If you’re managing web or mail servers, you know how heavily these servers rely on adequately configured DNS records. Missing DNS records can cause all sorts of problems, including users not being able to find your website or the non-delivery of emails. It is a good thing that the PowerShell Resolve-DnsName cmdlet exists, and with it, monitoring DNS records can be automated through scripting.
Not a reader? Watch this related video tutorial!
Not seeing the video? Make sure your ad blocker is disabled.
An admin’s day is already full enough, and manually checking whether DNS records can be appropriately resolved means more manual effort.
In this article, you will learn what and how to use the Resolve-DnsName cmdlet to query DNS records with PowerShell. By the end of this article, you will have also learned how to create a basic script to make a report of your nominated DNS records to monitor.
Prerequisites
This article is a walk-through, and if you plan to follow along with the examples, you will need:
- A computer running Windows 10 or above.
- Windows PowerShell 5.1 or PowerShell 7.0
- A script editor such as Visual Studio Code, Atom, or Notepad++.
Resolve-DnsName: The PowerShell DNS Resolver
There is more than one way to perform a DNS query. The Resolve-DnsName cmdlet is similar to the nslookup command-line tool that comes with Windows, or the dig command if you’re more of a Linux admin.
Some websites offer DNS record monitoring/reporting services. But, these third party services mostly come with a cost, of course. There’s a free alternative, which also allows you to show off your scripting skills!
The Resolve-DnsName cmdlet, as its name implies, resolves DNS names to IP addresses and vice versa. This cmdlet is part of the dnsclient PowerShell module that, as of this writing, shipping with Windows 10, Windows Server 2012/R2, Windows Server 2016, and Windows Server 2019.
Because Resolve-DnsName is a PowerShell cmdlet, it returns its results as objects that can be stored, manipulated, and exported. For example, looking up the DNS record of google.com using the command Resolve-DnsName google.com give you the output shown below.
The result was returned as an object that allows you to export the results to a CSV file, or manipulate the format to produce HTML reports.
The Resolve-DnsName cmdlet is different than the old school nslookup utility. nslookup returns a simple string. You can see an example in the following screenshot. If you need to parse out any of this information, it’s going to be a struggle.
Querying Different Types of DNS Records
By default, Resolve-DnsName queries the A and AAAA types of DNS records. For example, if you look up the DNS record for gmail.com using the command below:
Resolve-DnsName -Name gmail.comAs you can see below, only the AAAA and A records are returned. That’s because the DNS record type to look up was not specified.
Now, given that we all know that gmail.com is an email domain used by Google’s email service, there must be an MX record associated with it, right? Well, there’s no need to assume when you can confirm by using this command:
Resolve-DnsName -Name gmail.com -Type MXThe output shown in the screenshot below shows the MX record list for gmail.com.
To know more about the different record types that can be used with
Resolve-DnsName, visit this link and look for the table for the-Typeparameter. Or you can just refer to the Resolve-DnsName help using the commandget-help Resolve-DnsName.
Using Specific Servers for DNS Lookup
Resolve-DnsName uses the DNS server addresses configured on your computer by default. But, you can also make Resolve-DnsName use a specific DNS server when performing lookups.
For example, if you want to use Google Public DNS to lookup records, you can do so by adding the -Server parameter in your command similar to the example below.
# Google Public DNS Server IPs
$dnsServer = @('8.8.8.8','8.8.4.4')
Resolve-DnsName adamtheautomator.com -Server $dnsServerThe result of the command above would be similar to the one shown in the screenshot below.
At this point, you might be asking, “why would I need to use a different DNS server?”. That is a valid question. If you try looking up the same record using the default DNS server of your machine, or another DNS server, you might probably get the same result.
There could be many reasons to use different DNS servers with Resolve-DnsName. Some of these reasons may include:
- Speed – Some DNS servers may perform faster than others.
- Security – Some DNS servers may have more security measures than others that prevent hijacks and attacks.
- Records availability – In most scenarios, organizations have their own internal DNS servers that contain the zones and records for names that are only resolved internally. In this case, looking up an internal name using a public DNS server will fail.
- DNS servers are not forwarding requests – Some organizations do not allow DNS forwarding. Using them for DNS lookup of public DNS records will fail.
- Troubleshooting and Testing – When your favorite DNS servers are acting up, you may want to test your lookups using a different DNS server.
Reporting DNS Records using PowerShell Script
Now that you’ve learned the basics of how to use the Resolve-DnsName cmdlet, in this section, you’ll learn to create a PowerShell script to monitor and report DNS records. You should be able to apply the knowledge you’ve gained in the previous sections so far in building this script.
