nslookup (Name Server Lookup) is a Linux tool used to get information from a DNS Server as requested by the user. The DNS (Domain Name System) is a critical part of the internet used to match websites’ names (e.g., fosslinux.com) to their resulting IP Address. Therefore, the nslookup can come in handy for network administrators to query the DNS to obtain the IP address, domain name, or any other specific DNS record. It is also used in troubleshooting DNS related issues.
nslookup command-line tool operates in two modes, Interactive mode and non-interactive mode. The interactive mode is used when querying the DNS server for information about various hosts, domains, or print hosts in a domain. The non-interactive mode, on the other hand, is limited as it only prints the name and query information for a host or domain.
nslookup non-interactive mode
The non-interactive mode is the most used mode when executing the nslookup command. It is regarded as a faster method as you will only need to pass a single command at every execution.
With this mode, you type
nslookup followed by the IP address or the host, you want to look up. Let’s look at some commands you can execute with nslookup in the non-interactive mode.
1. Display the IP address of a hostname
Let’s say you want to get “A Record” (IP address) of a website like nmap.org. All you need to do is launch the Terminal and execute the command below:
nslookup nmapFrom the output above, the server refers to the IP address of the DNS server. Under the Non-authoritative answer section, the address refers to the IP address of the website nmap.org.
Before we look at more examples, it would be best we first understand the difference between Authoritative answer and Non-authoritative answer. An authoritative answer is given when the DNS server hosting the primary copy of the DNS record responses to your lookup. On the other hand, a Non-authoritative answer is when the DNS server responding to your request does not contain the original zone files. Most of the time, the server has a cache of a previously requested DNS record from all DNS lookups done.
2. Perform a reverse DNS lookup
A reverse DNS lookup is where you have an “A Record”/ IP address, and you want to get the resulting hostname. Use the syntax below:
3. Display MX records
An MX (Mail Exchange) record is an entry in the DNS.zine file that maps a domain name to a list of mail exchange servers that handle that particular domains’ mails. We will use the syntax below:
nslookup -query=mx [website-name]
4. Display NS records
NS records are used to identify name servers (both secondary and primary) responsible for a particular DNS zone. We will use the syntax below:
nslookup -query=ns [website-name]
5. Display an SOA record
A Start of Authority record (SOA) is a DNS record that contains administrative information about the domain. Use the syntax below:
nslookup -query=soa [website-name]
6. Display all DNS records
We will use the syntax below:
nslookup -query=any [website-name]
7. Use a different port number
By default, the DNS protocol runs on port 53. If the port was changed for any reason, you could specify the set port using the -port argument.
nslookup -port=[port-number] [website-name]
nslookup interactive mode
The nslookup interactive mode is quite simple. All you need to do is execute the nslookup command on the Terminal, and it will give you a prompt where you can execute your commands. See the image below.
To get the hostname’s IP address, enter the website’s name in the prompt and hit Enter.
To perform a reverse DNS lookup, enter the IP address of the host.
To display the MX (mail exchange) records, use the command below:
To display the NS records, use the command below:
The Internet Systems Consortium had briefly listed the nslookup program as deprecated but later reversed this decision. The deprecation listing mainly favored the host and dig commands/programs that can perform the same functions as the nslookup command at a somewhat higher industry acceptance level.