Guides · DNS
nslookup vs dig: Which DNS Tool Should You Use?
nslookup vs dig — what is the difference? nslookup is the older, simpler DNS lookup tool; dig shows the full DNS response for troubleshooting. Here's when to use each.
By Cody · 6 min read · Published
The short version
Both nslookup and dig ask DNS resolvers questions. The difference is how much of the answer they show you:
- nslookup — older, simpler, built into Windows. Gives a short, human-friendly answer. Great for “what is the IP of this name?”
- dig — the modern troubleshooting tool. Prints the full DNS response in a stable, scriptable format. The right choice when something is broken.
Rule of thumb: nslookup to check, dig to diagnose.
nslookup vs dig at a glance
Same questions, very different output. This table is the fastest way to decide which one to reach for:
| Aspect | nslookup | dig |
|---|---|---|
| Age / origin | Older; shipped with early DNS tooling | Modern; part of BIND's tools |
| Preinstalled on Windows? | Yes | No (install BIND tools or use WSL) |
| Preinstalled on Linux / macOS? | Often, but being phased out | Usually yes |
| Output style | Short, human-friendly summary | Full DNS response, every section |
| Shows response code (NXDOMAIN / SERVFAIL)? | Partially / less clearly | Yes — in the header line |
| Shows TTLs? | No | Yes, per record |
| Shows flags (aa, ad, rd)? | No | Yes |
| Scriptable / stable output? | Awkward | Yes — built for it |
| Best for | Quick “what's the IP?” checks | Troubleshooting and sharing output |
What nslookup is good at
nslookup wins on availability and simplicity. On a Windows machine it is already there, and for a fast question it gives a fast, readable answer:
- “What IP does this hostname resolve to?”
- “What are the MX records for this domain?” (
nslookup -type=MX example.com) - “Does this name exist at all?”
If you do not need TTLs, flags, or the authority section, nslookup's shorter output is genuinely easier to read. The browser-based online nslookup tool gives you the same simple answer without needing a terminal, and lets you pick which public resolver to ask.
What dig is good at
dig is what you want the moment something is wrong. It shows the actual DNS response on the wire, which is exactly what you need to debug:
- The status code in the header line tells you NOERROR, NXDOMAIN, or SERVFAIL at a glance — see NXDOMAIN vs SERVFAIL for what each means.
- The TTL column shows how long each answer is cached — useful before a migration or TTL change.
- The flags (especially
ad) reveal DNSSEC validation state. - The AUTHORITY and ADDITIONAL sections show which nameservers and glue records the resolver used.
The browser-based online dig tool gives you that full packet-level output without installing anything — handy on Windows, where dig is not preinstalled.
When to use which
- Quick check, on Windows, no install: nslookup (or the online nslookup tool).
- Troubleshooting a failure (wrong answer, mail bouncing, DNSSEC, propagation): dig, because you need the status code, flags, and TTLs.
- Sharing output in a ticket or script: dig — its format is stable and unambiguous.
- Comparing resolvers (some answer, some do not): use the resolver comparison tool to run the same query against Cloudflare, Google, Quad9, and OpenDNS at once.
Same query, nslookup vs dig
- Example input
nslookup example.com vs dig example.com A- Example result
# nslookup — short and friendly Name: example.com Address: 93.184.215.14 # dig — the full response ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1 ;; ANSWER SECTION: example.com. 3600 IN A 93.184.215.14
Both return the same IP. dig also shows the status (NOERROR), the flags, and the TTL (3600) — the details you need when the simple answer is not enough.
Related tools
FAQ
What is the difference between nslookup and dig?
nslookup is the older, simpler tool: it gives you a short, human-friendly answer and is built into Windows. dig (domain information groper) is the modern troubleshooting tool: it prints the full DNS response — header, flags, response code, and every section — in a stable, scriptable format. Both ask the same questions; dig just shows you far more of the answer.
Should I use nslookup or dig?
Use nslookup for a quick 'what is the IP of this name?' check, especially on Windows where it is preinstalled. Use dig when you are troubleshooting — when you need to see the status code (NOERROR, NXDOMAIN, SERVFAIL), the flags, the TTLs, or the authority section, or when you want output you can paste into a ticket or script.
Is dig available on Windows?
Not by default. dig ships with BIND's tools and with most Linux and macOS systems, but Windows has only nslookup out of the box. You can install dig on Windows (via the BIND utilities or WSL), or just use an online dig tool in the browser so you do not have to install anything.
Why do nslookup and dig show different answers?
Usually because they are querying different resolvers. nslookup and dig both default to whatever resolver your system is configured to use, but that can differ between shells, VPNs, or explicit server arguments. The underlying DNS answer should match; if it does not, run both against the same resolver to compare fairly.
Is nslookup deprecated?
nslookup is not formally deprecated, but the BIND maintainers have long recommended dig (and host) over it for diagnostics because nslookup hides protocol detail and has quirky behavior in its interactive mode. nslookup is perfectly fine for simple lookups; dig is the right choice for anything you need to debug.
What does dig show that nslookup does not?
dig exposes the full DNS response: the header line with the response code and query flags (qr, aa, rd, ra, ad), the exact TTL on every record, the AUTHORITY and ADDITIONAL sections, query timing, and which server answered. nslookup summarizes all of that into a name-and-address pair, which is friendlier but useless when something is broken.
Last reviewed: 2026-06-18.