Fire up your script editor of choice and create a new file named GetDnsRecord.ps1.
Defining the Variables
First, determine variables to use. These variables will include the following:
$NameList– This variable will hold the names of the DNS records you want your script to query$Serverlist– Use this variable to indicate the DNS servers that will be used by the script for lookups.
Copy the code below and paste it at the beginning of your script.
$NameList = @('adamtheautomator.com','powershell.org','xyz.local')
$ServerList = @('8.8.8.8','8.8.4.4')Performing DNS Lookups
Next, the code must be able to look up the DNS record of each of the names specified. In this case, the foreach loop will be used to iterate the list of records and look up each name using Resolve-DnsName.
The line $FinalResult = @() creates an empty array where the final result will be stored. Then, using the foreach loop, PowerShell passes each item in the $NameList variable to a variable named $Name.
In every iteration, the line $tempObj = "" | Select-Object Name,IPAddress,Status,ErrorMessage creates a temporary object with four properties is created to hold the result of succeeding DNS lookup.
Next, the try{} statement is used to run the Resolve-DnsName command to lookup DNS A records and populate the $tempObj values. If in case the DNS lookup fails, the catch{} statement catches the error, and the error will be included in the $tempObj object.
At the end of each iteration, the value of the $tempObj object will be appended to the $FinalResult. And once the last item in the $NameList array is processed, the loop will exit. Then, the value of the $FinalResult will be displayed.
Copy the code below and paste it at the end of your script. There is no need to change any values.
$FinalResult = @()
foreach ($Name in $NameList) {
$tempObj = "" | Select-Object Name, IPAddress, Status, ErrorMessage
try {
$dnsRecord = Resolve-DnsName $Name -Server $ServerList -ErrorAction Stop | Where-Object { $_.Type -eq 'A' }
$tempObj.Name = $Name
$tempObj.IPAddress = ($dnsRecord.IPAddress -join ',')
$tempObj.Status = 'OK'
$tempObj.ErrorMessage = ''
}
catch {
$tempObj.Name = $Name
$tempObj.IPAddress = ''
$tempObj.Status = 'NOT_OK'
$tempObj.ErrorMessage = $_.Exception.Message
}
$FinalResult += $tempObj
}
return $FinalResultAfter saving the script, run it in PowerShell by calling its name GetDnsRecord.ps1. The demonstration below shows the output.
As you can see from the result above, the output is an object which is useful if you want to export the results to file like CSV using the command below.
.\GetDnsRecord.ps1 | Export-Csv DnsRecord.csv -NoTypeInformationThe CSV output would look similar to the one below.
Conclusion
In this article, you’ve learned the basics of how to use the Resolve-DnsName cmdlet to perform DSN records lookup in PowerShell. You’ve also learned how Resolve-DnsName is different from other tools like the nslookup utility.
You’ve seen how Resolve-DnsName can be used in a script to automate the DNS record lookup. This would be useful as a monitoring tool to ensure that you are aware of the current status of the DNS records that you look after.
Using your PowerShell scripting skills, the reporting script can be further enhanced by adding code to automatically send the report by email to specified recipients. It can also be modified to create a visually pleasing HTML output.
In the end, Resolve-DnsName is an excellent tool for DNS lookup whether you use it manually or for automation in scripts. Now you have the knowledge about how it works, and it is up to you to find ways to use it as part of your administration tasks.
Further Reading
- Google Public DNS
- Back to Basics: Understanding PowerShell Objects
- Export-Csv: The PowerShell Way to Treat CSV Files as First Class Citizens
- PowerTip: Use PowerShell to Get DNS Settings
- Building HTML reports in PowerShell with ConvertTo-Html
- How To Create An HTML Report With PowerShell
The fourth post in my PowerShell Beginner series, “Daily Tasks, The PowerShell Way“. Use PowerShell’s Resolve-DnsName cmdlet as a more powerful successor to ‘nslookup’.
What’s in a name?
Any seasoned IT Pro knows that the names we see for servers or in web URLs ultimately need to “resolve” or translate to a numerical IP address. Computers perform this resolution using a worldwide network of Domain Name System (DNS) servers. When your browser attempts to go to https://thinkpowershell.com, your computer will send a query to a DNS server with the hostname “thinkpowershell.com”, and the DNS server will return the IP address of the server hosting the website. Your DNS server will likely have to forward a query to other DNS servers to get the correct IP address.
nslookup (name server lookup) is a command line tool that has been around for years for performing this lookup activity on demand. You can specify the hostname or website domain name for which you want to “lookup” the IP address. Additionally, with the second positional parameter you can specify the IP address of a specific DNS server you want to query. It is a helpful tool, but it only returns CNAME , A, and AAAA record information, and not as a script-usable object.
