cloudflare-dns.com/dns-query
and format results exactly like real nslookup terminal output. The DNS server field is shown in output (as nslookup would display it) — actual resolution uses DoH.
nslookup output follows the same structure every time — once you learn to read it, DNS becomes obvious. Click each example to expand.
nslookup devdunia.com (A record)Server: 8.8.8.8 — the resolver you're querying (Google Public DNS).Address: 8.8.8.8#53 — the #53 suffix means port 53 (the standard DNS port, UDP by default).
Name/Address pair per record. Your browser will typically use the first IP that responds.
nslookup -type=MX gmail.com (mail servers)mail exchanger = is the priority — lower = higher preference. Sending mail servers try priority 5 first (gmail-smtp-in.l.google.com), then fall back to 10, 20, etc. if the primary is unreachable. This is how email stays reliable.
dig, nslookup uses -type=MX or -query=MX syntax (both work). On some systems you can also type set type=MX in interactive mode. Windows nslookup uses -type, Linux/macOS prefer -query.
nslookup -type=NS devdunia.com (nameservers)dig puts in the ADDITIONAL section. You can verify the nameserver IPs are resolving correctly.
nslookup -type=TXT github.com (TXT records)~all means "soft fail" (suspicious but accept), while -all means "hard fail" (reject unauthorized senders).
MS=), Atlassian, Apple, and Stripe. These services make you add a TXT record to prove you control the domain before they activate their services for it.
nslookup is pre-installed on all major platforms — no installation needed. The syntax is almost identical everywhere, with minor flag differences noted below.
✔ Ships with Windows since Windows 2000. Works in CMD, PowerShell, and Windows Terminal.
✔ Pre-installed on all macOS versions. Tip: macOS also has dig and host built in.
✔ Part of bind-utils (RHEL/CentOS) or dnsutils (Debian/Ubuntu).
Type nslookup with no arguments to enter interactive mode. A > prompt appears. Then type commands:
Both tools query DNS, but they have very different strengths. Here's when to reach for each one.
| Feature | nslookup | dig | Winner |
|---|---|---|---|
| Windows availability | BUILT-IN | NEEDS INSTALL (WSL or third-party) | nslookup 🏆 |
| macOS availability | BUILT-IN | BUILT-IN | TIE |
| Linux availability | NEEDS dnsutils | NEEDS bind-utils | TIE |
| Output verbosity | Simpler, human-friendly | Detailed, structured (flags, sections, TTL) | dig 🤖 for debugging |
| Scripting / automation | LIMITED — inconsistent output format | EXCELLENT — +short, -f batch flag |
dig 🏆 |
| Interactive mode | YES — set type=, server commands |
YES — but less used | nslookup 🏆 |
| Batch file queries | LIMITED — shell loops only | YES — dig -f domains.txt |
dig 🏆 |
| DNSSEC info | NO | YES — +dnssec, ad flag |
dig 🏆 |
| Reverse DNS lookup | nslookup 8.8.8.8 — automatic |
dig -x 8.8.8.8 — explicit flag |
nslookup 🏆 (easier) |
| Beginner friendly | YES — clean output, intuitive | MEDIUM — lots of output to parse | nslookup 🏆 |
dig +short for fast one-liners.
When you run nslookup devdunia.com, here's exactly what happens under the hood:
nslookup reads your system resolver — it looks up the DNS server configured on your machine (usually from /etc/resolv.conf on Linux/macOS, or network adapter settings on Windows). That's the server it shows in the "Server: 8.8.8.8" line. You can override it by passing a server as the second argument: nslookup devdunia.com 1.1.1.1.
UDP query sent to port 53 — nslookup crafts a DNS query packet and sends it over UDP to your resolver on port 53 (shown as #53 in the output). UDP is used because DNS queries are tiny and speed matters — TCP is only used as fallback when the response is too large for one UDP packet.
Resolver checks its cache — or recurses — Your resolver (e.g. 8.8.8.8) either has the answer cached from a recent query, or it performs a full recursive lookup: Root servers → TLD nameservers → authoritative nameservers. Because 8.8.8.8 serves billions of queries, most popular domains are cached, giving you a fast response.
Non-authoritative vs authoritative answer — If the resolver fetched the answer from the domain's own authoritative nameservers, the authoritative nameserver itself would respond directly (no "Non-authoritative answer" label). Since 8.8.8.8 is not the authoritative server for devdunia.com, it displays "Non-authoritative answer" — meaning it got the data from the authoritative server and cached it. To get an authoritative answer directly, you'd query the domain's own nameserver: nslookup devdunia.com ns1.digitalocean.com.
Result displayed and cached — nslookup displays the answer and exits (in non-interactive mode). The resolver caches the result for the record's TTL (Time To Live) — typically 300–86400 seconds. Until TTL expires, future queries hit the cache instantly. When you update DNS records, you may need to wait for TTL to expire before new values propagate worldwide.
Comes directly from the domain's own nameserver. No "Non-authoritative answer" label. Guaranteed to be the latest data. Query: nslookup domain.com ns1.domain.com
Comes from a recursive resolver's cache. May be seconds or hours old (up to TTL). Perfectly normal — this is how DNS works at scale. Not a problem!
How many seconds resolvers may cache the record. Before migrating DNS: lower TTL to 300. After migration confirms working: raise back to 3600 or 86400.
nslookup says "can't find domain: NXDOMAIN" — the domain doesn't exist in DNS. Check for typos, or verify the domain is registered and has DNS records configured.