Nslookup.exe is a command-line administrative tool regularly used for testing and troubleshooting DNS servers. There are several classroom environments attached to our network that are open to students and clients but are of course locked down by Group Policy and a very expensive content filter. Of course, when left unattended, attempts are always made to circumvent the content filter to access blocked sites by using a proxy server. As expensive as our content filter is you would think that it would be able to block proxy avoidance sites that use the ‘https’ prefix from remote locations, but it doesn’t. The most notorious of these sites being vtunnel which also changes their IP addresses on a regularly.
Nslookup is an easy to use tool. For this task I needed to find the IP addresses used by vtunnel so that I could just created a policy at the firewall to block any traffic to or from their ip addresses. A little more micro management than I would prefer, but at this point I need an immedtate solution. By opening a command prompt and simply typing “nslookup vtunnel.com” (without the quotes) displayed a list of addresses being used by vtunnel which gave me the information I needed in order to create the required firewall policy.
Of course this is only scratching the surface of the capabilities of nslookup and more information can be found here.