Network Administration: The nslookup Command

The nslookup command is a powerful tool for diagnosing DNS problems. You know you’re experiencing a DNS problem when you can access a resource by specifying its IP address but not its DNS name. For example, if you can get to www.ebay.com by typing 66.135.192.87 in your browser’s address bar but not by typing www.ebay.com, you have a DNS problem.

The simplest use of nslookup is to look up the IP address for a given DNS name.

C:>nslookup ebay.com
Server:  ns1.orng.twtelecom.net
Address:  168.215.210.50
Non-authoritative answer:
Name:    ebay.com
Address:  66.135.192.87
C:>

As you can see, just type nslookup followed by the DNS name you want to look up. Nslookup issues a DNS query to find out. This DNS query was sent to the server named ns1.orng.twtelecom.net at 168.215.210.50. It then displayed the IP address that’s associated with ebay.com: namely, 66.135.192.87.

In some cases, you may find that using an nslookup command gives you the wrong IP address for a host name. To know that for sure, of course, you have to know with certainty what the host IP address should be.

For example, if you know that your server is 203.172.182.10 but Nslookup returns a completely different IP address for your server when you query the server’s host name, something is probably wrong with one of the DNS records.

If you use nslookup without any arguments, the nslookup command enters a subcommand mode. It displays a prompt character (>) to let you know that you’re in nslookup subcommand mode rather than at a normal Windows command prompt.

In subcommand mode, you can enter various subcommands to set options or to perform queries. You can type a question mark (?) to get a list of these commands.