 8.8.8.8 or 1.1.1.1).

6.2. Incorrect IP Address Resolution:

• Problem: nslookup returns an incorrect IP address for a domain.
• Possible Causes:
  • Cached DNS record on the client machine or DNS server.
  • DNS server is returning stale information.
  • DNS poisoning (rare).
• Solution:
  • Flush the DNS cache on the client machine (see platform-specific instructions below).
  • Restart the DNS client service.
  • Verify the DNS records on the authoritative DNS server.
  • Investigate potential DNS poisoning if suspected (requires advanced security analysis).

6.3. Slow DNS Resolution:

• Problem: nslookup takes a long time to return a result.
• Possible Causes:
  • DNS server is overloaded or slow.
  • Network latency between the client and the DNS server.
  • DNS server is not configured optimally.
• Solution:
  • Try a different DNS server.
  • Investigate network latency using ping or traceroute.
  • Contact the DNS server administrator to optimize its configuration.

6.4. DNS Server Unreachable:

• Problem: nslookup returns “connection timed out; no servers could be reached”.

• Possible Causes:

  • DNS server is down.
  • Firewall blocking DNS traffic (port 53).
  • Network connectivity issues.

• Solution:

  • Verify the DNS server is running.
  • Check firewall rules to ensure DNS traffic is allowed.
  • Test network connectivity to the DNS server.

• Server: The DNS server that responded to the query.

• Address: The IP address of the DNS server.

• Non-authoritative answer: The information was obtained from a cached response, not directly from the authoritative DNS server. This is normal.

• Authoritative answers can be found from: Indicates which DNS servers are authoritative for the domain.

• Name: The domain name being queried.

• Address: The IP address associated with the domain name (for A records).

• mail exchanger: The mail server(s) responsible for handling email for the domain (for MX records).

• CNAME: Canonical name - an alias for another domain.

• DNS Spoofing: Be aware that nslookup results can be spoofed. Do not rely solely on nslookup for critical security decisions. Always verify with multiple sources and security tools.

• DNSSEC: DNSSEC (Domain Name System Security Extensions) provides authentication of DNS data. Consider using tools that support DNSSEC validation (e.g., dig +dnssec).

• Privacy: DNS queries can reveal browsing habits. Consider using encrypted DNS protocols like DNS over HTTPS (DoH) or DNS over TLS (DoT). Cloudflare (1.1.1.1) and Google (8.8.8.8) offer DoH and DoT services.

• Public vs. Private DNS: Be mindful of using public DNS servers for sensitive internal domain resolution. Use internal DNS servers for internal domains.

9.1. Linux:

• nslookup, dig, and host are typically included in most distributions.
• Flush DNS cache: sudo systemd-resolve --flush-caches (systemd-resolved) or sudo /etc/init.d/networking restart (traditional networking).

9.2. Windows:

• nslookup is built-in.
• dig and host are not included by default but can be installed (e.g., via BIND).
• Flush DNS cache: ipconfig /flushdns

9.3. macOS:

• nslookup, dig, and host are usually included.
• Flush DNS cache: sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder (older macOS versions may use lookupd -flushcache).

Important Notes:

• dig is generally preferred over nslookup for advanced DNS troubleshooting.
• Always verify DNS results with multiple tools and sources, especially for security-sensitive applications.
• Understand the limitations of DNS caching and its impact on troubleshooting.
• Monitor DNS server performance and availability to proactively identify and resolve issues.