Command to troubleshoot DNS issues (Nslookup Advance Usage)
Nslookup is a command-line tool used to test and troubleshoot the DNS issues
Find the advance help for Nslookup
Default Server: ns1chn.vsnl.com
Commands: (identifiers are shown in uppercase,  means optional)
NAME – print info about the host/domain NAME using default server
NAME1 NAME2 – as above, but use NAME2 as server
help or ? – print info on common commands
set OPTION – set an option
all – print options, current server and host
[no]debug – print debugging information
[no]d2 – print exhaustive debugging information
[no]defname – append domain name to each query
[no]recurse – ask for recursive answer to query
[no]search – use domain search list
[no]vc – always use a virtual circuit
domain=NAME – set default domain name to NAME
srchlist=N1[/N2/…/N6] – set domain to N1 and search list to N1,N2, etc.
root=NAME – set root server to NAME
retry=X – set number of retries to X
timeout=X – set initial time-out interval to X seconds
type=X – set query type (ex. A,ANY,CNAME,MX,NS,PTR,SOA,SRV)
querytype=X – same as type
class=X – set query class (ex. IN (Internet), ANY)
[no]msxfr – use MS fast zone transfer
ixfrver=X – current version to use in IXFR transfer request
server NAME – set default server to NAME, using current default server
lserver NAME – set default server to NAME, using initial server
finger [USER] – finger the optional NAME at the current default host
root – set current default server to the root
ls [opt] DOMAIN [> FILE] – list addresses in DOMAIN (optional: output to FILE)
-a – list canonical names and aliases
-d – list all records
-t TYPE – list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.)
view FILE – sort an ‘ls’ output file and view it with pg
exit – exit the program
command will display the current configuration settings; you can always change the settings using the same set command, but this setting only for the current session, this will change to default settings while to exit the command
> set all
Default Server: ns1chn.vsnl.com
To change the query type user the below command, by default type=A, this will only query the host record (A record) to query for the mail exchanger data, type the following:
> set type=mx
google.com MX preference = 10, mail exchanger = smtp4.google.com
google.com MX preference = 10, mail exchanger = smtp1.google.com
google.com MX preference = 10, mail exchanger = smtp2.google.com
google.com MX preference = 10, mail exchanger = smtp3.google.com
In this way you can use the different query type (A, ANY, CNAME, MX, NS, PTR, SOA, SRV).
any – displays all the records for that domain.
cname – CName (Canonical Name) is used for nicknames or aliases, it is used to redirect web address to another
mx – Mail eXchange (MX). Used to define which domain handles the email
ns – Look up the Name servers for this record
ptr – A record that points an IP address to a single name, unlike a name which can be associated with many IP addresses
soa – Start Of Authority
srv – Resource records
The first time a query is made for a remote name, the answer is authoritative, but subsequent queries are nonauthoritative. The first time a remote host is queried, the local DNS server contacts the DNS server that is authoritative for that domain. The local DNS server will then cache that information, so that subsequent queries are answered nonauthoritatively out of the local server’s cache.
Using this option you can turn on or off the debug display, nothing but the detailed lookup result, by default this option disabled (set nodebug) you can use the below command turn on the debug mode
> set debug
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 3, authority records = 4, additional = 4
google.com, type = A, class = IN
internet address = 220.127.116.11
ttl = 235 (3 mins 55 secs)
nameserver = ns1.google.com
ttl = 170814 (1 day 23 hours 26 mins 54 secs)
internet address = 18.104.22.168
ttl = 302197 (3 days 11 hours 56 mins 37 secs)
Addresses: 22.214.171.124, 126.96.36.199, 188.8.131.52
We have querying “google.com, type = A, class = IN”
Normal query Nslookup will return only the IP address of google.com, in debug mode it will provide corresponding name server records and authority records which resolve to the IP addresses (Additional records)
So we came to know from where the host (google.com) getting resolved, able to find the corresponding IP address as well as holding DNS server (ns1.google.com)
Using this Option you can turn on or off the EXHAUSTIVE debug display. Retrieves the complete dump of what is sent and received via the DNS requests
Before this you should know about Iterative(norecurse) and Recursive(recurse) Queries.
Please check the below link for more info:
This will display other domain name servers to query, if the default name server does not have the information.
Turn off recursion and then try to look up a name that is not cached locally. since our default name server does not have the entry, this will display other name servers that might know the answer
> set norecurse
> iit.co.in b0.cctld.afilias-nst.org
> iit.co.in ns409.websitewelcome.com
In the above example I have using iit.co.in, if you query iit.co.in with set norecurse this will display other name servers that might know the answer, since our default name server does not. I have used b0.cctld.afilias-nst.org name server to look for the answer, this will lists the ns server that has the authoritive answer. Then have the Name server for one more time, iit.co.in ns409.websitewelcome.com and we will get the A record 184.108.40.206
This will help to troubleshoot the DNS related issues, able to find the problematic name servers and able to find trace the DNS issue.
> set recurse
With set recurse we will get the direct answer
Command to change search list and default Domain Name System (DNS) domain name
Specifies one or up to six domain names to be appended to unqualified host names when attempting to resolve the host name. Each domain name specified is tried in turn until a match is found.
This option also directs the default domain to be set to the first domain name specified in the search list. The minimum abbreviation for this option is srchl.
While querying the host name no need to provide the FQDN, only host name enough, domain from the Srchlist added to the given host name to make the FQDN
To set the DNS domain to test.com
> set srchlist=test.com
In the above example I have only provide the host name (test0001) but Nslookup able to query the FQDN (test0001.test.com) using the set srchlist=test.com command.
Look up a given domain name (NAME1) using this name server (NAME2). See example below
> iit.co.in ns409.websitewelcome.com
Changes the name of the root server to the name specified by the HOST parameter, The root server by default is defined to be “A.ROOT-SERVERS.NET”
Changes the number of times to retry quering a name server, Default retries is 1.
Sets the initial time out value in seconds, Default timeout value is 2 seconds.
Rerieve the zone list of this domain. Note: On almost all Name Servers this operation is restricted or turned off
Most of the time, when using this command you would get a query refused output.Options:-a – list canonical names and aliases-d – list all records-t TYPE – list records of the given type (i.e. cname, mx, ns etc.)
how to troubleshoot dns issues
clearing dns cache
view dns cache
register dns record
dns server role
Unable to access the server share through DNS alias name
check the DNS zone status from the list of servers