C:\Users\aaron>nslookup www.microsoft.com 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Non-authoritative answer: Name: e10088.dspb.akamaiedge.net Addresses: 2600:1407:9:28c::2768 2600:1407:9:295::2768 23.72.44.137 Aliases: www.microsoft.com www.microsoft.com-c.edgekey.net www.microsoft.com-c.edgekey.net.globalredir.akadns.net
Use Resolve-DnsName for more control over DNS lookups
Using the Resolve-DnsName cmdlet, you can specify much more than just a hostname and DNS server. In its simplest form, you can run Resolve-DnsName hostname to perform a quick lookup against your computer’s configured DNS server.
PS C:\Users\aaron> Resolve-DnsName thinkpowershell.com Name Type TTL Section IPAddress ---- ---- --- ------- --------- thinkpowershell.com A 5284 Answer 173.236.158.197
You might be thinking,”that cmdlet name is more to type than nslookup”, but in reality it is 4 characters (“reso”) + TAB for it to autocomplete, so it is actually LESS typing.
The -Server parameter lets you specify the DNS server to which to send your query. Here we send it to Google DNS.
PS C:\Users\aaron> Resolve-DnsName thinkpowershell.com -Server 8.8.8.8 Name Type TTL Section IPAddress ---- ---- --- ------- --------- thinkpowershell.com A 5284 Answer 173.236.158.197
The Resolve-DnsName cmdlet has some additional parameters which make it more precise than nslookup. By default, your DNS Client service will try to resolve a hostname in the following order:
- Local HOSTS file
- DNS Client Resolver Cache
- DNS server query
If you are attempting to troubleshoot a hostname’s resolution, you may want more control over the name resolution logic than nslookup can give, because nslookup will immediately skip to step 3, query DNS server.
Local HOSTS File
For example, let’s say you have a HOSTS file entry for twitter.com to resolve to 10.10.10.10 and you want to make sure your computer is using the HOSTS file entry. If I run nslookup with the domain name, it queries my DNS server and returns the public IP for twitter.com:
C:\Users\aaron>nslookup twitter.com Server: shs1fw1 Address: 10.1.10.1 Non-authoritative answer: Name: twitter.com Addresses: 199.59.149.198 199.59.148.82 199.59.148.10 199.59.150.7
In contrast, if I run Resolve-DnsName with no additional parameters, it correctly returns the resolved address from the HOSTS file, even if I were to specify a DNS server with the -Server parameter.
PS C:\Users\aaron> Resolve-DnsName twitter.com Name Type TTL Section IPAddress ---- ---- --- ------- --------- twitter.com A 86400 Answer 10.10.10.10
Now let’s say I want to exclude HOSTS file resolution from my troubleshooting. I can use the -NoHostsFile parameter switch and it will skip step 1 in the resolution process.
PS C:\Users\aaron> Resolve-DnsName twitter.com -NoHostsFile Name Type TTL Section IPAddress ---- ---- --- ------- --------- twitter.com A 20 Answer 199.59.148.10 twitter.com A 20 Answer 199.59.150.7 twitter.com A 20 Answer 199.59.150.39 twitter.com A 20 Answer 199.59.149.230
DNS Client Resolver Cache and DNS Server query
Let’s take another example where you think your cached DNS entry for a server may be incorrect or non-existent. With Resolve-DnsName, you can use the –CacheOnly switch parameter to only resolve against step 1 and 2 (use it in conjunction with -NoHostsFile to only resolve against step 2). I’m using a website I haven’t attempted to go to in a long while. You can see that there is no entry currently in the cache, and I get an error.
PS C:\Users\aaron> Resolve-DnsName myspace.com -CacheOnly Resolve-DnsName : myspace.com : DNS record does not exist At line:1 char:1 + Resolve-DnsName myspace.com -CacheOnly + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ResourceUnavailable: (myspace.com:String) [Resolve-DnsName], Win32Exception + FullyQualifiedErrorId : RECORD_DOES_NOT_EXIST,Microsoft.DnsClient.Commands.ResolveDnsName
If I run Resolve-DnsName -DnsOnly, it will skip to step 3 and query the DNS server. I can then run it again with the -CacheOnly switch parameter and we see the entry is in the cache now.
