NLS Lookup
According to Microsoft:
Nslookup.exe is a command-line administrative tool for testing and troubleshooting DNS servers.
Nslookup.exe can be run in two modes: interactive and noninteractive.
Noninteractive mode is useful when only a single piece of data needs to be returned. The syntax for noninteractive mode is:
nslookup [-option] [hostname] [server]
To start Nslookup.exe in interactive mode, simply type "nslookup" at the command prompt:
C:\> nslookup
Default Server: nameserver1.domain.com
Address: 10.0.0.1
>
Typing "help" or "?" at the prompt will display a list of commands. Anything typed at the command prompt that is not recognized as a valid command is assumed to be a host name and an attempt is made to resolve it using the default (or currently determined) server. To exit, type exit at the command prompt.
Commands: (identifiers are shown in uppercase, [] means optional)
| NAME | - print info about the host/domain NAME using default server |
| NAME1 NAME2 | - as above, but use NAME2 as server |
| help or ? | - print info on common commands |
| set OPTION | - set an option |
| all | - print options, current server and host |
| [no]debug | - print debugging information |
| [no]d2 | - print exhaustive debugging information |
| [no]defname | - append domain name to each query |
| [no]recurse | - ask for recursive answer to query |
| [no]search | - use domain search list |
| [no]vc | - always use a virtual circuit |
| domain=NAME | - set default domain name to NAME |
| srchlist=N1[/N2/.../N6] | - set domain to N1 and search list to N1, N2, and so on |
| root=NAME | - set root server to NAME |
| retry=X | - set number of retries to X |
| timeout=X | - set initial time-out interval to X seconds |
| type=X | - set query type (for example, A, ANY, CNAME, MX, NS, PTR, SOA, SRV) |
| querytype=X | - same as type |
| class=X | - set query class (for example, IN (Internet), ANY) |
| [no]msxfr | - use MS fast zone transfer |
| ixfrver=X | - current version to use in IXFR transfer request |
| server NAME | - set default server to NAME, using current default server |
| lserver NAME | - set default server to NAME, using initial server |
| finger [USER] | - finger the optional NAME at the current default host |
| root | - set current default server to the root |
| ls [opt] DOMAIN [> FILE] | - list addresses in DOMAIN (optional: output to FILE) |
| -a | - list canonical names and aliases |
| -d | - list all records |
| -t TYPE | - list records of the given type (for example, A, CNAME, MX, NS, PTR, and so on) |
| view FILE | - sort an 'ls' output file and view it with pg |
| exit | - exit the program |
A number of different options can be set in Nslookup.exe by running the set command at the command prompt. A complete listing of these options is displayed by typing set all. See above, under the set command for a printout of the available options.
Back to the top
Looking up Different Data Types
To look up different data types within the domain name space, use the set type or set q[uerytype] command at the command prompt. For example, to query for the mail exchanger data, type the following:
C:\> nslookup
Default Server: ns1.domain.com
Address: 10.0.0.1
> set q=mx
> mailhost
Server: ns1.domain.com
Address: 10.0.0.1
mailhost.domain.com MX preference = 0, mail exchanger = mailhost.domain.com
mailhost.domain.com internet address = 10.0.0.5
>
The first time a query is made for a remote name, the answer is authoritative, but subsequent queries are nonauthoritative. The first time a remote host is queried, the local DNS server contacts the DNS server that is authoritative for that domain. The local DNS server will then cache that information, so that subsequent queries are answered nonauthoritatively out of the local server's cache.
Querying Directly from Another Name Server To query another name server directly, use the server or lserver commands to switch to that name server. The lserver command uses the local server to get the address of the server to switch to, while the server command uses the current default server to get the address.
Example:
C:\> nslookup
Default Server: nameserver1.domain.com
Address: 10.0.0.1
> server 10.0.0.2
Default Server: nameserver2.domain.com
Address: 10.0.0.2
>
Back to the top
Using Nslookup.exe to Transfer Entire Zone Nslookup can be used to transfer an entire zone by using the ls command.
This is useful to see all the hosts within a remote domain. The syntax for the ls command is:
ls [- a | d | t type] domain [> filename]
Using ls with no arguments will return a list of all address and name server data. The -a switch will return alias and canonical names, -d will return all data, and -t will filter by type.
Example:
| >ls domain.com |
| [nameserver1.domain.com] |
| nameserver1.domain.com. | NS | server = ns1.domain.com |
| nameserver2.domain.com | NS | server = ns2.domain.com |
| nameserver1 | A | 10.0.0.1 |
| nameserver2 | A | 10.0.0.2 |
