Nslookup shows the name resolution, if you are getting the wrong IP even DNS server has the correct entry or actual authoritative server is up and the DNS resolution failing, how to troubleshoot this and is there any way to determine which name server (NS) am hitting for the DNS resolution
Also Read: Most used NSLOOKUP commands
If your configured primary DNS server is the authoritative server for the record which you try to resolve then it’s straightforward, query reaches your primary DNS and displays the result
Also Read: DNS Entry of Domain Controller are Resolving to Incorrect value
Let’s say the DNS record which you try to resolve it in a different server and you might have DNS delegation, DNS forwarder or additional forwarder and DNS root hint to reach the actual authoritative server for the resolution, and you want to determine in which way this been working, like tracing the name resolution
Also Read: Extract DNS root hints from Domain Controller
Nslookup to Trace DNS resolution
We have Iterative(norecurse) and Recursive(recurse)DNS Query Types, by default Recursive query been used and you will get the end result, if you change the query type to norecurse then you will get the best possible answer which is next DNS server
Example query allow
- The first query hit to the primary DNS server and gives the Nameserver from DNS delegation or DNS forwarder or additional forwarder or DNS root hint whichever is configured (if the zone is not configured locally)
- Then you need to set the query server to one of the name servers from the above result to get the next Nameserver
- You need to repeat this to understand the DNS Query flow
Also Read: Command to Create/Delete bulk DNS Record
Nslookup Command
- Nslookup
- set norecurse
- DNS entry (windowstricks.in)
- Server Nameserver (which is output Nameserver from above command)
- DNS entry(Windowstricks.in)
- Repeat this until you get the result
- You may need to clear DNS cache
Also Read: How to view DNS Cache on server
Example command
> set norecurse
> iit.co.in
Server: ns1chn.vsnl.com
Address: 202.54.6.60
Name: iit.co.in
Served by:
– b0.cctld.afilias-nst.org
199.254.60.1
co.in
Next one connecting the server from the output
> iit.co.in b0.cctld.afilias-nst.org
Server: b0.cctld.afilias-nst.org
Address: 199.254.60.1
Name: iit.co.in
Served by:
– ns409.websitewelcome.com
the final one gives the result (connecting to the server from the above output)
> iit.co.in ns409.websitewelcome.com
Server: ns409.websitewelcome.com
Address: 74.54.42.226
Name: iit.co.in
Address: 74.54.189.219
Now we know how the query travel from your primary DNS server to b0.cctld.afilias-nst.org to ns409.websitewelcome.com
DNS trace dig command
You can also do DNS trace with dig command, you need to download the tool if you don’t have
dig +trace www.windowstricks.in
This will show the entire flow in the single screen
Hope this will help you to understand DNS trace and determine which name server you are hitting for the DNS resolution
Also Read: More DNS related issues and solution