PS C:\Users\aaron> Resolve-DnsName myspace.com -DnsOnly Name Type TTL Section IPAddress ---- ---- --- ------- --------- myspace.com A 4257 Answer 63.135.90.70 PS C:\Users\aaron> Resolve-DnsName myspace.com -CacheOnly Name Type TTL Section IPAddress ---- ---- --- ------- --------- myspace.com A 4232 Answer 63.135.90.70
Resolve different types of DNS records
Another big advantage of Resolve-DnsName is it can look up ANY type of DNS record, not just CNAME, A, or AAAA records. You use the -Type parameter with a value matching one of many common DNS record types.
For example, you want to see the Mail Exchange (MX) records for a domain:
PS C:\Users\aaron> Resolve-DnsName microsoft.com -Type MX Name Type TTL Section NameExchange Preference ---- ---- --- ------- ------------ ---------- microsoft.com MX 1843 Answer microsoft-com.mail.protection.outlook.com 10
Or perhaps you are trying to verify an SRV record (common for communication apps) for your Office 365 Skype for Business instance:
PS C:\Users\aaron> Resolve-DnsName _sipfederationtls.microsoft.com -Type SRV Name Type TTL Section NameTarget Priority Weight Port ---- ---- --- ------- ---------- -------- ------ ---- _sipfederationtls.microsoft.com SRV 3599 Answer sipfed.tip.lync.com 100 1 5061
Or finally, you want to validate a mail server that is sending mail to you on Microsoft’s behalf by looking up microsoft.com’s Sender Policy Framework (SPF) record, which is done with a TXT record:
PS C:\Users\aaron> Resolve-DnsName microsoft.com -Type TXT
Name Type TTL Section Strings
---- ---- --- ------- -------
microsoft.com TXT 1284 Answer {v=spf1 include:_spf-a.microsoft.com
include:_spf-b.microsoft.com
include:_spf-c.microsoft.com
include:_spf-ssg-a.microsoft.com
include:spf-a.hotmail.com
ip4:147.243.128.24 ip4:147.243.128.26
ip4:147.243.1.153 ip4:147.243.1.47
ip4:147.243.1.48 -all}
Return or pipe results as an object for other uses
The last major advantage Resolve-DnsName has over nslookup is the ease in which you can use the results of your queries. Resolve-DnsName returns a dynamic object based on the parameters used. This object’s properties can be accessed like any other PowerShell object. You can either pipe the output directly to another command (in this case Get-Member to show the TypeName and properties), or you can assign to a variable (shown below). Extremely useful for interactive sessions and scripting!
PS C:\Users\aaron> Resolve-DnsName _sipfederationtls.microsoft.com -Type SRV | Get-Member
TypeName: Microsoft.DnsClient.Commands.DnsRecord_SRV
Name MemberType Definition
---- ---------- ----------
QueryType AliasProperty QueryType = Type
Target AliasProperty Target = NameTarget
Equals Method bool Equals(System.Object obj)
GetHashCode Method int GetHashCode()
GetType Method type GetType()
ToString Method string ToString()
CharacterSet Property Microsoft.DnsClient.Commands.DNSCharset CharacterSet {get;set;}
DataLength Property uint16 DataLength {get;set;}
Name Property string Name {get;set;}
NameTarget Property string NameTarget {get;set;}
Port Property uint16 Port {get;set;}
Priority Property uint16 Priority {get;set;}
Section Property Microsoft.DnsClient.Commands.DNSSection Section {get;set;}
TTL Property uint32 TTL {get;set;}
Type Property Microsoft.DnsClient.Commands.RecordType Type {get;set;}
Weight Property uint16 Weight {get;set;}
PS C:\Users\aaron> $result = Resolve-DnsName _sipfederationtls.microsoft.com -Type SRV
PS C:\Users\aaron> $result.NameTarget
sipfed.tip.lync.com
Next steps
Now that you are sold on using Resolve-DnsName over nslookup, here are some things to try:
- Run Clear-DnsClientCache and then run Resolve-DnsName hostname -CacheOnly, where hostname is any server or website of your choice. Verify there are no entries found in your cache.
- Run Resolve-DnsName hostname again. Then run Resolve-DnsName hostname -CacheOnly to confirm there is now an entry in the cache.
- Use the -Type parameter and some of the different DNS record types (see the TechNet article in the Reference section below for a full list) to examine the DNS records for your own organization’s domain. Check out things like the MX records and TXT records.
