What Is NSLOOKUP?

Caucasian businesswoman using laptop
Blend Images - JGI/Jamie Grill/Brand X Pictures/Getty Images

nslookup is a network utility program used to obtain information about Internet servers. As its name suggests, the utility finds name server information for domains by querying the Domain Name System (DNS).

Using nslookup

Most computer operating systems include a built-in command line program called nslookup.exe. Some network providers also host Web-based services of this same utility. These programs are all designed to perform name server look-ups against specified Internet domains.

To use the Windows version, open a command prompt and launch the tool as follows:

C:\> nslookup
Server: resolver1.opendns.com
Address: 208.67.222.222

>

This command identifies which DNS server the computer is currently configured to use for its DNS lookups. Note that nslookup remains running in the background after the command is issued (the prompt at the end of the output allows entering additional parameters).  Type either "exit" or Control-C at the prompt to stop the utility from running.

IP Address Lookup

When given a domain name as a parameter, nslookup responds by default with its primary IP address as tracked by DNS "A records." Continuing the above example, to query the primary address of Lifewire.com, type "lifewire.com" if nslookup is already running in the background

> lifewire.com

Non-authoritative answer:
Name: lifewire​.com
Address: 207.241.148.80

>

otherwise, start a new nslookup session as follows

C:\> nslookup lifewire​.com
Server: resolver1.opendns.com
Address: 208.67.222.222

Non-authoritative answer:
Name: lifewire​.com
Address: 207.241.148.80

>

Name Server Lookup

In DNS, so-called "non-authoritative answers" refer to DNS records kept on third-party DNS servers, which they obtained from the "authoritative" servers that provide the original source of the data.

The third party DNS service OpenDNS in this case obtained its data from the primary nameservers registered for lifewire.com.

> set type=ns

> lifewire​.com

[...]

Server: ns1.p30.dynect.net    internet address = 208.78.70.30
Server: ns4.p30.dynect.net    internet address = 204.13.251.30
Server: ns2.p30.dynect.net    internet address = 204.13.250.30
Server: ns3.p30.dynect.net    internet address = 208.78.71.30

>

An authoritative address lookup can be performed by specifying one of the domain's registered nameservers. nslookup then uses that server instead of the default DNS server information of the local system. For example:

C:\> nslookup lifewire.com ns1.p30.dynect.net
Server: ns1.p30.dynect.net
Address: 208.78,70.30

Name: lifewire.com
Address: 207.241.148.80

>

The output no longer mentions "non-authoritative" data as the nameserver ns1.p30.dynect. is a primary nameserver for lifewire.com as listed in the "NS record" portion of its DNS entries.

Mail Server Lookup

To search for mail server information on a particular domain, nslookup utilizes the "MX record" feature of DNS. Some sites, like Lifewire.com, support both primary and backup servers while other sites only one. Mail server queries for Lifewire.com work as follows:

> set type=mx

> lifewire.com
lifewire.com MX preference = 100, mail exchanger = ASPMX.L.GOOGLE.com
lifewire.com MX preference = 200, mail exchanger = ALT1.ASPMX.L.GOOGLE.com
...

Other nslookup Queries

nslookup supports querying against other less commonly used DNS records including CNAME, PTR and SOA. Typing a question mark (?) at the prompt prints the program's help instructions. Web-based variations of the utility may offer a few additional features beyond the standard parameters.