Aleksandar's computer workshop
Let's see what Aleksandar was fixing today.
My findings, tips & tricks related to computers, internet, programming and other stuff I was working with.

Using NSLOOKUP for DNS Server diagnosis

March 11, 2008 16:28 by Aleksandar

Nslookup.exe is a command-line administrative tool for testing and troubleshooting DNS servers (also known as name servers).

To use Nslookup.exe, please note the following: 

  • The TCP/IP protocol must be installed on the computer running Nslookup.exe 
  • At least one DNS server must be specified when you run the IPCONFIG /ALL command from a command prompt.
  • Nslookup will always devolve the name from the current context. If you fail to fully qualify a name query (that is, use trailing dot), the query will be appended to the current context. For example, the current DNS settings are att.com and a query is performed on www.microsoft.com; the first query will go out as www.microsoft.com.att.com because of the query being unqualified. This behavior may be inconsistent with other vendor's versions of Nslookup, and this article is presented to clarify the behavior of Microsoft Windows NT Nslookup.exe 
  • If you have implemented the use of the search list in the Domain Suffix Search Order defined on the DNS tab of the Microsoft TCP/IP Properties page, devolution will not occur. The query will be appended to the domain suffixes specified in the list. To avoid using the search list, always use a Fully Qualified Domain Name (that is, add the trailing dot to the name).


Nslookup.exe can be run in two modes: interactive and noninteractive. Noninteractive mode is useful when only a single piece of data needs to be returned. The syntax for noninteractive mode is:

nslookup [-option] [hostname] [server]

For example to check all MX records (email servers) for GSMBLOG.COM domain you have to type this:

nslookup -type=mx gsmblog.com

 and it will return something like this:

Server:  speedtouch.lan
Address:  192.168.0.254

Non-authoritative answer:
gsmblog.com     MX preference = 10, mail exchanger = mail.gsmblog.com

mail.gsmblog.com        internet address = 194.30.175.198

Or to validate the SPF (TXT) record you can use this command:

nslookup -type=txt gsmblog.com

it will return this:

Server:  speedtouch.lan
Address:  192.168.0.254

Non-authoritative answer:
gsmblog.com     text =

        "v=spf1 ip4:194.30.175.0/24 a mx -all"

More details:

http://support.microsoft.com/kb/200525

http://www.windowsnetworking.com/articles_tutorials/Using-NSLOOKUP-DNS-Server-diagnosis.html