So there you are in front of your computer, you know you have internet access, you can ping 22.214.171.124, but your browser isn’t working, and when you try to ping google.com, the name is unable to resolve. You think to yourself “If only I had saved that blog article about nslookup locally, so I didn’t have to depend on the internet to get all that great info!”.
Well lucky for you, you currently have internet access, and you can read this blog, and I’m hopeful that you can step through an example or two and your memory will be so razor sharp that you won’t even need to save this article for a rainy no-DNS day. Maybe there will be some other useful stuff, too.
I’ve been in several scenarios where having nslookup familiarity has been a huge time saver and hopefully I can share a trick or two with you on using the nslookup tool (Name Server Lookup) that’s built into Windows, Apple, and most Linux flavors (Click on the OS links for nslookup documentation for each). I thought maybe a quick primer on how I use the tool most often might help someone out. My examples will be in Windows since that’s what I’ve seen used the most in my travels, but the commands should be extremely similar across all operating systems.
I’m going to assume you know that DNS stands for Domain Name System. The most common analogy I’ve heard for DNS is that it’s like a phone book where looking up a name to get an IP address is just like looking up a name to get a phone number. For my purposes, I wanted to share some common scenarios & nslookup exercises I go through when troubleshooting DNS.
Scenario 1 – DNS is broke like a joke
You can ping, but you can’t seem to resolve a name.
Step 1. Make sure you have DNS servers configured on your interface.
Step 2. Check that DNS is working on your DNS servers (with nslookup!)
There’s 2 ways I use nslookup to check DNS from multiple name servers. If I’m doing a quick check, I’ll open a command prompt (or terminal) and type “nslookup [host] [server]” where host is the name you want to check and server is the DNS server you want to look it up on. Here’s an example where I looked up google.com on 126.96.36.199 (a google DNS server).
The second way is to go into interactive mode by just typing “nslookup”. I typically use interactive mode since I rarely do just one or two lookups, so I find it to be faster for me. Next, specify the DNS server to use “server 188.8.131.52” (an OpenDNS server), then looking up the host “google.com”.
**NOTE** In interactive mode, just type ? to get a list of commands
For step 2, you should test all the DNS servers your interface has specified. If a DNS server is not resolving a name, but you can ping it, you might want to check that the DNS service is running. If it doesn’t respond to ping either the DNS server may be down. If both DNS servers are not resolving names, you may be looking at an issue with connectivity from your machine to the DNS server(s).
Before we start with scenario 2, I want to explain different DNS record types. The main lookups people focus on are A (Address) records, which match nicely with the phone book analogy. There are several other types though. For this next example, we’ll be looking at the NS (Name Server) type, which basically tells the internet which name servers are authoritative for the domain. You may have noticed in our previous example when we looked up google.com, we got a “Non-authoritative answer”, which means the DNS server we used was just saving a copy of the answer from the authoritative server. Let’s go through Scenario 2 and hopefully it will make a little more sense.
Scenario 2 – I just made a public DNS change
You added or updated a DNS entry on GoDaddy or another public DNS provider.
***HOT TIP*** If you’re planning to update a public DNS entry, change the TTL (time to live) to a lower time like 10 minutes the day before the scheduled change to tell the other DNS servers around the world to check for updates more often. I usually wait until I’m sure I won’t have to roll back a change before setting the TTL to a longer time - 1 hour is typical.
Step 1. Find the domain’s authoritative DNS Server(s)
In this case, I’m going to set type to NS (Name Server) and determine the authoritative DNS servers for lookingpoint.com
Looking at the box above, you can see that I told nslookup to look up an NS record, then I looked up lookingpoint.com, and you can tell that the DNS server I queried for this information was dns.opendns.com and it’s NOT authoritative. Let’s set the server to ns27 & see if it looks any different.
Wait! What happened?! I’ve found that I sometimes need to point to the IP address as opposed to the server name. So we can see the IP above, let’s try the same thing there.
Ah ha! It doesn’t say “non-authoritative” anymore. This is where we want to check our change!
Step 2. Check the authoritative (& non-authoritative) servers for the updated A record
Ok, let’s look up our A record before the change & validate after the change.
Here I set the type to “a”, looked up “nslookupblog.lookingpoint.com”, then changed to an opendns server to validate it was the same there. Next, let’s change the dns record and do the same test again.
Alright! So, after changing the record we see the change reflected in both the authoritative DNS server records AND the OpenDNS server records, so our change was a success! If at first, you don’t see the record on whichever public DNS server you’re checking, give it some time, it can take a while for DNS records to propagate around the world. Also, see the hot tip at the top of scenario 2 for TTL adjustments to make your life easier during DNS changes.
I hope these initial 2 scenarios gave you a taste of what nslookup can do. I’ll do a second installment where we look at using nslookup for email troubleshooting. We’ll look at some additional DNS record types and have lots of fun!
It just so happens that LookingPoint offers multiple IT services if you’re interested. Want more information, give us a call! Please reach out to us at email@example.com and we’ll be happy to help!
Ryan Alibrando, Managed Services Team Lead