Knowledge Base

How to troubleshoot DNS with dig and nslookup

This article describes how to use the dig and nslookup tools to test DNS settings. (Microsoft Windows uses nslookup, while Mac OS X and Linux use dig.) You can use these tools to determine the IP address associated with a domain name, obtain the mail server settings for a domain, and much more.

You can use web-based tools or command-line tools to run these types of tests.

For a general introduction to network troubleshooting, please read this article first.

Troubleshooting DNS with web-based tools

If you have never worked at the command line before, web-based network tools provide an easy way to start troubleshooting DNS. There are many web sites that provide these services for free.

For example, to test if DNS propagation is complete, you can visit http://www.whatsmydns.net and specify a domain name. The site displays a global map showing the IP address associated with the domain name for a variety of DNS servers around the world.

For more in-depth DNS testing, you can use the online dig interface at http://www.digwebinterface.com. For example, to view the A record for a domain (and determine the IP address associated with the domain), follow these steps:

  1. Use your web browser to visit http://www.digwebinterface.com.
  2. In the Hostnames or IP addresses text box, type the domain that you want to test.
  3. In the Type list box, select A.
    You can test many different types of DNS records, such as MX and CNAME. For more information about the various DNS record types, please visit http://en.wikipedia.org/wiki/List_of_DNS_record_types.
  4. Under Options, select the Show command check box.
  5. Under Nameservers, select the server that you want to use for the DNS query. You can use the default name server, or select a specific DNS server, like OpenDNS or Google.
  6. Click Dig. The page displays the results from dig, as well as the actual dig command used. If the domain has an A record configured, dig displays the domain name and its associated IP address.

Troubleshooting DNS with command-line tools

Dig (on Mac OS X and Linux) and nslookup (on Microsoft Windows) are the primary command-line tools for troubleshooting DNS issues.

While web-based tools are convenient and easy to use, it is often faster to use a command-line tool on your own system. The exact steps to do this depend on your computer's operating system. Follow the appropriate procedures below for your operating system.

Using nslookup on Microsoft Windows

Microsoft Windows does not include the dig program. However, the nslookup program provides much of the same functionality. To run nslookup on Microsoft Windows, follow these steps:

  1. Open a DOS command window. To do this, click Start, click Run, type cmd, and then press Enter.
  2. At the command prompt, type the following command. Replace example.com with the domain that you want to test:
    nslookup example.com
    • To use a specific DNS server for the query, add the server name or IP address to the end of the command. For example, the following command performs a DNS lookup on the example.com domain using an OpenDNS server (which has IP address 208.67.222.222):
      nslookup example.com 208.67.222.222
    • By default, nslookup looks up the A record for a domain. To look up a different DNS record, you must enter interactive mode. For example, to view the MX (mail exchanger) records for the example.com domain, type nslookup at the command line. At the > nslookup prompt, type the following commands:

      set type=MX
      example.com
  3. Interpret the output from nslookup. For example, the following output shows information for example.com:

    Server:  resolver1.opendns.com
    Address:  208.67.222.222
    
    Name:    example.com
    Address:  93.184.216.119
    

    From this, we can see that example.com is currently pointing to IP address 93.184.216.119. We can also see that DNS server resolver1.opendns.com was used for the query.

Using dig on Apple Mac OS X and Linux

To run the dig program on Mac OS X and Linux, follow these steps:

  1. Open a terminal window. The procedure to do this depends on the operating system and desktop environment:
    • On Mac OS X, click Applications, click Utilities, and then click Terminal.
    • On Linux, open a terminal window.
  2. At the command prompt, type the following command. Replace example.com with the domain that you want to test:

    dig example.com
    
    • To use a specific DNS server for the query, use the @ option. For example, the following dig command performs a DNS lookup on the example.com domain using an OpenDNS server (which has IP address 208.67.222.222):
      dig @208.67.222.222 example.com
    • By default, dig displays the A record for a domain. To look up a different DNS record, add it to the end of the command. For example, to look up the MX (mail exchanger) record for the example.com domain, type the following command:

      dig example.com MX
  3. Interpret the output from dig. For example, the following output shows the dig information for example.com:

    [email protected]:~$ dig example.com
    ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> example.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46803
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;example.com.   IN A
    
    ;; ANSWER SECTION:
    example.com.  2424 IN A 93.184.216.119
    
    ;; Query time: 12 msec
    ;; SERVER: 192.168.0.1#53(192.168.0.1)
    ;; WHEN: Thu Jan  9 16:07:09 2014
    ;; MSG SIZE  rcvd: 45
    

    Dig displays a QUESTION SECTION (the request) and an ANSWER SECTION (what the DNS server sends in response to the request). In this case, we used the default options for dig, which simply looks up the A record for a domain. From this, we can see that example.com currently points to IP address 93.184.216.119.