Nslookup

Overview

nslookup is a built-in Windows command-line tool for querying DNS. It can look up hostnames, reverse lookup IP addresses, query specific DNS record types, test against a specific DNS server, and run in an interactive mode for repeated DNS checks.

It is useful when you need to confirm whether a DNS problem is local to one resolver, verify records after a DNS change, check mail records, or compare public DNS answers against an internal DNS server.

Requirements

• Windows Command Prompt or PowerShell
• Network access to a DNS server
• A domain name, hostname, or IP address to query
• Permission to query the DNS server you are testing

Basic Syntax

nslookup [-option ...]
nslookup [-option ...] - server
nslookup [-option ...] host
nslookup [-option ...] host server

The most common form is:

nslookup example.com

That asks your default DNS resolver for records related to example.com.

To enter interactive mode while immediately selecting a DNS server:

nslookup - 8.8.8.8

One-Shot Lookups

Use one-shot mode when you only need one answer.

Look Up a Hostname

nslookup www.example.com

This returns the DNS server used and the answer for www.example.com.

Use a Specific DNS Server

nslookup www.example.com 8.8.8.8

This sends the query to Google DNS instead of your default DNS server.

Other common public resolvers:

nslookup www.example.com 1.1.1.1
nslookup www.example.com 9.9.9.9

Query a Specific Record Type

nslookup -type=mx example.com

-type=mx asks for mail exchanger records.

Common DNS record types:

ANY queries are often filtered or minimized by public DNS services. Query the specific record type when you need reliable results.

Reverse Lookup an IP Address

nslookup 8.8.8.8

For IPv4 addresses, nslookup automatically performs a reverse lookup and asks for the matching PTR record.

Query a DMARC Record

nslookup -type=txt _dmarc.example.com

DMARC records are stored as TXT records under _dmarc.

Query a DKIM Record

nslookup -type=txt selector1._domainkey.example.com

Replace selector1 with the selector used by the mail platform.

Query a Microsoft 365 Autodiscover Record

nslookup -type=cname autodiscover.example.com

For some tenants, Autodiscover may also use SRV records:

nslookup -type=srv _autodiscover._tcp.example.com

Interactive Mode

Run nslookup with no arguments to enter interactive mode:

nslookup

You will see a > prompt. From there, you can run multiple DNS queries without restarting the command.

Example session:

C:\>nslookup
Default Server:  dns.example.local
Address:  192.168.1.10

> set type=mx
> example.com
> set type=txt
> _dmarc.example.com
> server 8.8.8.8
> example.com
> exit

Interactive Commands

NAME

Query a name using the current DNS server and current options.

> www.example.com

If type is set to A, this asks for IPv4 records. If type is set to MX, this asks for mail records.

NAME1 NAME2

Query NAME1 using NAME2 as the DNS server.

> www.example.com 8.8.8.8

This is the interactive equivalent of:

nslookup www.example.com 8.8.8.8

help or ?

Show the built-in command list.

> help

or:

> ?

server NAME

Change the default DNS server by asking the current DNS server to resolve the new server name.

> server 8.8.8.8

You can use an IP address or a hostname:

> server dns.google

lserver NAME

Change the default DNS server by asking the original DNS server to resolve the new server name.

> lserver 1.1.1.1

This is useful if the current server is broken but the original resolver can still resolve the server name you want to use.

root

Change the current default DNS server to the configured root server.

> root

The root server can be changed with set root=NAME.

ls DOMAIN

List records in a DNS domain.

> ls example.com

This attempts a DNS zone transfer. Most public domains and well-configured internal zones block zone transfers except from approved servers, so ls commonly fails with a refused or failed transfer message.

ls -a DOMAIN

List canonical names and aliases in a domain.

> ls -a example.com

ls -d DOMAIN

List all records in a domain.

> ls -d example.com

ls -t TYPE DOMAIN

List only records of a specific type from a domain.

> ls -t MX example.com

ls DOMAIN > FILE

Write ls output to a file.

> ls -d example.com > dns-zone.txt

view FILE

Sort and view an output file created by ls.

> view dns-zone.txt

On modern Windows systems, opening the output file directly in Notepad or another editor is often more practical:

notepad dns-zone.txt

exit

Exit interactive mode.

> exit

Set Options

Use set OPTION in interactive mode. The same options can usually be passed in one-shot mode with a leading dash, such as nslookup -type=mx example.com.

set all

Print the current options, current DNS server, and current host.

> set all

set debug and set nodebug

Enable or disable debug output.

> set debug
> www.example.com
> set nodebug

Debug output shows more detail about the DNS request and response.

One-shot example:

nslookup -debug www.example.com

set d2 and set nod2

Enable or disable exhaustive debug output.

