
z/OS TCP/IP NSLOOKUP Command Usage

How to use NSlookup

Nslookup.exe is a command-line administrative tool for testing and troubleshooting DNS servers. This tool is installed along with the TCP/IP protocol through Control Panel. This article includes several tips for using Nslookup.exe.
To use Nslookup.exe, please note the following:

The TCP/IP protocol must be installed on the computer running Nslookup.exe
At least one DNS server must be specified in the DNS Service Search Order field on the DNS tab of the Microsoft TCP/IP Properties page.
Nslookup will always devolve the name from the current context. If you fail to fully qualify a name query (that is, use trailing dot), the query will be appended to the current context. For example, the current DNS settings are att.com and a query is performed on www.microsoft.com; the first query will go out as www.microsoft.com.att.com because of the query being unqualified. This behavior may be inconsistent with other vendor's versions of Nslookup, and this article is presented to clarify the behavior of Microsoft Windows NT Nslookup.exe
If you have implemented the use of the search list in the Domain Suffix Search Order defined on the DNS tab of the Microsoft TCP/IP Properties page, devolution will not occur. The query will be appended to the domain suffixes specified in the list. To avoid using the search list, always use a Fully Qualified Domain Name (that is, add the trailing dot to the name).

Nslookup.exe can be run in two modes: interactive and noninteractive. Noninteractive mode is useful when only a single piece of data needs to be returned. The syntax for noninteractive mode is:

   nslookup [-option] [hostname] [server]

To start Nslookup.exe in interactive mode, simply type "nslookup" at the command prompt:

   C:\> nslookup
   Default Server:  nameserver1.domain.com
   Address:  10.0.0.1
   >

Typing "help" or "?" at the command prompt will generate a list of available commands. Anything typed at the command prompt that is not recognized as a valid command is assumed to be a host name and an attempt is made to resolve it using the default server. To interrupt interactive commands, press CTRL+C. To exit interactive mode and return to the command prompt, type exit at the command prompt.

The following is the help output and contains the complete list of options:

Commands:   (identifiers are shown in uppercase, [] means optional)

 NAME            - print info about the host/domain NAME using default 
                   server
 NAME1 NAME2     - as above, but use NAME2 as server
 help or ?       - print info on common commands
 set OPTION      - set an option

    all                 - print options, current server and host
    [no]debug           - print debugging information
    [no]d2              - print exhaustive debugging information
    [no]defname         - append domain name to each query
    [no]recurse         - ask for recursive answer to query
    [no]search          - use domain search list
    [no]vc              - always use a virtual circuit
    domain=NAME         - set default domain name to NAME
    srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1, N2, 
                          and so on
    root=NAME           - set root server to NAME
    retry=X             - set number of retries to X
    timeout=X           - set initial time-out interval to X seconds
    type=X              - set query type (for example, A, ANY, CNAME, MX, 
                          NS, PTR, SOA, SRV)
    querytype=X         - same as type
    class=X             - set query class (for example, IN (Internet), ANY)
    [no]msxfr           - use MS fast zone transfer
    ixfrver=X           - current version to use in IXFR transfer request

 server NAME     - set default server to NAME, using current default server
 lserver NAME    - set default server to NAME, using initial server
 finger [USER]   - finger the optional NAME at the current default host
 root            - set current default server to the root
 ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to 
                  FILE)

    -a          -  list canonical names and aliases
    -d          -  list all records
    -t TYPE     -  list records of the given type (for example, A, CNAME, 
                   MX, NS, PTR, and so on)

 view FILE       - sort an 'ls' output file and view it with pg
 exit            - exit the program

A number of different options can be set in Nslookup.exe by running the set command at the command prompt. A complete listing of these options is obtained by typing set all . See above, under the set command for a printout of the available options.

