Nslookup lets you query DNS records, switch name servers, and spot domain resolution errors from a terminal with clear, direct output.
When a site will not load, email starts bouncing, or a new DNS change refuses to show up, nslookup is one of the first tools worth opening. It is simple, built into Windows, and easy to run from macOS or Linux when the package is available. You type a hostname, ask for a record type, and get an answer from a DNS server.
That sounds small. It is not. DNS sits between a domain name and the service behind it. If the record is wrong, stale, or missing, the app may look broken even when the server is fine. Nslookup helps you separate a DNS fault from a web server fault, an email setup fault, or a local resolver fault.
This article shows what nslookup does, how to run the most useful commands, what the output means, and where people get tripped up. By the end, you should be able to check A, AAAA, MX, TXT, CNAME, NS, and PTR records without guessing.
How to Use nslookup On Windows, Mac, And Linux
At its core, nslookup sends a DNS query to a resolver and prints the reply. The tool can run in two ways. Noninteractive mode is the one-line style. Interactive mode keeps you inside the tool so you can run several checks in a row.
Start With A Plain Lookup
Open Terminal, Command Prompt, or PowerShell and type a domain name after the command:
nslookup example.comThis asks your default DNS resolver for the domain’s address records. On many systems, the reply shows the server that answered and then the result. If the name has an IPv4 address, you will usually see an A record result. On many modern domains, you may also need an AAAA lookup to check IPv6.
Use A Specific DNS Server
If you want to compare answers from another resolver, add its IP address after the domain:
nslookup example.com 1.1.1.1That is handy when your local ISP resolver shows stale data or when you want to confirm that a public resolver sees a recent DNS update. Microsoft’s command reference shows this command structure and also notes that nslookup can run in interactive and noninteractive modes. Microsoft’s nslookup command documentation is the clean source for the syntax and built-in options.
Enter Interactive Mode
Type nslookup by itself and press Enter:
nslookupYou should see a prompt that looks like this:
>Now you can switch record types, point to another resolver, and run several queries without retyping the whole command each time. Exit with:
exitWhat Nslookup Is Actually Showing You
DNS stores different kinds of records for different jobs. Nslookup becomes far more useful once you know what each record tells you.
A And AAAA Records
An A record maps a hostname to an IPv4 address. An AAAA record maps a hostname to an IPv6 address. If a site loads over one network and fails over another, checking both can save time. A missing AAAA record is fine if the service does not use IPv6. A wrong AAAA record is not.
CNAME Records
A CNAME points one hostname to another hostname. You will often see this with CDN hostnames, app subdomains, and service verification flows. If a CNAME target is wrong, the end service may fail even when the target server is healthy.
MX Records
MX records tell mail servers where to deliver email for a domain. If mail will not land, this is one of the first checks to run. You can also use nslookup to check whether the listed mail hostnames resolve cleanly to valid A or AAAA records.
TXT Records
TXT records carry plain text data. In real use, that often means SPF, domain verification, DMARC, DKIM keys, and service ownership checks. When a setup page says “add this TXT record,” nslookup gives you a fast way to see whether it has appeared publicly.
NS And PTR Records
NS records show the name servers for a zone. PTR records do the reverse of an A record: they map an IP address back to a hostname. PTR checks matter a lot in email delivery. Google’s sender rules state that the sending IP should have a PTR record that resolves to a hostname, and that hostname should map back through A or AAAA to the same public IP. Google’s email sender guidelines spell out that forward-and-reverse match.
If you run mail infrastructure, that PTR check is not a nice extra. It is one of the first things many receiving systems expect to see.
Most Useful Nslookup Commands For Daily Work
You do not need every option. A small set of commands handles most real-world checks.
Query A Specific Record Type
In one-line mode, use the type switch:
nslookup -type=A example.com
nslookup -type=AAAA example.com
nslookup -type=MX example.com
nslookup -type=TXT example.com
nslookup -type=NS example.comIn interactive mode, set the record type once and then query names one after another:
nslookup
set type=MX
example.comThis is a smoother way to work when you are checking several domains or several hostnames inside one zone.
Switch DNS Servers Mid-Session
Inside interactive mode, you can change the resolver:
server 8.8.8.8That lets you compare answers from your local resolver, a public resolver, and the authoritative path you trust most. If one server returns the new record and another returns the old one, you are usually dealing with cache timing, resolver lag, or split DNS.
Run A Reverse Lookup
Reverse lookups are simple. Query the IP address:
nslookup 203.0.113.10If a PTR record exists, nslookup should return the hostname. If it does not, you may get no PTR answer at all. For outbound email, that mismatch can hurt delivery and trust.
| Task | Nslookup Command | What You Learn |
|---|---|---|
| Check default address lookup | nslookup example.com |
Shows the domain’s basic DNS answer from your current resolver. |
| Check IPv4 only | nslookup -type=A example.com |
Returns the IPv4 address record. |
| Check IPv6 only | nslookup -type=AAAA example.com |
Returns the IPv6 address record. |
| Check mail routing | nslookup -type=MX example.com |
Shows which mail hosts accept mail for the domain. |
| Check TXT records | nslookup -type=TXT example.com |
Shows SPF, verification, DMARC, or other text records. |
| Check name servers | nslookup -type=NS example.com |
Shows which servers host the zone. |
| Check reverse DNS | nslookup 203.0.113.10 |
Shows the PTR hostname tied to an IP address. |
| Use another resolver | nslookup example.com 1.1.1.1 |
Lets you compare answers from a different DNS server. |
| Work inside the tool | nslookup |
Starts interactive mode for repeated checks and server changes. |
How To Read The Output Without Getting Lost
Nslookup output is not pretty, though it is direct. Once you know the layout, it gets easy to read.
