Linux nslookup command


The nslookup (name server lookup) command in Linux is a network utility used to query Domain Name System (DNS) servers to obtain information about domain names, such as IP addresses and other DNS records (like MX records, NS records, etc.). It is commonly used for troubleshooting DNS-related issues and verifying the resolution of domain names.

Basic Syntax of nslookup:

nslookup [options] [hostname]
  • [hostname]: The domain name or IP address you want to look up.
  • [options]: Various options to modify the behavior of nslookup.

Commonly Used nslookup Commands and Options

  1. Basic Domain Lookup:

    • The simplest form of nslookup queries a domain name to find its associated IP address.
    nslookup [domain_name]
    • Example:

      nslookup google.com

      Sample Output:

      Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: google.com Address: 142.250.190.14 Address: 142.250.190.78 Address: 142.250.190.110 Address: 142.250.190.102
    • Explanation:

      • Server: The DNS server that answered the query (in this case, Google's public DNS server 8.8.8.8).
      • Non-authoritative answer: Indicates that the information was obtained from a cache (not directly from the authoritative DNS server).
      • The IP addresses listed under "Address" are the resolved IPs for the domain google.com.
  2. Reverse Lookup (IP to Domain):

    • You can also use nslookup to perform a reverse DNS lookup, where you provide an IP address to find the associated domain name.
    nslookup [IP_address]
    • Example:

      nslookup 142.250.190.14

      Sample Output:

      Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: 14.190.250.142.in-addr.arpa name = google.com.
    • Explanation: The reverse lookup query for 142.250.190.14 resolves to google.com.

  3. Querying a Specific DNS Server:

    • You can specify a different DNS server to query instead of using the default system DNS server. This is useful for testing specific DNS servers or troubleshooting DNS resolution issues.
    nslookup [hostname] [DNS_server]
    • Example:

      nslookup google.com 8.8.8.8

      Sample Output:

      Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: google.com Address: 142.250.190.14 Address: 142.250.190.78 Address: 142.250.190.110 Address: 142.250.190.102
    • Explanation: The query for google.com was made to Google's DNS server 8.8.8.8.

  4. Querying a Specific DNS Record Type:

    • nslookup allows you to specify the type of DNS record you want to query (e.g., A, MX, NS, TXT).
    nslookup -type=[record_type] [domain_name]
    • Example (MX Records):

      nslookup -type=mx google.com

      Sample Output:

      Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: google.com mail exchanger = 10 alt1.aspmx.l.google.com. google.com mail exchanger = 10 alt2.aspmx.l.google.com. google.com mail exchanger = 5 smtp.gmail.com. google.com mail exchanger = 5 alt3.aspmx.l.google.com.
    • Explanation: This command shows the MX (Mail Exchange) records for google.com, which indicate the mail servers used by the domain.

  5. Interactive Mode:

    • You can enter interactive mode in nslookup to query multiple domains or DNS records in a single session.
    • To enter interactive mode:
      nslookup
    • Once in interactive mode, you can enter commands like:
      • Set the query type:
        set type=mx
      • Query a domain:
        google.com
    • To exit interactive mode, type:
      exit

    Sample Output:

    > set type=mx > google.com Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: google.com mail exchanger = 10 alt1.aspmx.l.google.com. google.com mail exchanger = 10 alt2.aspmx.l.google.com. google.com mail exchanger = 5 smtp.gmail.com. google.com mail exchanger = 5 alt3.aspmx.l.google.com. > exit
  6. Set Timeout and Retry Limits:

    • You can set the timeout and retry behavior for DNS queries using the -timeout and -retry options.
    • Example (Set timeout to 5 seconds and retry limit to 2):
      nslookup -timeout=5 -retry=2 google.com

Example Scenarios:

  1. Basic domain lookup:

    nslookup example.com

    Sample Output:

    Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: example.com Address: 93.184.216.34
  2. Reverse lookup of an IP address:

    nslookup 93.184.216.34

    Sample Output:

    Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: 34.216.184.93.in-addr.arpa name = example.com.
  3. Query MX records for a domain:

    nslookup -type=mx gmail.com

    Sample Output:

    Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: gmail.com mail exchanger = 10 alt1.gmail-smtp-in.l.google.com. gmail.com mail exchanger = 20 alt2.gmail-smtp-in.l.google.com. gmail.com mail exchanger = 30 alt3.gmail-smtp-in.l.google.com.
  4. Check the NS records for a domain:

    nslookup -type=ns example.com

    Sample Output:

    Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: example.com nameserver = ns1.example.com. example.com nameserver = ns2.example.com.

Summary of Common nslookup Options:

OptionDescription
-type=[record_type]Query a specific type of DNS record (e.g., A, MX, NS, TXT)
-timeout=[seconds]Set the timeout value (in seconds) for DNS queries
-retry=[count]Set the number of retry attempts for failed queries
set type=[record_type]Set the query type in interactive mode
set timeout=[seconds]Set the timeout value in interactive mode
set retry=[count]Set the retry limit in interactive mode

Conclusion:

The nslookup command is a useful tool for querying DNS information about domain names and IP addresses. It can be used for troubleshooting DNS resolution issues, checking the validity of DNS records (such as A, MX, and NS records), and performing reverse lookups. Whether used in interactive mode or as a simple one-time query, nslookup is a powerful utility for network diagnostics.