DNS Troubleshooting: NSLookup and Dig

How to perform DNS troubleshooting by using nslookup and dig

Share This Post

As we know, DNS is at the backbone of the Internet. Hence, we need to know the basics of DNS troubleshooting. In this post, we will learn how to identify problems in the DNS infrastructure. We will do that by using two powerful command-line tools: nslookup and dig.

DNS Troubleshooting

How and Why

Before starting with DNS troubleshooting, we need to refresh our minds on what DNS does. DNS is a protocol and its infrastructure, with the goal of mapping names to IP addresses. So, troubleshooting DNS means identifying if you are getting this mapping correctly.

DNS troubleshooting is crucial. With it, you can be faster in understanding reachability problems, internet surfing issues, and even mail delivery problems. Almost everything on the Internet relies on DNS, so knowing a thing or two about it will be a great time saver in the long run.

Need to refresh your mind on DNS functionality? We have a detailed post on that.

NSLookup

The command nslookup is the easiest way to troubleshoot DNS, and it is a great way to start. It comes pre-installed on any Windows version, but not on all Linux. If you are running on Linux, you will need to get the dnsutils package (for example, in Ubuntu, use apt-get install dnsutils). On Windows, just open the prompt (Windows+R, then type cmd and hit enter).

Once in the prompt, you can type nslookup. This will enter the nslookup utility. Here, you can simply use ? to see the help.

Nslookup is the native tool on Windows for DNS Troubleshooting.
Nslookup help.

Now that you are inside the nslookup utils, you can define its configuration to run the queries. Typically, you want to query a specific DNS server, and you can provide it with the server keyword. You may also want to specify a domain name, and the type of record to search. To specify the type, timeout, retry and other options, you need to use the keyword set. Her,e for example, we configure nslookup to query the Cloudflare server (1.1.1.1) for MX records only. Then, we query ICTShore.com. To run the query, simply enter the domain you want to resolve and press enter.

> server 1.1.1.1
Default Server:  one.one.one.one
Address:  1.1.1.1

> set type=mx
> ictshore.com
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
ictshore.com    MX preference = 1, mail exchanger = mail.ictshore.com
>

As you can see here, ictshore.com has only 1 MX record, mail.ictshore.com. If we were to query google.com, we would see multiple mail servers as below.

> google.com
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
google.com      MX preference = 10, mail exchanger = aspmx.l.google.com
google.com      MX preference = 20, mail exchanger = alt1.aspmx.l.google.com
google.com      MX preference = 30, mail exchanger = alt2.aspmx.l.google.com
google.com      MX preference = 40, mail exchanger = alt3.aspmx.l.google.com
google.com      MX preference = 50, mail exchanger = alt4.aspmx.l.google.com

Dig

Dig is the pro alternative to nslookup. It is free, and also part of the dnsutils on Linux. However, it is not a native application in Windows. If you are on Windows like me, don’t panic. You need to download dig and install it. Then, you will need to add it to the PATH variable. Nothing too complex, you can get it done in less than 5 minutes by following this guide on how to install dig.

Once you have dig in your prompt, we are ready to start. Unlike nslookup, here you don’t have to enter the dig utility and configure it. Instead, you run the command with all its option in one line. The simple way to get the name resolution (type A, AAA) is with dig <domain name>. You can tune the command as follows:

  • Add @<DNS server> to use a specific server, e.g. dig @1.1.1.1 ictshore.com.
  • Specify the type of record after the domain name to see only that type, e.g. dig ictshore.com MX.
  • Use -X to resolve a PTR record (from IP to name), e.g. dig -X 192.168.1.1.

So far, nothing more advanced than nslookup. Not until we add the most amazing feature: DNS trace. You can use it by adding +trace after the domain name, and it reconstructs the entire resolution process. In this way, you will see all the steps of your query: from querying the root domains to querying the last domain. It is important to see if something breaks.

PTR resolution on Windows

If you have an IP and you want to know if it is mapped with a name, you can use dig with -X option. If you don’t have this tool, on Windows, you can still resort to the old good ping. However, here, use the -a option (e.g. ping -a 192.168.1.1).

Bonus: check DNS propagation

Often times, you create a public DNS entry and you want to see if everyone is receiving it. On your PC, you will have to use dig with multiple servers to see if many DNS servers actually received your new info. You can see the pain of doing so for many entries. Luckily, there is an online tool that can do that for you. I am talking about What’s my DNS, a tool where you can ask DNS queries to multiple DNS servers around the world.

A Quick Summary

DNS troubleshooting means understanding if a name resolves correctly to an IP address. You can do basic troubleshooting with nslookup with nslookup <domain name>, and with dig with dig <domain name>. However, things starts to get interesting if you want to identify the entire flow of your DNS query. In that case, the only tool for you is dig, with the +trace option.

How do you troubleshoot DNS issues? What about DNS propagation? Let me know in the comments.

Picture of Alessandro Maggio

Alessandro Maggio

Project manager, critical-thinker, passionate about networking & coding. I believe that time is the most precious resource we have, and that technology can help us not to waste it. I founded ICTShore.com with the same principle: I share what I learn so that you get value from it faster than I did.
Picture of Alessandro Maggio

Alessandro Maggio

Project manager, critical-thinker, passionate about networking & coding. I believe that time is the most precious resource we have, and that technology can help us not to waste it. I founded ICTShore.com with the same principle: I share what I learn so that you get value from it faster than I did.

Alessandro Maggio

2019-12-19T16:30:09+00:00

Unspecified

Networking

Unspecified