Windows Troubleshooting Tip – NSLookup
Windows Troubleshooting Tip – NSLookup
I’ve published a number of articles on following a simple and straightforward troubleshooting methodology. I advocate a simple and focused approach shown in Figure 1. You can see that symptom identification is the first step, followed by root cause analysis and problem resolution.
Figure 1. MikeDan’s Quick and Dirty Troubleshooting Methodology.
There’s lots of great tools built right in to Windows that will actually help when narrowing down network communications problems. One of my favorites is NSLookup.
What is NSLookup?
Short for Name Server Lookup, NSLookup.exe is a command-line tool that queries a Domain Name System (DNS) server. Most Windows computers use DNS as part of, if not their primary and only means of resolving network names to IP addresses and locating network services like Active Directory.
When you’re troubleshooting a network communication issue like a client not reaching a web site or an application not finding a network server, you might split the possible causes into two questions:
1. Can the client resolve the server name to an IP address?
2. Can the client reach the resolved IP address?
NSLookup runs any DNS query that you want. So it directly contributes to answering the first question. There’s no sense trying to ping or open a SMB connection to a server (both of those steps assume name resolution works!) if name resolution is failing.
How Do I Use It?
Easy enough. These steps are written for Windows 7 but will work for virtually any version from Windows 2000 onwards.
1. Open a command prompt and type NSLookup. You’ll see the name and IP address of the primary DNS server configured on the computer as shown in Figure 2.
Figure 2. The default NSLookup output.
2. Type the name of the target server you’re trying to reach and press Enter. In this example I’m troubleshooting connection issues to two computers: ISOServer and smartboard1-pc. So I just type their names one at a time, and each time DNS is queried and the result is provided.
Figure 3. ISOServer has no DNS entry and smartboard1-pc does.
3. To check a different DNS server’s records for the same systems I tell NSLookup to use a specific server. In this example I use the DNS server at 10.1.0.100 and then re-run the queries as shown in Figure 4.
Figure 4. No results for either computer.
4. I compare the results of these NSLookup queries against the known configuration or against a computer that’s not exhibiting the same symptoms.
5. Note that I ran queries for internal resources against internal DNS. I can also run queries for external servers against either internal or external DNS. For example, in Figure 5 I query the public DNS provided by Level 3 for the IP address of http://www.yahoo.com/. I then compare it against my internal DNS resolution.
Figure 5. Name resolution consistency between DNS servers tends to rule out name resolution issues.
Comparing results between DNS resolvers and queries helps me either rule out name resolution or target it as a likely culprit.
Mike Danseglio -CISSP / CEH
Interface Technical Training – Technical Director and Instructor
You May Also Like
In this SharePoint training video, I want to talk about the Navigation Controls in SharePoint. They tend to fall into two kind of different categories; one with the navigation controls in a typical Collaboration Site such as a Team Site or a Project Site. These are Sites that are based on the Team Site Template … Continue reading Using Navigation Controls in a Collaboration Site in SharePoint
One of the coolest new features in Window Server 2012 and Windows Server 2012 R2 is the ability to clone a Domain Controller. In the past, if we had virtualized Domain Controllers and we actually took a snapshot of it and then rolled back to that snapshot, it would break the logon service on that … Continue reading How to clone a Windows Server 2012 or 2012 R2 Domain Controller
How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015