SHARE

nslookup command dnsShort Bytes: Nslookup command can be very handy in finding out different kinds of information using DNS queries like mail exchange server information, authoritative information, doing reverse lookup etc. Nslookup can be run in the command prompt on Windows very easily. 

Nslookup is a very famous command incorporated in the Windows operating systems to know about the information related to the domain names and the Internet Protocol (IP) addresses associated with those domain names.

In simple terms, Nslookup queries a local or the remote DNS servers to dig out information about the requested domain. You can also use many variants of this command on CMD to find out more and learn more such as knowing about the mail servers, FQDN, IP address etc.

If you are interested in knowing more about DNS, here is what we recommend you: How DNS works?

Now, we are going to see how to use basic Nslookup command to query more about domain names.

  • Nslookup to know your default DNS server and IP address

Just type nslookup in you command prompt and you will get your default DNS server and its IP address:

nslookup for default DNS server

  • Nslookup for any web servers IP address

Let’s say I want to know the IP address of Microsoft’s web servers. So just nslookup microsoft.com in you command prompt and you will get the DNS server name and its IP address:

nslookup web servers

In the above screen, you can see that there is a term called Non-authoritative answer. This answer is shown when the reply comes from a source which is not considered authoritative for the domain which it’s returning a record for.

For example, in the above query, the response is coming from my default DNS server which would come as non-authoritative because it is not listed in the list of nameservers for microsoft.com.

  • Different types of Nslookup commands

In the table below, I am going to list out some of the famous Nslookup commands which can be used for different purposes. I will also list out a few examples in the beginning and then I will finally list out those all in a table at the end.

Nslookup example with a parameter:

nslookup set q=a

Let’s understand the above Nslookup query first.

In the above query, the command follows this way:

  • nslookup <Enter>
  • > set q=a <Enter>
  • > fossbytes.com <Enter>

Now let’s see how to execute by setting different kinds of parameters (the list of which will be given in the table in the end) and do various DNS queries.

nslookup queries

Now if you compare the above image to its previous image, you can see that I have continued setting the different type of DNS queries on the same screen in continuation.

In the following image, I am continuing my different types of queries in the same screen and this time I am querying for Well-Known Service (WKS) for our website fossBytes.com.

wks service nslookup

This query is showing me some more data about fossBytes like primary server name, refresh time, default TTL, mail address etc.

You can also perform many other queries the same way for which I am providing a table below:

Set queries Description
set q=a To know the IP address
set q=any To know all types of data
set q=CNAME To know the Canonical name
set q=MB To know the Mailbox domain name
set q=MX To know about the mail exchange server
set q=SOA To know about the Start-Of-Authority of a DNS Zone
set q=WKS To know about the Well Known service

Also Read: How To Find And Kill A Remote Connecting Malware On Windows 10