Reference
- technet.microsoft.com
- Resolve-DnsName
PS C:\Users\aaron> Get-Help Resolve-DnsName NAME Resolve-DnsName SYNOPSIS Performs a DNS name query resolution for the specified name. SYNTAX Resolve-DnsName [-Name] <String> [[-Type] <RecordType>] [-CacheOnly] [-DnsOnly] [-DnssecCd] [-DnssecOk] [-LlmnrFallback] [-LlmnrNetbiosOnly] [-LlmnrOnly] [-NetbiosFallback] [-NoHostsFile] [-NoIdn] [-NoRecursion] [-QuickTimeout] [-Server <String[]>] [-TcpOnly] [<CommonParameters>] DESCRIPTION The Resolve-DnsName cmdlet performs a DNS query for the specified name. This cmdlet is functionally similar to the nslookup tool which allows users to query for names. Note: The Resolve-DnsName cmdlet will return a maximum of 25 A and AAAA records from NS servers. RELATED LINKS Online Version: http://go.microsoft.com/fwlink/?linkid=287336 Nslookup on TechNet REMARKS To see the examples, type: "get-help Resolve-DnsName -examples". For more information, type: "get-help Resolve-DnsName -detailed". For technical information, type: "get-help Resolve-DnsName -full". For online help, type: "get-help Resolve-DnsName -online"
Let’s look at a very cool and powerful DNS troubleshooting tool that is included as a PowerShell cmdlet. The Resolve-DnsName PowerShell cmdlet is a tool that includes the features of many of the legacy command line tools. Let’s see how to use it.
Table of contents
- Understanding DNS
- Resolve-DnsName
- Resolve-DnsName can replace other tools
- NSLookup
- Dig
- Resolve-DnsName Parameters
- Use Case: Mail Routing Information
- The Impact of Hosts File on DNS Resolution
- Resolve-DnsName examples
- Example 1: Simple DNS Query
- Example 2: Specifying DNS Query Type
- Example 3: Querying a Specific DNS Server
- Example 4: Resolving CNAME Records
- Example 5: Finding Authority Zone
- Example 6: Getting TXT Records
- Example 7: Resolving PTR Records
- Example 8: Utilizing the Pipeline
- Example 9: Obtaining Fully Qualified Domain Names (FQDNs)
- Awesome DNS Server for home
- Wrapping Up
Understanding DNS
DNS has been called by many the “phone book” of the Internet. It allows us to resolve or translate IP addresses that aren’t very easy to remember, into domain names that are much easier to remember. So, it is a very important layer in modern computer networking.
PowerShell has a cmdlet called Resolve-DnsName. It can do DNS lookups and return a lot of information about the name of the resource. It can look up different DNS record types and is a tool that is good to remember when troubleshooting connectivity issues or any other problem where DNS could be in play.
PowerShell is built into Windows and is readily available with handy cmdlets for troubleshooting.
Below, we are running the Resolve-DNSName cmdlet.
Here are a few of those traditional tools that PowerShell’s Resolve-DnsName can replace if you want to use it instead of other tools.
NSLookup
NSLookup is a command-line tool for querying the DNS system to obtain domain names or IP address mapping or other DNS records. It’s been a default component of Windows for many years. However, Resolve-DnsName provides a more PowerShell-friendly DNS query experience with enhanced functionality and more flexible output.
Dig
Dig (Domain Information Groper) is a Linux utility for querying DNS servers. It is known for being a great tool for investigating DNS records. However, it’s not installed by default on many systems, and its use involves a syntax that can be challenging for some users. Resolve-DnsName is a tool for Windows users that can perform the same types of queries without installing additional software or having access to a Linux box.
Resolve-DnsName Parameters
Resolve-DnsName cmdlet provides many different parameters that allow the customization of DNS queries. For instance, you can tell the cmdlet you want the DNS query type to be a certain type and the DNS record you want, such as A, AAAA, CNAME, MX, NS, PTR, SOA, SRV, or TXT.
Use Case: Mail Routing Information
A common use case for Resolve-DnsName is checking mail routing information. You can determine a domain’s mail forwarder by querying MX records. This information is critical for troubleshooting mail delivery issues or configuring mail servers.
The Impact of Hosts File on DNS Resolution
The hosts file can affect the outcome of DNS queries. Before the Resolve-DnsName cmdlet hits the DNS server, it checks the local hosts file for entries. This can provide a means to test DNS changes without modifying actual DNS records.
