Technotes

Technotes for future me

nslookup

nslookup (name server lookup) is a tool used to perform DNS lookups in Linux

nslookup (name server lookup) is a tool used to perform DNS lookups in Linux. It is used to display DNS details, such as the IP address, the MX records for a domain or the NS servers of a domain.

nslookup can operate in two modes: interactive and non-interactive.
The interactive mode allows you to query name servers for information about various hosts and domains or to print a list of hosts in a domain.
The non-interactive mode allows you to print just the name and requested information for a host or domain.

The interactive mode

The interactive mode is entered by typing the nslookup command without any arguments:

nslookup

To find the IP address of a host, type the hostname:

> google.com
Server:    8.8.4.4
Address:  8.8.4.4#53

Non-authoritative answer:
Name:  google.com
Address: 142.250.179.142
Name:  google.com
Address: 2a00:1450:400e:801::200e

To find the IP address of a host via a specified name server, type the hostname followed by the name server’s IP address:

nslookup blaataap.com 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   blaataap.com
Address: 178.20.173.140
Name:   blaataap.com
Address: 2a00:1d38:f8::106

To perform a reverse DNS lookup, enter the IP address of a host:

> 8.8.8.8
8.8.8.8.in-addr.arpa  name = dns.google.

To display MX records (the mail servers responsible for accepting email messages on behalf of a recipient’s domain), set the DNS query type to MX:

> set type=mx
> google.com
Server:    8.8.4.4
Address:  8.8.4.4#53

Non-authoritative answer:
google.com  mail exchanger = 20 alt1.aspmx.l.google.com.
google.com  mail exchanger = 50 alt4.aspmx.l.google.com.
google.com  mail exchanger = 30 alt2.aspmx.l.google.com.
google.com  mail exchanger = 40 alt3.aspmx.l.google.com.
google.com  mail exchanger = 10 aspmx.l.google.com.

To display NS records, set the DNS query type to NS:

> set type=ns
> google.com
Server:    8.8.4.4
Address:  8.8.4.4#53

Non-authoritative answer:
google.com  nameserver = ns3.google.com.
google.com  nameserver = ns4.google.com.
google.com  nameserver = ns2.google.com.
google.com  nameserver = ns1.google.com.

The non-interactive mode

The non-interactive mode is invoked by typing the nslookup command, followed by the name or the IP address of the host to be looked up.

For example, to display the IP address of a hostname, use the following command:

nslookup google.com
Server:    8.8.4.4
Address:  8.8.4.4#53

Non-authoritative answer:
Name:  google.com
Address: 142.250.179.142
Name:  google.com
Address: 2a00:1450:400e:801::200e

To do a reverse DNS lookup, use the following command:

nslookup 8.8.8.8
8.8.8.8.in-addr.arpa  name = dns.google.

To display the MX records, use the -query=mx option:

nslookup -query=mx google.com
Server:    8.8.4.4
Address:  8.8.4.4#53

Non-authoritative answer:
google.com  mail exchanger = 20 alt1.aspmx.l.google.com.
google.com  mail exchanger = 50 alt4.aspmx.l.google.com.
google.com  mail exchanger = 30 alt2.aspmx.l.google.com.
google.com  mail exchanger = 40 alt3.aspmx.l.google.com.
google.com  mail exchanger = 10 aspmx.l.google.com.

To display the NS records, use the -query=ns option:

nslookup -query=ns google.com
Server:    8.8.4.4
Address:  8.8.4.4#53

Non-authoritative answer:
google.com  nameserver = ns1.google.com.
google.com  nameserver = ns3.google.com.
google.com  nameserver = ns2.google.com.
google.com  nameserver = ns4.google.com.

To display the SOA record (information about the domain), use the -query=soa option:

nslookup -query=soa google.com
Server:    8.8.4.4
Address:  8.8.4.4#53

Non-authoritative answer:
google.com
  origin = ns1.google.com
  mail addr = dns-admin.google.com
  serial = 359244372
  refresh = 900
  retry = 900
  expire = 1800
  minimum = 60

To display all the available DNS records, use the -query=any option:

nslookup -query=any google.com
Server:    8.8.4.4
Address:  8.8.4.4#53

Non-authoritative answer:
Name:  google.com
Address: 173.194.69.100
Name:  google.com
Address: 173.194.69.113
Name:  google.com
Address: 173.194.69.102
Name:  google.com
Address: 173.194.69.138
Name:  google.com
Address: 173.194.69.139
Name:  google.com
Address: 173.194.69.101
Name:  google.com
Address: 2a00:1450:4013:c04::8b
Name:  google.com
Address: 2a00:1450:4013:c04::66
Name:  google.com
Address: 2a00:1450:4013:c04::64
Name:  google.com
Address: 2a00:1450:4013:c04::71
google.com  mail exchanger = 20 alt1.aspmx.l.google.com.
google.com  nameserver = ns2.google.com.
google.com  text = "v=spf1 include:_spf.google.com ~all"
google.com  text = "docusign=1b0a6754-49b1-4db5-8540-d2c12664b289"
google.com  text = "apple-domain-verification=30afIBcvSuDV2PLX"
google.com  text = "globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8="
google.com  text = "facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95"
google.com  text = "docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e"
google.com  nameserver = ns4.google.com.
google.com  mail exchanger = 50 alt4.aspmx.l.google.com.
google.com  mail exchanger = 30 alt2.aspmx.l.google.com.
google.com
  origin = ns1.google.com
  mail addr = dns-admin.google.com
  serial = 359244372
  refresh = 900
  retry = 900
  expire = 1800
  minimum = 60
google.com  nameserver = ns1.google.com.
google.com  mail exchanger = 10 aspmx.l.google.com.
google.com  rdata_257 = 0 issue "pki.goog"
google.com  nameserver = ns3.google.com.
google.com  mail exchanger = 40 alt3.aspmx.l.google.com.

The nslookup program is officially deprecated, meaning that it’s no longer being maintained. You should use host or dig instead.

Source: https://geek-university.com/linux/nslookup-command/

Last updated on 4 Jan 2024
Published on 25 Feb 2021
Edit on GitHub