How to Use the Command 'nslookup' (with Examples)
The nslookup
command is a powerful networking tool used to query name servers for domain name system (DNS) information. It allows users to obtain various records that are associated with a domain name or an IP address, such as A, NS, MX, PTR, and TXT records. nslookup is commonly used by IT professionals, network administrators, and developers to troubleshoot DNS issues and gather information about domains.
Use case 1: Query your system’s default name server for an IP address (A record) of the domain
Code:
nslookup example.com
Motivation:
Querying the IP address of a domain is perhaps the most common use of nslookup
. When you input a domain name, nslookup
requests the associated IP address from your system’s default DNS server. This function is invaluable for troubleshooting network issues, verifying DNS settings, and ensuring that a domain resolves correctly to its server.
Explanation:
example.com
: This is the domain for which you are querying the IP address.nslookup
will translate this human-readable name into a machine-readable IP address.
Example Output:
Server: UnKnown
Address: 192.168.1.1
Non-authoritative answer:
Name: example.com
Address: 93.184.216.34
Use case 2: Query a given name server for a NS record of the domain
Code:
nslookup -type=NS example.com 8.8.8.8
Motivation:
Sometimes, you need to query a specific DNS server rather than your default one for NS records, which reveal the authoritative servers for a domain. Knowing which servers are authoritative can help you diagnose DNS propagation issues or verify that changes to DNS records are distributed correctly.
Explanation:
-type=NS
: This option specifies that you are interested in the Name Server records, which list the servers that are authoritative for the domain.example.com
: The domain you are querying.8.8.8.8
: The IP address of the DNS server you are querying, in this case, the Google Public DNS.
Example Output:
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
example.com nameserver = a.iana-servers.net
example.com nameserver = b.iana-servers.net
Use case 3: Query for a reverse lookup (PTR record) of an IP address
Code:
nslookup -type=PTR 54.240.162.118
Motivation:
The reverse lookup query is useful when you have an IP address and need to find the corresponding hostname. This can assist in identifying devices on a network, auditing network configurations, or investigating potential security threats.
Explanation:
-type=PTR
: This designates a pointer record query, which discovers the hostname associated with an IP address.54.240.162.118
: The IP address for which you want to find the hostname.
Example Output:
Server: UnKnown
Address: 192.168.1.1
Non-authoritative answer:
118.162.240.54.in-addr.arpa name = mx.amazon.com
Use case 4: Query for ANY available records using TCP protocol
Code:
nslookup -vc -type=ANY example.com
Motivation:
When diagnosing complex DNS issues, it might be necessary to retrieve all available records for a domain. Gathering comprehensive DNS data can be crucial when ensuring that necessary records like A, MX, and TXT are correctly set.
Explanation:
-vc
: This option forces the use of TCP instead of UDP, which can enhance reliability by ensuring data packets are received in order.-type=ANY
: Requests all types of DNS records associated with the domain.example.com
: The domain for which you are retrieving the records.
Example Output:
Server: UnKnown
Address: 192.168.1.1
Non-authoritative answer:
example.com internet address = 93.184.216.34
example.com MX preference = 10, mail exchanger = mail.example.com
example.com text = "v=spf1 -all"
Use case 5: Query a given name server for the whole zone file (zone transfer) of the domain using TCP protocol
Code:
nslookup -vc -type=AXFR example.com name_server
Motivation:
Performing a zone transfer allows you to obtain an entire set of DNS records from the name server. This is useful for DNS replication, verifying DNS configurations, and testing security configurations against unauthorized zone transfers.
Explanation:
-vc
: Indicates the use of TCP to enhance transmission reliability.-type=AXFR
: Specifies an AXFR request, which aims to transfer all records in a DNS zone.example.com
: The domain of interest.name_server
: The DNS server from which you want to request the zone transfer.
Example Output:
;; Connection to x.x.x.x#53(host.domain) for zone transfer not available
Note: Output might vary based on server restrictions.
Use case 6: Query for a mail server (MX record) of the domain, showing details of the transaction
Code:
nslookup -type=MX -debug example.com
Motivation:
Mail exchange (MX) records are essential for identifying which mail servers are responsible for receiving emails for a domain. Seeing the transaction’s details helps diagnose issues related to email delivery and ensure that MX configurations are set correctly.
Explanation:
-type=MX
: Specifies a request for MX records.-debug
: Enables detailed output of each step in the query process.example.com
: The domain you are querying.
Example Output:
Server: UnKnown
Address: 192.168.1.1
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 1
...
example.com MX preference = 10, mail exchanger = mail.example.com
Use case 7: Query a given name server on a specific port number for a TXT record of the domain
Code:
nslookup -port=port_number -type=TXT example.com name_server
Motivation:
Querying TXT records can provide information such as site verifications and security-oriented configurations, like SPF and DKIM settings. The flexibility to query a DNS server through a specific port is handy for testing customized or non-standard DNS setups.
Explanation:
-port=port_number
: Instructs nslookup to use a specific port number, handy if the DNS service is running on a non-standard port.-type=TXT
: Focuses on TEXT records, commonly used for domain verification and anti-spam measures.example.com
: The domain subject to the query.name_server
: The DNS server handling the query, specified by IP address or hostname.
Example Output:
Server: name_server
Address: x.x.x.x#port_number
example.com text = "v=spf1 include:_spf.google.com ~all"
Conclusion:
The nslookup
command is a versatile and powerful tool that provides insights into a network’s DNS configuration. By using the various options and types, users can effectively troubleshoot, verify, and optimize their DNS setups for a reliable and secure network infrastructure.