Also, if you are looking to bypass the hosts file, Resolve-DNSName has a parameter that allows easily using only DNS resolution to help determine if a stale hostname is in play. We will show an example of that below.
Resolve-DnsName examples
Below are a few examples of using the Resolve-DNSName cmdlet to investigate DNS records.
Example 1: Simple DNS Query
The most basic use of Resolve-DnsName is to perform a simple DNS query. The syntax is straightforward:
Resolve-DnsName -Name "www.example.com"
This command will return different DNS records associated with “www.example.com“. By default, this includes A (IPv4) and AAAA (IPv6) records which provide the IP address(es) for the queried domain.
Example 2: Specifying DNS Query Type
The Resolve-DnsName cmdlet can take parameters where you tell it what kind of DNS record you wish to query using the -Type parameter. For example, if you want to retrieve MX (Mail Exchange) records, use the following command:
Resolve-DnsName -Name "example.com" -Type MXThis command will return MX records, providing mail routing and mail destination information for “example.com“.
Example 3: Querying a Specific DNS Server
Sometimes you may need to perform DNS lookups against a specific DNS server. You can do this using the -Server parameter:
Resolve-DnsName -Name "www.example.com" -Server "8.8.8.8"This command will run the cmdlet and perform the DNS lookup for “www.example.com” using Google’s public DNS server (IP address 8.8.8.8) and look up the server address.
Example 4: Resolving CNAME Records
CNAME records map a domain (alias) to another (canonical name) domain. To retrieve CNAME records, use the -Type parameter with “CNAME”:
Resolve-DnsName -Name "www.example.com" -Type CNAME
This will display the canonical name for “www.example.com“, if a CNAME record exists.
You can get the Name Server (NS) records, which indicate the authority zone for a specific domain:
Resolve-DnsName -Name "example.com" -Type NS
This command will list the authoritative DNS servers (name servers) for the domain “example.com“.
Example 6: Getting TXT Records
TXT records hold various types of textual information and can be used, for example, for domain verification or to retrieve SPF records. Here’s how to retrieve them:
Resolve-DnsName -Name "example.com" -Type TXT
This command returns the TXT records for “example.com“.
Replacing “example.com” with your target domain is always good practice. These examples are a mere glimpse into the capabilities of Resolve-DnsName. By exploring the other parameters and types, you can perform comprehensive DNS investigations and troubleshoot with this cmdlet.
Example 7: Resolving PTR Records
Pointer (PTR) records, also known as Reverse DNS records, map an IP address to a hostname. This can be useful for reverse lookups, where you have an IP address and want to find the associated hostname.
Resolve-DnsName -Name "8.8.8.8" -Type PTR
This command performs a reverse lookup on Google’s public DNS server IP address.
Example 8: Utilizing the Pipeline
PowerShell is famous for its pipeline input feature, which allows you to pass the output of one command as input to another. Here is an example of using Resolve-DnsName with a pipeline:
"www.example.com", "www.google.com" | Resolve-DnsName
In this command, DNS resolution is performed for both “www.example.com” and “www.google.com“. The pipe operator (|) passes each domain name to the Resolve-DnsName cmdlet.
Example 9: Obtaining Fully Qualified Domain Names (FQDNs)
The -DnsOnly switch is used to get only the DNS protocol result of a query without the potential influences of NetBIOS or local hosts files. For instance:
Resolve-DnsName -Name "example" -DnsOnly
The result will be the Fully Qualified Domain Name (FQDN) of the “example” that is obtained purely from the DNS resolution.
Awesome DNS Server for home
Speaking of DNS, check out my video on how to easily install and configure Unbound DNS for your home lab:
Wrapping Up
While looking at Resolve-DnsName more closely, we’ve highlighted how it allows for detailed DNS queries that surpass the capabilities of traditional tools like NSLookup, Dig, and the Host command. With it, admins can quickly investigate DNS queries, extract DNS records, and troubleshoot DNS issues.
How to check DNS resolution?
The hostnames, IPs, ports, required for checking DNS resolution are available in this document.
The objective of this step is to make sure that the hostnames are resolving to all of the IP’s mentioned in the document, from your ERP.
If you are using a proxy, you should run this from that proxy system.
-
To verify this, you can try running the or alternative command from the terminal based on your OS and terminal. For more information, refer to the .
-
If the DNS is not resolving, please use a public DNS.
-
If public DNS is not allowed as per your IT policy then make sure that the alternative (host file) includes mapping of each hostname to all of the redundant IP addresses.
