The 2 NSLOOKUP modes and the most frequently used options

Nov 10

Written by:
Sunday, November 10, 2013 4:02 PM  RssIcon

nslookup.exe can be run in two different modes:

The interactive and the noninteractive mode.

The noninteractive mode is useful when only a single piece of data needs to be returned.

You have to open a cmd.exe (or PS) Shell and from there you can enter "nslookup" together with the desired options. After the result is returned, you are back at the dos – prompt (eg. "C:\>" in my example below). In noninteractive mode you always have to type the "nslookup" – command together with the options!

Here is the SYNTAX in detail of nslookup in the noninteractive mode:

nslookup [-option] [hostname] [server]


type=X - set query type


querytype=X - same as type


hostname = name of the host | domain to query it's ip


server NAME - set default server to NAME, using current default server

With the following query I want to look for the MX record(s) of the "" domain and for this I don't want to query my (default) local Microsoft Windows DNS Server. Instead I want't to query the specific DNS Server "".

"nslookup –type=MX"

Because I run the query from a "normal" workstation which isn't allowed for "direct queries out to a NS" I had to add the additional Firewall rule 20 to the (always) existing rule 19 first.


 Interactive mode is better, when the queries are more complex and you need more than one.

You can "switch" to interactive mode by typing "nslookup" in a dos box:

The Default NameServer to be queried is displayed and the command prompt changes to ">".

You can leave interactive mode by typing the "exit" command

For help you can enter "?" or "help"

Interactive mode query examples:

  • Default NS ( only type = MX and hostname = "mailhost"


C:\> nslookup

Default Server:



> set q=mx

> mailhost


Address: MX preference = 0, mail exchanger = internet address =



  • Change to nameserver and query for ""


Default Server:



> server

Default Server:










> exit



In general the default Server for your nslookup queries is your first DNS – Server you get when you run "ipconfig /all"

On my client I run the query from, the Default DNS Server is my local DNS Server (

 Authoritative and Non-authoritative answers 

to get an authoritative answer you have to "go" to an authoritative nameserver ( in my case one from which is a nameserver registered for your domain (*1)

When you ask the "" (or another zoneedit) server you get an authoritative answer for records of my "" domain hosts. Any other DNS server returns a non-authoritative answer.


When I run "whoisQ from the online service page I get the following 2 nameserver for my domain. = Authoritative Nameserver

On I host my public records for the domain.

The two nameserver of my Internet provider are:


DNS uses caching, this reduces the load on authoritative name servers but means that sometimes records can be out of date.

To see how long a record will be cached, this requires the debug switch.

in interactive mode:

in non-interactive mode:


In the following example you see a (more complex) query example in an AD-Domain with debugging on the root domain is .kitszh.loc with a subdomain org.kitszh.loc - the client where the query is started is located in the "org.kitszh.loc" domain

I query for the "" record (in non-interactive mode)

At first a DNS server (kcm0003) in the ORG subdomain is asked for

then in the Root domain a DNS server (kcm0001) is asked for

the third query returns an non-authoritative answer (answers = 0)


With the following network properties (in the DNS tab) of your active network card, you can change the query - order by activating

(x) Append these DNS suffix (in order): and add the desired domains below

Here is the link to the original MS Technet document about "nslookup"