> set d2
> www.example.com
> set nod2

Use this when normal debug output is not enough. It is verbose.

One-shot example:

nslookup -d2 www.example.com

set defname and set nodefname

Enable or disable appending the default domain name to single-label queries.

> set domain=example.com
> set defname
> server01

With defname enabled, a query like server01 can be tried as server01.example.com.

Disable it:

> set nodefname

set recurse and set norecurse

Enable or disable recursive queries.

> set recurse
> www.example.com

Disable recursion:

> set norecurse
> www.example.com

norecurse is useful when testing whether a DNS server is authoritative for a record instead of asking it to resolve the full answer recursively.

set search and set nosearch

Enable or disable use of the DNS search list.

> set search
> intranet

Disable search list expansion:

> set nosearch

set vc and set novc

Enable or disable use of a virtual circuit. In practice, this means TCP instead of the usual UDP DNS query.

> set vc
> example.com

Disable it:

> set novc

Use vc when troubleshooting large DNS responses, truncation, or TCP/53 firewall behavior.

set domain=NAME

Set the default domain name.

> set domain=example.com
> server01

set srchlist=N1[/N2/.../N6]

Set the domain search list. Up to six domains can be listed, separated by forward slashes.

> set srchlist=corp.example.com/example.com
> server01

That lets a short name like server01 be tried with the configured suffixes.

set root=NAME

Set the root server used by the root command.

> set root=a.root-servers.net
> root

set retry=X

Set the number of retries.

> set retry=3
> www.example.com

One-shot example:

nslookup -retry=3 www.example.com

set timeout=X

Set the initial timeout in seconds.

> set timeout=10
> www.example.com

One-shot example:

nslookup -timeout=10 www.example.com

set type=X

Set the DNS record type to query.

> set type=mx
> example.com

Other examples:

> set type=txt
> example.com
> set type=soa
> example.com
> set type=srv
> _sip._tls.example.com

One-shot example:

nslookup -type=txt example.com

set querytype=X

querytype does the same thing as type.

> set querytype=ns
> example.com

One-shot example:

nslookup -querytype=ns example.com

set class=X

Set the DNS query class.

> set class=IN
> example.com

Common classes:

Most everyday DNS troubleshooting uses IN.

set msxfr and set nomsxfr

Enable or disable Microsoft fast zone transfer.

> set msxfr
> ls -d example.local

Disable it:

> set nomsxfr

This only matters for zone transfer testing and only when the server allows the transfer.

set ixfrver=X

Set the current version to use in an incremental zone transfer request.

> set ixfrver=2026050401
> ls -d example.local

This is for advanced DNS zone transfer troubleshooting. It is not needed for normal record lookups.

Practical Troubleshooting Examples

Compare Internal and Public DNS

nslookup app.example.com 192.168.1.10
nslookup app.example.com 8.8.8.8
nslookup app.example.com 1.1.1.1

If internal DNS returns a private IP and public DNS returns a public IP, split DNS is probably working as intended.

Check Whether a DNS Server Is Authoritative

nslookup -type=ns example.com

Then query one of the returned name servers directly:

nslookup -type=soa example.com ns1.example.com

The SOA answer identifies the authoritative zone details, including the primary name server and serial number.

Check Email Routing

nslookup -type=mx example.com
nslookup -type=txt example.com
nslookup -type=txt _dmarc.example.com

These commands check MX, SPF, and DMARC records.

Check a Service Record

nslookup -type=srv _sip._tls.example.com

SRV records are commonly used by collaboration, voice, directory, and autodiscovery services.

Force TCP for DNS

nslookup -vc -type=txt example.com

This helps test whether DNS over TCP/53 is allowed through the network path.

Increase Timeout for a Slow Resolver

nslookup -timeout=10 -retry=3 example.com

Use this when testing a DNS server across a slow VPN or unreliable WAN path.

Example Output

C:\>nslookup -type=mx example.com
Server:  dns.example.local
Address:  192.168.1.10

Non-authoritative answer:
example.com     MX preference = 0, mail exchanger = mail.example.com

The Server and Address lines show which DNS resolver answered the query. Non-authoritative answer means the resolver returned a cached or recursively resolved answer rather than answering as the authoritative DNS server for the zone.

Notes

• nslookup is available in both Command Prompt and PowerShell.
• In PowerShell, Resolve-DnsName provides structured objects and is often better for scripting.
• nslookup output is text, so avoid depending on it for fragile automation unless you control the output format.
• Zone transfers with ls usually fail on public domains because properly configured DNS servers restrict AXFR and IXFR.
• Query specific record types instead of ANY when troubleshooting public DNS.
• If a result differs between DNS servers, check whether you are seeing normal caching, split DNS, stale records, or a propagation delay.