For about as long as I can remember, every serious DNS administrator has always advocated the use of dig (Domain Information Groper) over nslookup.  There’s no need for me to rehash all of the arguments — I’ll just say that dig returns information in a manner consistent with what a protocol analyzer might provide.  That’s great, but isn’t it only for Un*x systems?  I need to be able to debug from a Windows system.

The Internet Software Consortium (ISC) produces BIND.  It also provides a compiled version for Windows.  To use dig on a Windows system, do the following (assumes BIND version 9.x):

  1. Download the ZIP archive of BIND for Windows
  2. Move the following components into C:\Windows\System32\dns\bin
    • dig.exe
    • libbind9.dll
    • libdns.dll
    • libeay32.dll
    • libisc.dll
    • libisccfg.dll
    • liblwres.dll
  3. Modify your path and add C:\Windows\System32\dns\bin (System Properties… Advanced Settings… Environment Variables)
  4. Test from the command line… if you missed a library, you will receive a warning.
  5. Optional: create a resolv.conf file

From the README1st.txt file in the distribution:


It is no longer necessary to create a resolv.conf file on Windows as
the tools will look in the registry for the required nameserver
information. However if you wish to create a resolv.conf file as
follows it will use it in preference to the registry nameserver

To create a resolv.conf you need to place it in the System32\Drivers\etc
directory and it needs to contain a list of nameserver addresses to
use to find the nameserver authoritative for the zone. The format of
this file is:


Replace the IP addresses with your real addresses. is a valid
address if you are running a nameserver on the localhost.

You can add other tools, such as host, if you like.  Enjoy!