The fourth post in my PowerShell Beginner series, “Daily Tasks, The PowerShell Way“. Use PowerShell’s Resolve-DnsName cmdlet as a more powerful successor to ‘nslookup’.
What’s in a name?
Any seasoned IT Pro knows that the names we see for servers or in web URLs ultimately need to “resolve” or translate to a numerical IP address. Computers perform this resolution using a worldwide network of Domain Name System (DNS) servers. When your browser attempts to go to https://thinkpowershell.com, your computer will send a query to a DNS server with the hostname “thinkpowershell.com”, and the DNS server will return the IP address of the server hosting the website. Your DNS server will likely have to forward a query to other DNS servers to get the correct IP address.
nslookup (name server lookup) is a command line tool that has been around for years for performing this lookup activity on demand. You can specify the hostname or website domain name for which you want to “lookup” the IP address. Additionally, with the second positional parameter you can specify the IP address of a specific DNS server you want to query. It is a helpful tool, but it only returns CNAME , A, and AAAA record information, and not as a script-usable object.
C:\Users\aaron>nslookup www.microsoft.com 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Non-authoritative answer: Name: e10088.dspb.akamaiedge.net Addresses: 2600:1407:9:28c::2768 2600:1407:9:295::2768 23.72.44.137 Aliases: www.microsoft.com www.microsoft.com-c.edgekey.net www.microsoft.com-c.edgekey.net.globalredir.akadns.net
Use Resolve-DnsName for more control over DNS lookups
Using the Resolve-DnsName cmdlet, you can specify much more than just a hostname and DNS server. In its simplest form, you can run Resolve-DnsName hostname to perform a quick lookup against your computer’s configured DNS server.
PS C:\Users\aaron> Resolve-DnsName thinkpowershell.com Name Type TTL Section IPAddress ---- ---- --- ------- --------- thinkpowershell.com A 5284 Answer 173.236.158.197
You might be thinking,”that cmdlet name is more to type than nslookup”, but in reality it is 4 characters (“reso”) + TAB for it to autocomplete, so it is actually LESS typing.
The -Server parameter lets you specify the DNS server to which to send your query. Here we send it to Google DNS.
PS C:\Users\aaron> Resolve-DnsName thinkpowershell.com -Server 8.8.8.8 Name Type TTL Section IPAddress ---- ---- --- ------- --------- thinkpowershell.com A 5284 Answer 173.236.158.197
The Resolve-DnsName cmdlet has some additional parameters which make it more precise than nslookup. By default, your DNS Client service will try to resolve a hostname in the following order:
- Local HOSTS file
- DNS Client Resolver Cache
- DNS server query
If you are attempting to troubleshoot a hostname’s resolution, you may want more control over the name resolution logic than nslookup can give, because nslookup will immediately skip to step 3, query DNS server.
Local HOSTS File
For example, let’s say you have a HOSTS file entry for twitter.com to resolve to 10.10.10.10 and you want to make sure your computer is using the HOSTS file entry. If I run nslookup with the domain name, it queries my DNS server and returns the public IP for twitter.com:
C:\Users\aaron>nslookup twitter.com Server: shs1fw1 Address: 10.1.10.1 Non-authoritative answer: Name: twitter.com Addresses: 199.59.149.198 199.59.148.82 199.59.148.10 199.59.150.7
In contrast, if I run Resolve-DnsName with no additional parameters, it correctly returns the resolved address from the HOSTS file, even if I were to specify a DNS server with the -Server parameter.
PS C:\Users\aaron> Resolve-DnsName twitter.com Name Type TTL Section IPAddress ---- ---- --- ------- --------- twitter.com A 86400 Answer 10.10.10.10
Now let’s say I want to exclude HOSTS file resolution from my troubleshooting. I can use the -NoHostsFile parameter switch and it will skip step 1 in the resolution process.
