When I'm dealing with DNS on Windows, I prefer to use the command-line DNS tools from ISC BIND 9 tools, like dig and a modern nslookup, compared to the decrepit BSD circa 1991 version included with Windows. I've created this page so I can easily add those tools to Windows computers I use, and so you can too. If I'm feeling GUI, dnschecker.org is handy too.
Unfortunately, ISC decided to drop Windows as a supported platform for BIND in 2022 after many years of maintaining it as a great example of cross-platform C code, citing lagging support for modern C standards in Microsoft's compiler (since remedied). There might have been a little looking down the nose at Windows among the Unix elite going on as well, it's been known to happen. And at any rate, by that time it was easy enough for their paying customers to run BIND in a FreeBSD or Linux VM under Windows' Hyper-V.
The last version of BIND for Windows was 9.16 (circa 2020), and the latest patch release as of 2026 is 9.16.50 (circa 2024). With Administrator access, you can install its tools on any modern Windows version.
1. Install the Microsoft C++ runtime
You should install the latest Microsoft C++ runtime. You might be able to skip this step, but it's a good idea and good security hygiene. BIND setup will try to install an outdated version which will report an an error code and message indicating a newer version is already installed, if you've taken this step, but it will return an exit code to the BIND installer indicating success.
Download the latest supported C++ runtime for x64 directly from Microsoft:
Download Microsoft C++ Runtime (.exe)Run the installer as an Administrator. If you're not sure how to do that, right-click on the file and select "Run as administrator" from the context menu. Accept the license agreement and close it when complete. It may advise you to restart to activate the installation. If your browser doesn't automatically restore open tabs, you might want to bookmark this page before you restart.
2. Install BIND 9 tools
Download the software:
Download BIND 9.16.50 for Windows x64 (.zip) from California, USDownload BIND 9.16.50 for Windows x64 (.zip) from Amsterdam, NL
If you want to verify the download, you can find a matching PGP signature file for download at https://ftp.isc.org/isc/bind9/9.16.50/, specifically https://ftp.isc.org/isc/bind9/9.16.50/BIND9.16.50.x64.zip.asc.
Extract all the files into a real directory. Installing directly from a Windows Explorer ZIP folder might fail.
Run BINDInstall.exe as an Administrator. This will work even on Arm processors thanks to CPU emulation in Windows. You will be warned about installing software from an unknown publisher since the installer is not signed.
check the box for Tools only in the installer dialog box to get dig and the other tools without trying to set up a DNS server. You likely need a better workaround to actually set up a BIND server than I have tested, as I suspect the setup of the BIND DNS server as a Windows service happens after the attempt to install the outdated C++ runtime.
After it very quickly copies the files into C:\Program Files\ISC BIND 9, the Microsoft Visual C++ 2017 Redistributable installer will come up. Go ahead and let it run, but beware it will fail. Click through the errors and you're almost done.
3. Configure the PATH environment variable
You will probably want to add C:\Program Files\ISC BIND 9\bin or similar to your PATH. The installer probably would have done that automatically if it didn't trip over the outdated runtime. Open Windows' Settings and search for "envi" and choose to edit the system environment variables. This will open the System Properties dialog box. Type Alt-N or click on the Environment Variables button. When adding C:\Program Files\ISC BIND 9\bin, use a semicolon to separate it from other directories. If you want to use the newer nslookup rather than the Windows version, make sure you put the BIND bin directory before Windows' system32 directory, which means modifying the system-wide PATH environment variable, not the per-user one. Beware this could break other software on the system that depends on scraping the output of the Microsoft nslookup. That kind of hack is rare on Windows, though not impossible.
4. Verify the installation
After closing the Environment Variables and System Properties dialog boxes, open a new command prompt to pick up the changed PATH and try:
C:\Users\davehart>dig -v
DiG 9.16.50
C:\Users\davehart>Here's an example of the differences between the two versions of nslookup:
C:\>"C:\Program Files\ISC BIND 9\bin\nslookup" robin.davehart.net.
Server: 1.0.0.1
Address: 1.0.0.1#53
Non-authoritative answer:
robin.davehart.net canonical name = robin-dlh.mywire.org.
Name: robin-dlh.mywire.org
Address: 100.16.142.51
Name: robin-dlh.mywire.org
Address: 2600:4040:b6b6:6500:e794:9b23:1fc0:4f09
C:\>C:\Windows\system32\nslookup robin.davehart.net.
Server: one.one.one.one
Address: 2606:4700:4700::1111
Non-authoritative answer:
Name: robin-dlh.mywire.org
Addresses: 2600:4040:b6b6:6500:e794:9b23:1fc0:4f09
100.16.142.51
Aliases: robin.davehart.net
C:\>