nslookup command windows is a native DNS diagnostic tool for querying name servers, resolving hostnames to IP addresses, and troubleshooting DNS records from the Windows command prompt.
nslookup 8.8.8.8This reference covers syntax, record types (A, MX, SOA, NS, CNAME), interactive mode, and error resolution for production DNS diagnostics.
Syntax
nslookup [-opt1 [-opt2 ...]] [hostname] [server]Tested on Windows 11 23H2 and Windows Server 2022 with DNS Client service running.
Applies to: Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows 11, Windows 10, Azure Local 2311.2 and later.
For production DNS diagnostics, always pair nslookup with packet capture (netsh trace or Wireshark) to validate wire-level responses, especially when evaluating TTL propagation or DNSSEC validation failures.
nslookup Command Cheat Sheet
| Query Action | CLI Command | Key Flag | Description |
|---|---|---|---|
| A record lookup | nslookup domain.com | N/A | Resolves domain to IPv4 address |
| Reverse PTR lookup | nslookup 192.0.2.1 | N/A | Resolves IP to hostname |
| MX record query | nslookup -type=mx domain.com | -type=mx | Returns mail exchange servers |
| SOA record query | nslookup -type=soa domain.com | -type=soa | Returns zone authority metadata |
| NS record query | nslookup -type=ns domain.com | -type=ns | Lists authoritative nameservers |
| CNAME resolution | nslookup -type=cname alias.com | -type=cname | Returns canonical target name |
| Query via specific server | nslookup domain.com 8.8.8.8 | N/A | Non-interactive server override |
| Enter interactive mode | nslookup | N/A | Starts session for multiple queries |
| Set debug in interactive | set debug | set | Enables verbose packet logging |
| Change server in interactive | server 8.8.8.8 | server | Switches query target server |
10 Essential nslookup Commands for DNS Troubleshooting
1. Basic A Record Lookup
Resolve a domain name to its IPv4 address. This is the most fundamental query and verifies forward resolution from the default DNS server configured on the network interface.
nslookup activedirectorypro.com2. Reverse DNS (PTR) Lookup
Map an IP address back to a hostname. Crucial for validating mail server identity and troubleshooting reverse zone misconfigurations.
nslookup 8.8.8.83. Mail Exchange (MX) Record Query
Find the mail servers responsible for accepting email for a domain. Use the -type=mx parameter.
nslookup -type=mx activedirectorypro.com4. Start of Authority (SOA) Record Query
Retrieve the authoritative DNS server and zone metadata (serial, refresh, retry, expire, TTL). Essential for verifying zone transfers and replication health.
nslookup -type=soa ad.activedirectorypro.com5. Nameserver (NS) Record Query
List all authoritative name servers for a domain. Confirms delegation integrity across parent and child zones.
nslookup -type=ns microsoft.com6. Canonical Name (CNAME) Record Query
Resolve an alias to its canonical name. Useful for verifying CDN and load balancer configurations.
nslookup -type=cname www.contoso.com7. Query Any Available Record
Fetch all known record types for a domain (-type=any). Use sparingly; many DNS servers limit or block this query per RFC 8482.
nslookup -type=any activedirectorypro.com8. Specify a Non-Default DNS Server
Query a specific DNS server (e.g., Google Public DNS 8.8.8.8) while in non-interactive mode.
nslookup activedirectorypro.com 8.8.8.89. Enable Debug Mode
Display full query and response packets, including header flags and authority/additional sections. Use in interactive mode with set debug.
nslookup
> set debug
> activedirectorypro.com10. Change to a Specific DNS Server (Interactive)
Switch the query target server mid-session without restarting the tool.
nslookup
> server 8.8.8.8
> activedirectorypro.comCommon Errors When Using nslookup
- DNS request timed out: The target server did not respond within the default timeout (5 seconds). Increase timeout with
set timeout=10in interactive mode. - Non-existent domain (NXDOMAIN): The queried domain does not exist. Double-check the spelling and verify the domain registration status.