PS C:\Users\aaron> Resolve-DnsName twitter.com -NoHostsFile Name Type TTL Section IPAddress ---- ---- --- ------- --------- twitter.com A 20 Answer 199.59.148.10 twitter.com A 20 Answer 199.59.150.7 twitter.com A 20 Answer 199.59.150.39 twitter.com A 20 Answer 199.59.149.230
DNS Client Resolver Cache and DNS Server query
Let’s take another example where you think your cached DNS entry for a server may be incorrect or non-existent. With Resolve-DnsName, you can use the –CacheOnly switch parameter to only resolve against step 1 and 2 (use it in conjunction with -NoHostsFile to only resolve against step 2). I’m using a website I haven’t attempted to go to in a long while. You can see that there is no entry currently in the cache, and I get an error.
PS C:\Users\aaron> Resolve-DnsName myspace.com -CacheOnly Resolve-DnsName : myspace.com : DNS record does not exist At line:1 char:1 + Resolve-DnsName myspace.com -CacheOnly + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ResourceUnavailable: (myspace.com:String) [Resolve-DnsName], Win32Exception + FullyQualifiedErrorId : RECORD_DOES_NOT_EXIST,Microsoft.DnsClient.Commands.ResolveDnsName
If I run Resolve-DnsName -DnsOnly, it will skip to step 3 and query the DNS server. I can then run it again with the -CacheOnly switch parameter and we see the entry is in the cache now.
PS C:\Users\aaron> Resolve-DnsName myspace.com -DnsOnly Name Type TTL Section IPAddress ---- ---- --- ------- --------- myspace.com A 4257 Answer 63.135.90.70 PS C:\Users\aaron> Resolve-DnsName myspace.com -CacheOnly Name Type TTL Section IPAddress ---- ---- --- ------- --------- myspace.com A 4232 Answer 63.135.90.70
Resolve different types of DNS records
Another big advantage of Resolve-DnsName is it can look up ANY type of DNS record, not just CNAME, A, or AAAA records. You use the -Type parameter with a value matching one of many common DNS record types.
For example, you want to see the Mail Exchange (MX) records for a domain:
PS C:\Users\aaron> Resolve-DnsName microsoft.com -Type MX Name Type TTL Section NameExchange Preference ---- ---- --- ------- ------------ ---------- microsoft.com MX 1843 Answer microsoft-com.mail.protection.outlook.com 10
Or perhaps you are trying to verify an SRV record (common for communication apps) for your Office 365 Skype for Business instance:
PS C:\Users\aaron> Resolve-DnsName _sipfederationtls.microsoft.com -Type SRV Name Type TTL Section NameTarget Priority Weight Port ---- ---- --- ------- ---------- -------- ------ ---- _sipfederationtls.microsoft.com SRV 3599 Answer sipfed.tip.lync.com 100 1 5061
Or finally, you want to validate a mail server that is sending mail to you on Microsoft’s behalf by looking up microsoft.com’s Sender Policy Framework (SPF) record, which is done with a TXT record:
PS C:\Users\aaron> Resolve-DnsName microsoft.com -Type TXT
Name Type TTL Section Strings
---- ---- --- ------- -------
microsoft.com TXT 1284 Answer {v=spf1 include:_spf-a.microsoft.com
include:_spf-b.microsoft.com
include:_spf-c.microsoft.com
include:_spf-ssg-a.microsoft.com
include:spf-a.hotmail.com
ip4:147.243.128.24 ip4:147.243.128.26
ip4:147.243.1.153 ip4:147.243.1.47
ip4:147.243.1.48 -all}
Return or pipe results as an object for other uses
The last major advantage Resolve-DnsName has over nslookup is the ease in which you can use the results of your queries. Resolve-DnsName returns a dynamic object based on the parameters used. This object’s properties can be accessed like any other PowerShell object. You can either pipe the output directly to another command (in this case Get-Member to show the TypeName and properties), or you can assign to a variable (shown below). Extremely useful for interactive sessions and scripting!
