Using Nslookup in Windows to List DNS Servers and Records


Nslookup (name server lookup) is a command-line tool that is used to diagnose and validate DNS servers and records, and to find name resolution problems in the DNS subsystem. The nslookup tool was originally developed as a part of the BIND package and ported to Windows by Microsoft. Nslookup is currently a built-in tool in all supported versions of Windows.


How to Use Nslookup to Check DNS Records?

Using the nslookup utility, you can determine the IP address of any server by its DNS name, perform the reverse DNS lookup, and get information about the various DNS records for a specific domain name.

When running, Nslookup sends queries to the DNS server that is specified in your network connection settings. This address is considered the default (preferred) DNS server. The user can specify the address of any other available DNS server. As a result, all subsequent DNS requests will be sent to it.


You can view or change your preferred and alternative DNS server IP addresses in the network connection properties.

nslookup list dns servers

Or you can get your DNS server setting from the CLI prompt using the ipconfig command:

ipconfig /all

list all dns servers in domain

You can use the nslookup tool in interactive or non-interactive mode.


To run a DNS query using nslookup tool in non-interactive mode, open a Command prompt, and run the command:


nslookup dns server list

In this example, we requested the IP address of domain. The nslookup utility queries the DNS server (it is specified in the Server line) and it returned that this name matches the IP address (A and AAAA records are shown by default).

This response indicates that your DNS server is available, works properly, and processes requests for resolving DNS names.

If you received such an answer:


Address: хх.хх.хх.хх

*** can’t find Non-existent domain


This means that no entries were found for this domain name on the DNS server.

If your DNS server is unavailable or not responding, you will receive a DNS request timed out error.

find all dns servers on network

In this case, check if you have specified the correct DNS server address and whether there is a problem with the network connection from the IS provider.

The Non-authoritative answer means that the DNS server that executed the request is not the owner of the zone (there are no records about this domain in its database) and to perform name resolution a recursive query to another DNS server was used.

You can enable and disable the recursive nslookup mode using the commands (by default, recursive DNS queries are enabled):

set recurse

set norecurse

You can access an authoritative DNS server by specifying its address directly in the parameters of the nslookup utility. For example, to resolve a name on the authoritative DNS server (that contains this domain) use the command:


When you run nslookup without parameters, the utility switches to the interactive mode. In this mode, you can execute various commands. A complete list of available internal commands of the nslookup utility can be displayed by typing a question.


Tip. Note that nslookup commands are case sensitive.

find all dns servers on domain

To close the interactive nslookup session, type exit and press Enter.

To find the DNS servers that are responsible for a specific domain (Name Server authoritative servers), run the following commands:

set query=ns

nslookup list all records

You can perform reverse lookups (get DNS name by IP address). Just type the IP address in the nslookup interactive prompt and press Enter.

nslookup show dns server

Using Nslookup to Get Different DNS Record Types

The default nslookup resource records type is A and AAAA, but you can use different types of resource records:

  • A
  • ANY
  • GID
  • HINFO:
  • MB
  • MG
  • MINF
  • MR
  • MX
  • NS
  • PTR
  • SOA
  • TXT
  • UID
  • WKS

You can set specific record types to lookup using the nslookup parameter:


For example, to list all mail servers configured for a specific domain (MX, Mail eXchange records), run the command:

nslookup -type=mx

find dns servers on network

Non-authoritative answer:   MX preference = 10, mail exchanger =   MX preference = 20, mail exchanger =      internet address =      internet address =


As you can see, this domain has 2 MX records with priorities 10 and 20 (the lower the number, the higher the priority of the MX address). If you don’t see MX records, they probably just aren’t configured for that domain.

To list all DNS records in the domain zone, run the command:

nslookup -type=any

list all dns records for a domain nslookup

Non-authoritative answer:   internet address =   nameserver =   nameserver =   MX preference = 10, mail exchanger =   MX preference = 20, mail exchanger =       internet address =       internet address =      internet address =      internet address =

To get the SOA record (Start of Authority – start DNS zone record, which contains information about the domain zone, its administrator’s address, serial number, etc.), use the option -type=soa:

nslookup -type=soa

primary name server =


responsible mail addr =

serial = 1601449549

refresh = 43200 (12 hours)

retry = 3600 (1 hour)

expire = 604800 (7 days)

default TTL = 3601 (1 hour 1 sec) internet address = AAAA IPv6 address = 2610:a1:1022::200


nslookup nameservers

  • primary name server;
  • responsible mail addr — domain administrator email address (该邮件地址已受到反垃圾邮件插件保护。要显示它需要在浏览器中启用 JavaScript。). Since the @ symbol in the zone description has its own meaning, it is replaced by a dot in this field);
  • serial — the serial number of the zone file, used to record changes. The following format is usually used: YYYYMMDDHH;
  • refresh — the period of time (in seconds) after which the secondary DNS server will send a request to the primary one to check if the serial number has changed;
  • retry — specifies the interval for reconnecting to the primary DNS server if for some reason it was unable to respond to the request;
  • expire — specifies how long the DNS cache is kept by the secondary DNS server, after which it will be considered expired;
  • default TTL — “Time to Live” seconds. Refers to how long your DNS settings must be cached before they are automatically refreshed.

If you want to list the TXT records of a domain (for example, when viewing SPF settings), run the command:

nslookup -type=TXT

The debug option allows you to get additional information contained in the headers of client DNS requests and server responses (lifetime, flags, record types, etc.):

set debug

how to find all dns servers in domain

You can view the current values for all specified nslookup options with the command:

> set all

Default Server:



Set options:




















list dns servers in domain

By default, DNS servers listen on UDP port 53, but you can specify a different port number if necessary using the -port option:

nslookup port 56

or interactively:

set port = 56

You can change the interval to wait for a response from the DNS server. This is usually necessary on slow or unstable network links. By default, if no response comes within 5 seconds, the request is repeated, increasing the waiting time by two times. But you can manually set this value in seconds using the -timeout option:

nslookup -timeout=10

So, in this article, we covered the basics of working with the nslookup command on Windows.

If the directory is removed from IIS, but remains in AD, you must first remove the directory from AD using the Remove-XXXVirtualDirectory cmdlet (where XXX is the name of the directory: ECP, OWA, etc.).


get all dns servers in domain

If the directory is still in IIS but is not present in the Active Directory configuration, you must remove it from the IIS configuration. To do this, we need the Metabase Explorer tool from the IIS 6 Resource Kit (requires Net Framework 3.5 Feature).

Launch IIS Metabase Explorer, go to Exchange > LM > W3SVC > 1 > ROOT. Delete the directory you want by right-clicking on it and choosing Delete.

list all dns servers

Restart IIS:

iisreset /force

Now attempt to create the virtual directory again using the New-EcpVirtualDirectory, New-OwaVirtualDirectory, or New-WebApplication cmdlets










电邮:该邮件地址已受到反垃圾邮件插件保护。要显示它需要在浏览器中启用 JavaScript。