- Server failed: The DNS server encountered an internal error (e.g., resource overload, corrupted zone). Check the server’s event logs.
- No response from server: Firewall blocking UDP/TCP port 53, or the server is offline. Use
Test-NetConnection 8.8.8.8 -Port 53to verify connectivity. - Query refused: The server rejected the query due to access control lists. Use an authorized server or a public resolver like 8.8.8.8.
Troubleshooting & Common Errors
| Error Message/Code | Root Cause | Resolution Command |
|---|---|---|
| DNS request timed out. timeout was 2 seconds. | Server unreachable or high latency | nslookup -timeout=10 domain.com |
| Non-existent domain (NXDOMAIN) | Domain does not exist, or typo | Check spelling; run nslookup domain.com from another resolver |
| Servers can be found, but not applicable | No records of requested type | Query with -type=any to confirm zone exists |
| *** Can’t find server name for address 192.168.1.1: Non-existent domain | Reverse zone missing PTR record | Add PTR record in the reverse lookup zone |
| Unrecognized command: set type=AAAA | Syntax error; must be set type=aaaa |
Use lowercase set type=aaaa (case-insensitive for type but keeps standard) |
How to Choose the Right nslookup Query for Your Scenario
Select the query type based on the failure symptom and layer of the DNS resolution chain.
- Forward resolution failure: Start with a basic A record lookup. If it fails, check the client’s DNS server configuration (
ipconfig /all). - Email delivery issues: Query MX records first. Verify the returned exchange server accepts mail on port 25.
- Zone replication errors: Compare SOA serial numbers across all authoritative NS servers.
- Reverse DNS misconfiguration: Use a PTR lookup for the mail server or web server IP.
- Load-balanced or CDN-backed domains: Query CNAME records to confirm the alias target matches the provider’s hostname.
Frequently Asked Questions
What is the difference between nslookup with a server argument and without?
Answer: Without a server argument queries the system’s default DNS resolver; with a server argument queries a specified DNS server directly.
This difference is critical for bypassing local DNS caches or testing upstream resolvers. Example targeting Google DNS:
nslookup example.com 8.8.8.8When should I use the -type=ANY flag in nslookup?
Answer: Use -type=ANY to retrieve all DNS record types for a domain; however, many modern DNS servers suppress ANY queries per RFC 8482.
On Windows, this flag yields A, AAAA, MX, NS, etc. in one response. For reliable enumeration, query each type individually:
nslookup -type=MX example.comHow do I fix “*** Can’t find server name for address” error in nslookup?
Answer: Check network connectivity to the DNS server, verify the server IP is correct, and ensure firewall allows UDP/TCP port 53.
This error indicates a reverse lookup failure. Try direct forward lookup first, then disable default server name resolution:
nslookup -nosearch example.comDoes nslookup work on Windows PowerShell?
Answer: Yes, nslookup is a legacy tool available in both Command Prompt and PowerShell, though PowerShell also offers the Resolve-DnsRecord cmdlet.
For automation, use Resolve-DnsRecord with structured output; for quick ad-hoc queries, nslookup remains compatible:
nslookup www.example.comWhat is the fastest way to perform a reverse DNS lookup (PTR) with nslookup on Windows?
Answer: Type nslookup <IP_address> directly; for batch speed, loop with set timeout=1 to avoid hangs.
Single command:
nslookup 8.8.8.8For multiple IPs in script:
for %i in (8.8.8.8 1.1.1.1) do nslookup %i
Command Line Expert & Software Engineer
Welcome! I’m Thomas Heinrich, a software engineer and system administrator with a deep passion for the Command Line Interface (CLI). With years of experience navigating the terminal, building backend architectures, and automating server deployments, I created this space to share practical, real-world terminal knowledge.
Whether you are a beginner taking your first steps in a Linux environment or a seasoned DevOps engineer looking to optimize your deployment scripts, you will find actionable solutions here. My goal is to help you ditch the mouse, speed up your workflow, and harness the full power of the command line.