Server And Address At The Top
The first lines usually show which resolver answered your query. That is not the record you asked for. It is the DNS server nslookup used. If you get a strange answer, check that line first. You may be querying a local router, a company resolver, or a VPN DNS endpoint without noticing it.
Non-authoritative Answer
You will often see “Non-authoritative answer.” That does not mean the result is wrong. It means the reply came from a resolver cache instead of straight from the zone’s authoritative name server. Cached answers are normal. They only become a problem when you are waiting on a recent DNS change and the cache has not expired yet.
Aliases And Canonical Names
If a hostname uses a CNAME, nslookup may show an alias first and then the final address record after that. Read the chain in order. If the alias is right but the final target is wrong, the fix belongs at the target hostname, not the alias.
NXDOMAIN, Timeout, And No Response
These are not the same failure.
- NXDOMAIN means the name does not exist in DNS.
- Timed out means a server did not answer in time.
- No response from server points to a resolver issue, firewall block, dead DNS service, or broken network path.
If one resolver times out and another answers, the domain may be fine and the chosen resolver may be the real fault.
Common Real-World Checks With Nslookup
Website Won’t Load After A DNS Change
Start by checking the new A and AAAA records from your default resolver and one public resolver. If the records differ, you are waiting on cache expiry or resolver refresh. If both return the wrong IP, the zone itself is probably still wrong.
Email Setup Is Failing
Check MX first. Then check the hostnames inside the MX records to make sure they resolve. Then check the TXT records for SPF or verification strings. If you run your own sending server, add a PTR lookup on the sending IP too.
Subdomain Verification Is Stuck
TXT checks are the fastest path here. Query the exact hostname where the TXT record should live. A common slip is adding the record at the root when the service expects it on a subdomain, or adding the host label twice inside the DNS panel.
CDN Or Proxy Traffic Is Hitting The Wrong Place
Check the CNAME chain. Then query the target hostname directly. If the alias is correct and the target is wrong, the issue sits lower in the chain. If the alias itself points to the wrong service hostname, the panel entry is the one to fix.
| Symptom | Record To Check First | Usual Cause |
|---|---|---|
| Site loads old server | A / AAAA | Stale cache, wrong IP, or split DNS between resolvers. |
| Mail bounces or never arrives | MX | Missing mail host, bad priority setup, or unresolved target hostname. |
| Domain verification fails | TXT | TXT record at the wrong host label or not public yet. |
| Reverse lookup fails | PTR | No PTR record or PTR does not match forward DNS. |
| Subdomain points to wrong app | CNAME | Alias points to the wrong target hostname. |
| Zone delegation looks wrong | NS | Registrar and hosted zone do not match. |
Nslookup Tips That Save Time
Query The Exact Hostname
If the record belongs on _dmarc.example.com or app.example.com, query that exact name. Querying only the root domain can hide the record you need.
Compare More Than One Resolver
One answer does not always tell the whole story. Compare your local resolver with a public resolver when DNS changes are fresh. If both match, you can trust the result more. If they differ, the issue may be propagation, cache life, or local policy.
Do Not Mix Up DNS And HTTP
Nslookup checks DNS. It does not tell you whether the web server is healthy, whether TLS is valid, or whether the app behind the hostname is returning a good page. If DNS is right and the site still fails, move on to ping, curl, browser dev tools, server logs, or your load balancer checks.
Know When The Tool Feels Old
Nslookup still works well for fast DNS checks. Many engineers prefer dig for richer output and easier scripting on Unix-like systems. Still, nslookup wins on one point: it is familiar, short, and available on many machines where you need a quick answer right now.
Mistakes People Make When They Use Nslookup
The most common mistake is reading the resolver at the top and thinking that is the DNS record for the domain. The second is querying the wrong hostname. The third is treating one resolver’s stale answer as proof that the zone is broken.
Another slip is checking MX records and stopping there. The MX answer can be present while the target mail hostnames fail to resolve. The same thing happens with CNAME chains. You need to follow the path until you reach the final address records.
One more trap: local search suffixes. On some systems, a short name may have a default DNS suffix appended. If you want the fully qualified name only, type the full hostname you mean.
When Nslookup Gives You The Answer You Need
Use nslookup when the question is, “What does DNS say right now?” That includes address records, mail records, TXT checks, reverse DNS, and name server checks. It is fast, direct, and enough for a big share of day-to-day DNS work.
If you build websites, run apps, manage email, or move services between hosts, that skill pays off again and again. A two-minute nslookup session can spare you an hour spent hunting in the wrong layer.
References & Sources
- Microsoft Learn.“nslookup”Provides the official command syntax, interactive and noninteractive modes, common options, and sample usage for nslookup.
- Google Workspace Admin Help.“Email sender guidelines”States that sending IPs should have matching PTR and forward A or AAAA records, which supports the reverse DNS section.