If it is not successful, try to flush the DNS cache and retry the nslookup command or the alternatives such as Public DNS or the host file configuration or raise a support ticket with your infrastructure and network service provider.
Note: The DNS resolution has to be consistent and successful at any point of time from all the instances from where the API request might be made in future.
Next: If this step is successful, it only means that your system now knows the IP address of the respective hostnames. It still does not confirm that the from your system.
Make sure when you run the DNS resolution check commands mentioned in this document you are able to see all the IP’s to which the sandbox and production hostnames should resolve.
List of various commands and the terminals in which it will work.
Steps to run nslookup in Command Prompt
The nslookup command is used to query the Domain Name System (DNS) to obtain information about a domain or hostname.
When you perform an nslookup command, it will query the DNS server to get information about the IP address associated with the domain name.
For ensuring if the hostname is resolving to the correct IP address, follow the below steps:
Go to Command Prompt and run the nslookup command as below for both sandbox and production hostnames separately.
Sandbox:
nslookup api-sandbox.clear.inThe output here is non-authoritative because it did not come from the authoritative DNS server for the «clear.in» domain.
If it is successful, you should see the response as shown in the above image which has both the IP addresses.
Repeat the same with the below hostname as well.
nslookup storage.clear.inProduction:
Repeat the same with the below hostname as well.
nslookup storage.clear.in
Steps to run nslookup in PowerShell
Go to Windows PowerShell and run the nslookup command as below for both sandbox and production hostname to check if it is resolving to correct IP’s
Sandbox:
nslookup api-sandbox.clear.inRepeat the same with the below hostname as well.
nslookup storage.clear.inProduction:
Repeat the same with the below hostname as well.
nslookup storage.clear.inAlternatively you can also run the Resolve-DnsName command in PowerShell as below for both sandbox and production hostname to check if it is resolving to correct IPs.
Sandbox:
Resolve-DnsName api-sandbox.clear.inRepeat the same with the below hostname as well.
Resolve-DnsName storage.clear.inProduction:
Resolve-DnsName api.clear.inRepeat the same with the below hostname as well.
Resolve-DnsName storage.clear.in
Steps to run nslookup in GitBash
Go to GitBash and run the nslookup command as below for both sandbox and production hostname to check if it is resolving to correct IP’s
Sandbox:
nslookup api-sandbox.clear.inRepeat the same with the below hostname as well.
nslookup storage.clear.inProduction:
Repeat the same with the below hostname as well.
nslookup storage.clear.in
Steps to run nslookup in Ubuntu (Linux)
Go to Ubuntu App and run the nslookup command as below for both sandbox and production hostname to check if it is resolving to correct IP’s
Sandbox:
nslookup api-sandbox.clear.inRepeat the same with the below hostname as well.
nslookup storage.clear.inProduction:
Repeat the same with the below hostname as well.
nslookup storage.clear.in
Steps to run ping in Command Prompt
The ping command is used to check the connectivity between two networked devices by sending an ICMP echo request packet to the target device and waiting for a response.
Go to Command Prompt and run the ping command as below for both sandbox and production hostnames separately.
Sandbox:
ping api-sandbox.clear.inThis output shows that the ping was successful and that the average round trip time to reach the «api-sandbox.clear.in» server was 7 milliseconds.
The IP address associated with the domain name «api-sandbox.clear.in» is 99.83.130.139, and the ping command was able to reach the server with this IP address.
The 0% packet loss indicates that all the packets sent were received, which means there were no network connectivity issues.
Repeat the same with the below hostname as well.
Production:
Repeat the same with the below hostname as well.
Steps to run ping in Powershell
Go to Powershell and run the ping command as below for both sandbox and production hostnames separately.
Sandbox:
ping api-sandbox.clear.inRepeat the same with the below hostname as well.
Production:
Repeat the same with the below hostname as well.
Steps to run ping in GitBash
Go to GitBash and run the ping command as below for both sandbox and production hostnames separately.
Sandbox:
ping api-sandbox.clear.inRepeat the same with the below hostname as well.
Production:
Repeat the same with the below hostname as well.
Steps to run ping in Ubuntu (Linux)
Go to Ubuntu App and run the ping command as below for both sandbox and production hostnames separately.
Sandbox:
ping api-sandbox.clear.inRepeat the same with the below hostname as well.
Production:
Repeat the same with the below hostname as well.
How DNS Resolver Works?