PS C:\Users\aaron> Resolve-DnsName _sipfederationtls.microsoft.com -Type SRV | Get-Member
TypeName: Microsoft.DnsClient.Commands.DnsRecord_SRV
Name MemberType Definition
---- ---------- ----------
QueryType AliasProperty QueryType = Type
Target AliasProperty Target = NameTarget
Equals Method bool Equals(System.Object obj)
GetHashCode Method int GetHashCode()
GetType Method type GetType()
ToString Method string ToString()
CharacterSet Property Microsoft.DnsClient.Commands.DNSCharset CharacterSet {get;set;}
DataLength Property uint16 DataLength {get;set;}
Name Property string Name {get;set;}
NameTarget Property string NameTarget {get;set;}
Port Property uint16 Port {get;set;}
Priority Property uint16 Priority {get;set;}
Section Property Microsoft.DnsClient.Commands.DNSSection Section {get;set;}
TTL Property uint32 TTL {get;set;}
Type Property Microsoft.DnsClient.Commands.RecordType Type {get;set;}
Weight Property uint16 Weight {get;set;}
PS C:\Users\aaron> $result = Resolve-DnsName _sipfederationtls.microsoft.com -Type SRV
PS C:\Users\aaron> $result.NameTarget
sipfed.tip.lync.com
Next steps
Now that you are sold on using Resolve-DnsName over nslookup, here are some things to try:
- Run Clear-DnsClientCache and then run Resolve-DnsName hostname -CacheOnly, where hostname is any server or website of your choice. Verify there are no entries found in your cache.
- Run Resolve-DnsName hostname again. Then run Resolve-DnsName hostname -CacheOnly to confirm there is now an entry in the cache.
- Use the -Type parameter and some of the different DNS record types (see the TechNet article in the Reference section below for a full list) to examine the DNS records for your own organization’s domain. Check out things like the MX records and TXT records.
Reference
- technet.microsoft.com
PS C:\Users\aaron> Get-Help Resolve-DnsName NAME Resolve-DnsName SYNOPSIS Performs a DNS name query resolution for the specified name. SYNTAX Resolve-DnsName [-Name] <String> [[-Type] <RecordType>] [-CacheOnly] [-DnsOnly] [-DnssecCd] [-DnssecOk] [-LlmnrFallback] [-LlmnrNetbiosOnly] [-LlmnrOnly] [-NetbiosFallback] [-NoHostsFile] [-NoIdn] [-NoRecursion] [-QuickTimeout] [-Server <String[]>] [-TcpOnly] [<CommonParameters>] DESCRIPTION The Resolve-DnsName cmdlet performs a DNS query for the specified name. This cmdlet is functionally similar to the nslookup tool which allows users to query for names. Note: The Resolve-DnsName cmdlet will return a maximum of 25 A and AAAA records from NS servers. RELATED LINKS Online Version: http://go.microsoft.com/fwlink/?linkid=287336 Nslookup on TechNet REMARKS To see the examples, type: "get-help Resolve-DnsName -examples". For more information, type: "get-help Resolve-DnsName -detailed". For technical information, type: "get-help Resolve-DnsName -full". For online help, type: "get-help Resolve-DnsName -online"
Hi, If I want to use Resolve-DnsName cmdlet on powershell, it shows message that “The term ‘Resolve-DnsName’ is not recognized as the name of a cmdlet, function , script file, or , so as to use this, which module do I load?
What version of Windows are you running? Unfortunately this cmdlet was introduced in Windows 8 / Windows Server 2012, and is only supported on those versions or later.
Thanks for sharing Aaron
Good for troubleshooting specially in multi domain environment .
Thanks, Ashok!
Your social media side bar is obscuring text. Observed using Firefox 55.0.3.
I updated the social media plugin, and I believe the issue is resolved, including when the browser is resized and responsiveness kicks in. Thanks for the heads up.
Very good detailed article about Resolve-DNSName command. i was looking the way to export the results, that was not mentioned here. Anyway i found my answer here: https://www.adexchangeadmin.com/resolve-dnsname-usage-powershell/
Good point on using Export-Csv to export the results.
Nice article. I like the part about hosts and dns-cache and how it differs from nslookup. You can also query type with nslookup -type=mx.