Looking up Different Data Types

To look up different data types within the domain name space, use the set type or set q[uerytype] command at the command prompt. For example, to query for the mail exchanger data, type the following:

   C:\> nslookup
   Default Server:  ns1.domain.com
   Address:  10.0.0.1

   > set q=mx
   > mailhost
   Server:  ns1.domain.com
   Address:  10.0.0.1

   mailhost.domain.com     MX preference = 0, mail exchanger =
                           mailhost.domain.com
   mailhost.domain.com     internet address = 10.0.0.5
   >

The first time a query is made for a remote name, the answer is authoritative, but subsequent queries are nonauthoritative. The first time a remote host is queried, the local DNS server contacts the DNS server that is authoritative for that domain. The local DNS server will then cache that information, so that subsequent queries are answered nonauthoritatively out of the local server's cache.

Querying Directly from Another Name Server

To query another name server directly, use the server or lserver commands to switch to that name server. The lserver command uses the local server to get the address of the server to switch to, while the server command uses the current default server to get the address.

Example:

   C:\> nslookup

   Default Server:  nameserver1.domain.com
   Address:  10.0.0.1

   > server 10.0.0.2

   Default Server:  nameserver2.domain.com
   Address:  10.0.0.2
   >

Using Nslookup.exe to Transfer Entire Zone

Nslookup can be used to transfer an entire zone by using the ls command. This is useful to see all the hosts within a remote domain. The syntax for the ls command is:

   ls [- a | d | t type] domain [> filename]

Using ls with no arguments will return a list of all address and name server data. The -a switch will return alias and canonical names, -d will return all data, and -t will filter by type.

Example:

   >ls domain.com
   [nameserver1.domain.com]
    nameserver1.domain.com.    NS     server = ns1.domain.com
    nameserver2.domain.com                 NS     server = ns2.domain.com
    nameserver1                            A      10.0.0.1
    nameserver2                            A      10.0.0.2

   >

Zone transfers can be blocked at the DNS server so that only authorized addresses or networks can perform this function. The following error will be returned if zone security has been set:

*** Can't list domain example.com .: Query refused

For additional information, please see the following article(s) in the Microsoft Knowledge Base:

Windows NT 4.0 DNS Server Default Zone Security Settings

Troubleshooting Nslookup.exe

Default Server Timed Out

When starting the Nslookup.exe utility, the following errors may occur:

*** Can't find server name for address w.x.y.z : Timed out

NOTE : w.x.y.z is the first DNS server listed in the DNS Service Search Order list.

*** Can't find server name for address 127.0.0.1: Timed out

The first error indicates that the DNS server cannot be reached or the service is not running on that computer. To correct this problem, either start the DNS service on that server or check for possible connectivity problems.

The second error indicates that no servers have been defined in the DNS Service Search Order list. To correct this problem, add the IP address of a valid DNS server to this list.

For additional information, please see the following article(s) in the Microsoft Knowledge Base:

NSLOOKUP: Can't Find Server Name for Address 127.0.0.1

Can't Find Server Name when Starting Nslookup.exe

When starting the Nslookup.exe utility, the following error may occur:

*** Can't find server name for address w.x.y.z: Non-existent domain

This error occurs when there is no PTR record for the name server's IP address. When Nslookup.exe starts, it does a reverse lookup to get the name of the default server. If no PTR data exists, this error message is returned. To correct make sure that a reverse lookup zone exists and contains PTR records for the name servers.

For additional information, please see the following article(s) in the Microsoft Knowledge Base:

How to Install and Configure Microsoft DNS Server

Nslookup on Child Domain Fails

When querying or doing a zone transfer on a child domain, Nslookup may return the following errors:

*** ns.domain.com can't find child.domain.com.: Non-existent domain

*** Can't list domain child.domain.com.: Non-existent domain

In DNS Manager, a new domain can be added under the primary zone, thus creating a child domain. Creating a child domain this way does not create a separate db file for the domain, thus querying that domain or running a zone transfer on it will produce the above errors. Running a zone transfer on the parent domain will list data for both the parent and child domains. To work around this problem, create a new primary zone on the DNS server for the child domain.