Console9

How to check DNS records with nslookup

Query all DNS record types for a domain using nslookup with the -type=any flag to view A, MX, NS, SOA, and TXT records.

Query all available DNS records for a domain using nslookup to verify A, AAAA, MX, NS, SOA, and TXT record values.

Prerequisites

  • nslookup installed on the system (included by default on Linux, macOS, and Windows).
  • Terminal or command prompt access.
  • The domain name to query.

Step-by-Step: Check All DNS Records with nslookup

  1. Open a terminal and run nslookup with the -type=any flag to retrieve all DNS record types for the target domain:

    nslookup -type=any example.com

    nslookup sends an ANY query to the configured DNS resolver and returns every record type available for the domain. The output includes A records (IPv4), AAAA records (IPv6), MX records (mail servers), NS records (nameservers), SOA records (zone authority), and TXT records (verification tokens, SPF policies).

  2. To query a single record type, replace any with the specific type. For example, query only the NS records:

    nslookup -type=ns example.com

    nslookup returns the authoritative nameservers for the domain.

  3. To direct the query to a specific DNS server instead of the system default, add the server address as the second argument:

    nslookup -type=any example.com 8.8.8.8

    nslookup sends the ANY query to Google Public DNS (8.8.8.8) and returns the cached records from that resolver.

How to Verify

nslookup displays the queried records under the "Non-authoritative answer" section. Confirm the output contains the expected record types and values. Compare the results against the records configured in the domain's DNS zone.

To verify against the authoritative nameserver directly, first identify the NS record, then query that server:

nslookup -type=ns example.com
nslookup -type=any example.com ns1.example.com

nslookup returns an authoritative answer when querying the domain's own nameserver.

Common Issues

nslookup returns "server can't find" for -type=any.Some DNS servers and resolvers block or restrict ANY queries as a security measure. Query each record type individually ( -type=a, -type=mx, -type=ns) to retrieve the records separately.

nslookup shows "Non-authoritative answer" for all queries.Non-authoritative answers come from the resolver's cache rather than the domain's authoritative nameserver. This is normal behavior. To obtain authoritative answers, query the domain's nameserver directly.

nslookup output shows ";; Truncated, retrying in TCP mode."nslookup received a DNS response larger than 512 bytes over UDP. The tool automatically retries the query using TCP. This message is informational and does not indicate an error.

© 2026 - Console9