NSLookup (Name Server Lookup) is a command-line tool for querying DNS servers. It allows you to look up IP addresses for domain names, find mail servers, check DNS records, and troubleshoot DNS-related issues. Available on Windows, macOS, and Linux, it's an essential tool for network administrators and anyone diagnosing DNS problems.
Basic Usage
The simplest nslookup query returns the IP address(es) for a domain:
# Basic lookup - returns A record (IPv4 address)
nslookup google.com
# Reverse lookup - find hostname from IP address
nslookup 8.8.8.8Sample output:
$ nslookup google.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: google.com
Address: 142.250.80.46This means the response came from a cached result on your DNS resolver, not directly from the domain's authoritative name server. This is normal and doesn't indicate a problem.
Query Different Record Types
DNS has many record types. Here's how to query each:
Windows Syntax
# A record (IPv4 address)
nslookup -type=A example.com
# AAAA record (IPv6 address)
nslookup -type=AAAA example.com
# MX record (mail servers)
nslookup -type=MX example.com
# NS record (name servers)
nslookup -type=NS example.com
# TXT record (text records, SPF, DKIM, etc.)
nslookup -type=TXT example.com
# CNAME record (canonical name/alias)
nslookup -type=CNAME www.example.com
# SOA record (start of authority)
nslookup -type=SOA example.com
# ANY (all records - may be blocked by some servers)
nslookup -type=ANY example.commacOS/Linux Syntax
# Same queries work with -query= or -type=
nslookup -query=MX example.com
nslookup -type=MX example.com
# Both syntaxes are equivalent| Record Type | Purpose | Example Use |
|---|---|---|
A |
IPv4 address | Find where domain points |
AAAA |
IPv6 address | Find IPv6 address for domain |
MX |
Mail servers | Troubleshoot email delivery |
NS |
Name servers | Find authoritative DNS servers |
TXT |
Text records | Check SPF, DKIM, verification |
CNAME |
Alias | See what www points to |
SOA |
Zone authority | Check zone serial number |
PTR |
Reverse DNS | IP to hostname lookup |
Interactive Mode
NSLookup has an interactive mode useful for multiple queries:
$ nslookup
> server 8.8.8.8 # Change DNS server
Default server: 8.8.8.8
Address: 8.8.8.8#53
> set type=MX # Set record type
> google.com # Query domain
google.com mail exchanger = 10 smtp.google.com.
> set type=A # Change type
> google.com
Name: google.com
Address: 142.250.80.46
> set debug # Enable verbose output
> google.com
;; res options: init recurs defnam dnsrch
...
> exit # Leave interactive modeUseful Interactive Commands
| Command | Description |
|---|---|
server <ip> |
Change DNS server |
set type=<type> |
Set query type (A, MX, NS, etc.) |
set debug |
Enable detailed output |
set nodebug |
Disable detailed output |
set all |
Show current settings |
exit |
Exit interactive mode |
Using Different DNS Servers
You can query specific DNS servers to compare results or bypass local caching:
# Query Google's DNS
nslookup example.com 8.8.8.8
# Query Cloudflare's DNS
nslookup example.com 1.1.1.1
# Query OpenDNS
nslookup example.com 208.67.222.222
# Query Quad9
nslookup example.com 9.9.9.9
# Query a domain's authoritative nameserver directly
# First, find the nameserver:
nslookup -type=NS example.com
# Then query it:
nslookup example.com ns1.example.comAfter making DNS changes, query multiple public DNS servers to verify propagation. Different servers may show different results until the change fully propagates.
Interpreting NSLookup Output
Standard Response
$ nslookup -type=MX gmail.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
gmail.com mail exchanger = 5 gmail-smtp-in.l.google.com.
gmail.com mail exchanger = 10 alt1.gmail-smtp-in.l.google.com.
gmail.com mail exchanger = 20 alt2.gmail-smtp-in.l.google.com.
Authoritative answers can be found from:
gmail-smtp-in.l.google.com internet address = 142.250.115.27Understanding the output:
- Server/Address: The DNS server that answered your query
- Non-authoritative answer: Cached response (normal)
- mail exchanger: MX records with priority numbers (lower = higher priority)
- Authoritative answers: Hint about where to find authoritative data
Error Responses
# Domain doesn't exist
$ nslookup nonexistent-domain-12345.com
** server can't find nonexistent-domain-12345.com: NXDOMAIN
# Server timeout
$ nslookup example.com 192.0.2.1
;; connection timed out; no servers could be reached
# Server refused query
** server can't find example.com: REFUSED| Error | Meaning |
|---|---|
NXDOMAIN |
Domain does not exist in DNS |
SERVFAIL |
DNS server encountered an error |
REFUSED |
DNS server refused to answer |
connection timed out |
Can't reach the DNS server |
Common Troubleshooting Tasks
Verify Domain Points to Correct IP
nslookup example.com
# Compare with what it should be
# If wrong, check DNS configuration at registrar/DNS providerCheck Email Configuration
# Check MX records
nslookup -type=MX example.com
# Check SPF record (in TXT)
nslookup -type=TXT example.com
# Check DKIM (replace 'selector' with actual selector)
nslookup -type=TXT selector._domainkey.example.com
# Check DMARC
nslookup -type=TXT _dmarc.example.comVerify DNS Propagation
# Query multiple DNS servers
nslookup example.com 8.8.8.8 # Google
nslookup example.com 1.1.1.1 # Cloudflare
nslookup example.com 9.9.9.9 # Quad9
# If they show different IPs, propagation isn't completeFind Authoritative Nameservers
# Get NS records
nslookup -type=NS example.com
# Query authoritative server directly for most accurate result
nslookup example.com ns1.dnsprovider.comReverse DNS Lookup
# Find hostname for an IP
nslookup 8.8.8.8
# Output shows: dns.googleWhile nslookup is available everywhere, many administrators prefer dig for more detailed output and scripting. Consider learning both: nslookup for quick checks, dig for in-depth analysis.
Look Up Any Domain
Use our online DNS lookup tool to query DNS records without command line access.
DNS Lookup Tool