Use NSLOOKUP to diagnose the DNS Server

The DNS protocol has been around for years and still represents a stable and reliable protocol. However, DNS sometimes has some problems with the problem. These problems may stem from disconnection, an error DNS record or some other problem. When a DNS server does not follow the way it was expected, many people use the PING command to check. PING is a great tool for diagnosing DNS errors, but sometimes the PING command cannot give you enough information about the problem. When you need more information about DNS issues than the PING command provides, use the NSLOOKUP command. NSLOOKUP is a DNS diagnostic utility available in Windows and UNIX. In this article, we will show you how to use this utility.

Basic information

NSLOOKUP has a rich syntax and can be a bit confusing for those who are not yet familiar with it. Therefore, start with some basic knowledge. Although NSLOOKUP exists in both UNIX and Windows, there are some differences in the way it does in these two operating systems. However in this article we will only introduce the Windows version.

The first thing to understand about NSLOOKUP is that when you use the NSLOOKUP command, it assumes that you are querying a local domain on your own network. You can query an external domain, but NSLOOKUP will try to search for the internal domain first. For example, if brienposey.com is an external domain and performs NSLOOKUP against brienposey.com, NSLOOKUP will return the information as shown in Figure A.

Use NSLOOKUP to diagnose the DNS Server Picture 1
Figure A: Results when NSLOOKUP queries an external domain

If you look at the image above, you will see that there is a non-existent domain error message for IP addresses 147.100.100.34 and 147.100.100.5. There are several addresses of internal DNS servers. However, below this information is an informal answer. This means that the DNS server tried to query an external DNS server to resolve the IP address associated with the brienposey.com domain.

Now let's look at what happens when you query an internal domain. One of the local domains on the private network in this example is production.com. If you perform an NSLOOKUP on this domain, the results shown in Figure B. will be available.

Use NSLOOKUP to diagnose the DNS Server Picture 2
Figure B: Results when querying an internal domain

If you look at the top of this screen, you will notice that it has the same non-existent domain error messages as when querying an external domain. First, this causes a bit of confusion. The reason why there are results will be explained in the following section. When you enter the NSLOOKUP command, you will get such non-existent domain error messages, but you will then be taken to a command prompt (>). From here you can enter other NSLOOKUP commands. When you do so, you can use the EXIT command to return the command window.

Another thing you should note in Figure B is the lower part of the output. Below the reference for production.com is a series of IP addresses. There are multiple IP addresses for all domain control devices within a domain. If multiple IP addresses are assigned to a single server, all server IP addresses will be displayed by NSLOOKUP.

NSLOOKUP utility

Now we will go into how to use the NSLOOKUP command to see the IP address or addresses associated with the domain. One of the things you can work with NSLOOKUP is to look up a specific type of DNS record. An example of this is an MX record. In case you are still not familiar with all the complexities of DNS, the MX record will point to the organization's mail server. For example, if someone wants to send an email to you, one of the first things that their mail server must do is resolve the IP address of your domain. However, a normal addressing solution will generally not work for this purpose. In Figure A, you saw that, when running a DNS query against the brienposey.com domain, the domain returned to the address 24.235.10.4. Remember, this is the IP address of the server hosting the website. If someone wants to send an e-mail, their email client will have to resolve the IP address of the domain mail server. This is where the MX record plays its role. The MX record is a record on the domain's DNS server used to specify the domain's IP server's IP address.

As you can see, the MX record is quite important. Assuming your domain is having trouble receiving email and you suspect that your DNS server has a problem, you can use NSLOOKUP to confirm whether the execution domain actually has an MX record and the MX record. is pointed to the correct IP address.

As I mentioned earlier, you can do this with the NSLOOKUP utility. To troubleshoot an MX record issue, you must do some work inside this utility. So you have to start the process by entering the NSLOOKUP command from the command prompt.

When the NSLOOKUP utility is opened, you need to declare NSLOOKUP which DNS server you want to query. To do so, enter the SERVER command, then the DNS server's IP address. You can also enter the server's fully qualified domain name (assuming that it can be resolved) as a server IP address choice.

Now that you have specified the DNS server for NSLOOKUP to use, you can query the domains without receiving the non-existent domain error messages as seen above (as long as you still do within the NSLOOKUP utility). ). To do so, just type in the domain name you want to query. For example, if you look at Figure C, you can see where we have assigned a private DNS server and then query the internal and external domains.

Use NSLOOKUP to diagnose the DNS Server Picture 3
Figure C: The error message disappears if you specify a DNS server

Now, let's go back to the business to look up the domain's MX record. To do so, you need to issue a command that asks NSLOOKUP to query based on MX records. The command you must use is:

SET QUERY = MX

Giving this command itself will not give you any information about the domain's MX record, you must query the domain by entering the domain name. If you look at Figure D, you will see that we have specified an MX query and then entered the production.com domain name. NSLOOKUP now returns a lot of information related to the domain's MX record.

Use NSLOOKUP to diagnose the DNS Server Picture 4
Figure D: When an MX query is specified, you can have more information about the domain's MX record.

Conclude

As mentioned in the article, NSLOOKUP can give you some information about DNS server diagnostics. However, NSLOOKUP is not just about providing the types of information we introduce, it has a rich interface with a large set of commands. You can see a list of these commands and their syntax by entering the question mark at the NSLOOKUP command prompt (note: you cannot use NSLOOKUP /? To see this set of commands).

Use NSLOOKUP to diagnose the DNS Server Picture 5