Fun with NSLOOKUP

Microsoft Exchange and Lync Server use TXT and SRV records in DNS to publish domain and service connection point information.  Exchange 2007 and 2010 use TXT records for federation and Sender Protection Framework (SPF) records.  Lync 2010 uses SRV records for automatic client sign in and protocol configuration.  Often these records are published in both internal and external DNS zones.  It's important to know that these records are configured properly and have propagated throughout the Internet.  This article explains how to use the Windows built-in tool, nslookup, to confirm the records.

Nslookup can be used both as a single line query or in interactive mode.  It normally returns results for A or CNAME (alias) records.  To view TXT, SRV, or MX records, you must change the nslookup type.  The following single line query looks up the TXT records for a domain:

nslookup -q=txt domain.com

This example shows all the TXT records for the domain theguillets.com:

Note that this query was run against the primary DNS server, 192.168.1.1.  What if you want to run the query against another external DNS server?  Try the following command:

nslookup -q=txt domain.com 8.8.8.8

where 8.8.8.8 is the FQDN or IP address of the DNS server you want to query.  8.8.8.8 is one of the Google DNS servers and returns the following:

This is a good way to check that your DNS data is propagating across the Internet.  On a side note, I've found that Google's DNS servers sometimes take a long time to update.  I use it as my worst case propagation test -- If it's propagated to 8.8.8.8, it's probably propagated everywhere.  Of course, you can substitute the query type ( -q=txt ) with SRV or MX in the command above to lookup those record types.

You can also run queries in interactive mode.  This is useful when you want to look the same query type for several domains.  You start interactive mode by just entering nslookup at the CMD prompt, setting the query type, and entering the domain(s) to query.  The following example displays the SRV records for theguillets.com according to the remote Google DNS server:

C:\>nslookupDefault Server:  UnKnown
Address:  192.168.1.1

> server 8.8.8.8
Default Server:  google-public-dns-a.google.com
Address:  8.8.8.8

> set type=srv
> _sip._tls.extrateam.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
Non-authoritative answer:
_sip._tls.theguillets.com SRV service location:
          priority       = 0
          weight         = 0
          port           = 443
          svr hostname   = edge.theguillets.com
> _sipfederationtls._tcp.theguillets.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
Non-authoritative answer:
_sipfederationtls._tcp.theguillets.com    SRV service location:
          priority       = 0
          weight         = 0
          port           = 5061
          svr hostname   = edge.theguillets.com
> exit
C:\>

Notice that I changed from the default primary DNS server to Google's using the server 8.8.8.8 command and I set the query type to SRV using the set type=srv command.