petes-brain

Troubleshooting DNS Mayhem with nslookup November 12, 2014

One skill set that I find myself using on a nearly daily basis is the ability to troubleshoot DNS issues. This isn’t just for a handful of specialized problems but for a wide variety of issues at all levels of the organization. I do it so often that there is no excuse for not being able to move fast when the time comes.

Recently, I read a post1 that noted the death of nslookup , heralding the supremacy of tools like digg and host. I found myself feeling defensive. In all fairness, it is an old dog. It was even deprecated for some time by the ISC folks. That said however, nslookup is my go-to option for the above mentioned task. “But it’s like, ancient”, you say. Yes, yes it is. And it’s everywhere. The broad advice is “learn to use them all”. Good advice that, but in the real world you’ll find nslookup on more modern operating systems than you can shake a stick at. The best part is that the syntax will be roughly the same on each. Here are some of the ways that I use it regularly.

The quick ‘n dirty

Just need an address? This will give you an answer from your default DNS server (who’s IP it will give you as well).

pete$ nslookup petes-brain.com  
Server:     192.168.1.1  
Address:    192.168.1.1#53  

Non-authoritative answer:  
Name:   petes-brain.com  
Address: 68.171.31.8  

Interactive mode

Kick things into interactive mode by running just:

pete$ nslookup
> 

nslookup will return a lovely little greater than prompt at which you can begin to direct nslookup’s behavior.

> petes-brain.com
Server:     192.168.1.1  
Address:    192.168.1.1#53  

Non-authoritative answer:  
Name:   petes-brain.com  
Address: 68.171.31.8

“A” Records are for suckers

nslookup defaults to returning DNS A records, but DNS zones usually have more to offer. Let’s grab some mail exchanger info.

> set type=mx
> petes-brain.com
Server:     192.168.1.1
Address:    192.168.1.1#53

Non-authoritative answer:
petes-brain.com mail exchanger = 20 ALT1.ASPMX.L.GOOGLE.com.
petes-brain.com mail exchanger = 50 ASPMX3.GOOGLEMAIL.com.
petes-brain.com mail exchanger = 40 ASPMX2.GOOGLEMAIL.com.
petes-brain.com mail exchanger = 30 ALT2.ASPMX.L.GOOGLE.com.
petes-brain.com mail exchanger = 10 ASPMX.L.GOOGLE.com.

Authoritative answers can be found from:

Hey, check it out: we use gmail! And apparently you’re hosed if you want authoritative answers. Moving on!

Sender Policy Framework anyone?

Have you had any trouble with messages from your domain bouncing due to craptacular or non-existent SPF records? Take a look at what you have on record.

> petes-brain.com
Server:     192.168.1.1
Address:    192.168.1.1#53

Non-authoritative answer:
petes-brain.com text = "v=spf1 include:_spf.google.com ~all"

Who’s in charge here anyway?

Ever run into confusion about where DNS is actualy hosted? Just check the start of authority records

> set type=soa
> petes-brain.com
Server:     192.168.1.1
Address:    192.168.1.1#53

Non-authoritative answer:
petes-brain.com
    origin = ns21.domaincontrol.com
    mail addr = dns.jomax.net
    serial = 2014072100
    refresh = 28800
    retry = 7200
    expire = 604800
    minimum = 3600

Ah, yes. Good ol’ domaincontrol.com. Kids, GoDaddy is a very slimy organization. But they’re cheap and easy, so what are you gonna do?

Who you talkin’ to over there?

OK, so up till now we’ve been asking our default DNS server all of these questions. But that may only be part of the picture. Let’s ask someone else.

> server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53

Any other lookups you make while in this interactive session will now be run against Google’s Public DNS.


  1. Michael Smalley isn’t really beating up on nslookup here. He actually does a really great job of introducing you to dig and host.

Categories Uncategorized

Leave a Reply