How to Query DNS Record Types with NSLOOKUP in Batch Script

DNS records go far beyond simple IP addresses. Different record types serve different purposes, such as MX records route email, CNAME records create aliases, and TXT records handle security and verification. By querying specific record types with nslookup, you can diagnose email delivery failures, trace domain redirections, and verify SPF or DKIM configurations.

This guide covers how to query and validate these record types in Batch scripts.

Method 1: Querying Mail Servers (MX)

The MX record defines where emails sent to a domain should go. This is the first thing to check if a domain isn't receiving emails.

@echo off
setlocal

set "TargetDomain=gmail.com"
set "TempFile=%TEMP%\mx_result.tmp"

echo [DNS] Querying Mail Exchange (MX^) for %TargetDomain%...
echo.

:: Flush DNS cache for a live result
ipconfig /flushdns >nul 2>&1

:: Use -type=mx and capture output for parsing
nslookup -type=mx %TargetDomain% > "%TempFile%" 2>&1

:: Display the raw result
type "%TempFile%"
echo.

:: Check for failure indicators
:: (nslookup's errorlevel is unreliable - parse the output instead)
findstr /i "can't.find NXDOMAIN refused timed.out" "%TempFile%" >nul 2>&1
if %errorlevel% equ 0 (
    echo [ERROR] No MX records found. Domain may not exist or has no mail servers configured.
) else (
    echo [OK] MX query completed successfully.
)

:: Clean up
del "%TempFile%" >nul 2>&1

pause
endlocal

Method 2: Querying Domain Aliases (CNAME)

A CNAME record is a "pointer" that redirects one domain to another. For example, blog.site.com might actually point to sites.google.com.

@echo off
setlocal

set "Alias=www.github.com"
set "TempFile=%TEMP%\cname_result.tmp"

echo [DNS] Checking CNAME for %Alias%...
echo.

:: Capture output for both display and parsing
nslookup -type=cname %Alias% > "%TempFile%" 2>&1

:: Display the raw result
type "%TempFile%"
echo.

:: Check if a CNAME was actually found
findstr /i "canonical name" "%TempFile%" >nul 2>&1
if %errorlevel% equ 0 (
    echo [OK] CNAME alias found. This domain redirects to another hostname.
) else (
    :: Determine if it's a failure or simply no CNAME exists
    findstr /i "can't.find NXDOMAIN refused timed.out" "%TempFile%" >nul 2>&1
    if %errorlevel% equ 0 (
        echo [ERROR] DNS lookup failed. Domain may not exist.
    ) else (
        echo [INFO] No CNAME record exists. This domain resolves directly (A/AAAA record^).
    )
)

:: Clean up
del "%TempFile%" >nul 2>&1

pause
endlocal

note

Not every domain has a CNAME. If www.github.com resolves directly to an IP address instead of pointing to another hostname, that simply means it uses an A record, not an error.

Method 3: Querying Security and Verification (TXT)

TXT records are used for SPF (spam protection), DKIM (email signing), and proving domain ownership for services like Microsoft 365 or Google Workspace.

@echo off
setlocal enabledelayedexpansion

set "Domain=microsoft.com"
set "TempFile=%TEMP%\txt_result.tmp"

echo [DNS] Reading TXT Records (SPF/Verification^) for %Domain%...
echo.

:: TXT records can be long - capture to file for reliable handling
nslookup -type=txt "%Domain%" > "%TempFile%" 2>&1

:: Display the raw result
type "%TempFile%"
echo.

:: Check for failure
findstr /i "can't find NXDOMAIN refused timed out" "%TempFile%" >nul 2>&1
if !errorlevel! equ 0 (
    echo [ERROR] TXT record lookup failed.
) else (
    echo --- Record Analysis ---

    findstr /i "v=spf1" "%TempFile%" >nul 2>&1
    if !errorlevel! equ 0 (
        echo [FOUND] SPF record detected (spam/sender policy^).
    ) else (
        echo [WARN]  No SPF record found - email spoofing risk.
    )

    findstr /i "v=DKIM1" "%TempFile%" >nul 2>&1
    if !errorlevel! equ 0 (
        echo [FOUND] DKIM record detected (email signing^).
    )

    findstr /i "MS=" "%TempFile%" >nul 2>&1
    if !errorlevel! equ 0 (
        echo [FOUND] Microsoft 365 domain verification detected.
    )

    findstr /i "google-site-verification" "%TempFile%" >nul 2>&1
    if !errorlevel! equ 0 (
        echo [FOUND] Google domain verification detected.
    )
)

:: Clean up
del "%TempFile%" >nul 2>&1

pause
endlocal

Best Practices

1. Never Trust `%errorlevel%` with `nslookup`

nslookup returns errorlevel 1 for non-authoritative answers, which is the standard, successful response for public domains. Always parse the output text instead.

2. Use `setlocal` / `endlocal`

Without setlocal, every variable your script sets leaks into the parent shell session, causing conflicts when running multiple scripts.

3. Flush DNS Before Live Troubleshooting

Windows caches DNS results. If you recently changed a record and need to verify it propagated, flush first:

ipconfig /flushdns >nul 2>&1

4. Query a Specific DNS Server for Comparison

To bypass your local DNS and check against a public resolver:

nslookup -type=mx gmail.com 8.8.8.8

This helps identify if your local DNS is outdated or returning different results.

Conclusions

Querying specific DNS record types transforms nslookup from a simple ping-like tool into a full diagnostic utility. MX lookups verify email routing, CNAME lookups trace domain redirections, and TXT lookups expose the security and verification policies behind a domain. By adding proper error handling and output parsing to your Batch scripts, you can automate these checks reliably and catch misconfigurations before they cause outages.

Method 1: Querying Mail Servers (MX)​

Method 2: Querying Domain Aliases (CNAME)​

Method 3: Querying Security and Verification (TXT)​

Best Practices​

1. Never Trust %errorlevel% with nslookup​

2. Use setlocal / endlocal​

3. Flush DNS Before Live Troubleshooting​

4. Query a Specific DNS Server for Comparison​

Conclusions​

Table of Contents