Every Operating System (Windows, Linux, Mac, Android etc.) is equipped with a utility called DNS Client which takes care of resolving Domain Names to respective IP addresses. Did you ever wonder how this DNS Client works? I mean how it resolves domain names to IP addresses within milli/micro seconds searching thoughout the globally distributed DNS database. So here I am with a simple explanation of how this DNS Client works using Windows external command utility called nslookup. I want to resolve various DNS resource records for the domain gopalthorve.com.
- Open Command Prompt by typing cmd in Run window.
- DNS resolutions works from right to left. Here my left most domain extension is biz. So type nslookup -norecurse biz command and Press Enter. This command returns the list of name servers with their FQDN and IP Addresses serving the biz TLD as show in Command output pasted below.
D:\>nslookup -norecurse biz Server: dir-600 Address: 192.168.0.1 Name: biz. Served by: - e.gtld.biz 156.154.126.65 biz - a.gtld.biz 156.154.124.65 2001:503:7bbb:ffff:ffff:ffff:ffff:ff7e biz - c.gtld.biz 156.154.127.65 biz - b.gtld.biz 156.154.125.65 biz - k.gtld.biz 156.154.128.65 2001:503:e239::3:2 biz - f.gtld.biz 209.173.58.66 2001:500:3682::12 biz
- Resolver takes any one name server from the list returned by previous command lets assume it’s e.gtld.biz. Enter this command nslookup -norecurse gopalthorve.com e.gtld.biz. This command returns list of name servers for domain gopalthorve.com. Now, we can query any (preferably top in result) name server for resource record of gopalthorve.com.
D:\>nslookup -norecurse gopalthorve.com e.gtld.biz Server: UnKnown Address: 156.154.126.65 Name: gopalthorve.com Served by: - NS3697.HOSTGATOR.COM gopalthorve.com - NS3698.HOSTGATOR.COM gopalthorve.com
We got the name servers (ns3697.hostgator.com and ns3698.hostgator.com) serving gopalthorve.com, we can query these name servers to resolve various kind of resource records.
Resolving “A” record nslookup
Type nslookup www.gopalthorve.com ns3697.hostgator.com in Command Prompt, which return IP address 50.116.98.15.
D:\>nslookup gopalthorve.com ns3697.hostgator.com Server: UnKnown Address: 184.173.250.156 Name: gopalthorve.com Address: 50.116.98.15
Resolving “A” record using nslookup
Type nslookup www.gopalthorve.com ns3697.hostgator.com in Command Prompt.
D:\>nslookup www.gopalthorve.com ns3697.hostgator.com Server: UnKnown Address: 184.173.250.156 Name: gopalthorve.com Address: 50.116.98.15 Aliases: www.gopalthorve.com
The last line of above command output Aliases: www.gopalthorve.com, indicates that www.gopalthorve.com is CNAME (canonical) record pointing to gopalthorve.com which ultimately points to IP address 50.116.98.15.
Resolving MX record using nslookup
Type nslookup -querytype=mx gopalthorve.com ns3697.hostgator.com in Command Prompt.
D:\>nslookup -querytype=mx gopalthorve.com ns3697.hostgator.com Server: UnKnown Address: 184.173.250.156 gopalthorve.com MX preference = 0, mail exchanger = gopalthorve.com gopalthorve.com nameserver = ns3698.hostgator.com gopalthorve.com nameserver = ns3697.hostgator.com gopalthorve.com internet address = 50.116.98.15 ns3697.hostgator.com internet address = 184.173.250.156 ns3698.hostgator.com internet address = 50.116.98.12
As per above result MX record for domain gopalthorve.com points to gopalthorve.com.
Resolving TXT record using nslookup
Type nslookup -querytype=txt gopalthorve.com ns3697.hostgator.com in Command Prompt. This command returns all TXT records for gopalthorve.com.
D:\>nslookup -querytype=txt gopalthorve.com ns3697.hostgator.com Server: UnKnown Address: 184.173.250.156
gopalthorve.com text =
"v=spf1 ip4:184.173.239.119 a mx include:websitewelcome.com ~all" gopalthorve.com nameserver = ns3697.hostgator.com gopalthorve.com nameserver = ns3698.hostgator.com ns3697.hostgator.com internet address = 184.173.250.156 ns3698.hostgator.com internet address = 50.116.98.12
The TXT record returned by above command is actually an SPF record for gopalthorve.com.
In this article we used nslookup in non-interactive mode. In interactive mode it displays nslookup shell from where we can execute various commands.