How to Use the nslookup Command

January 13, 2022

Introduction

When troubleshooting DNS issues, it is useful to have access to Domain Name System (DNS) records of a website. All mainstream operating systems have tools that enable users to query a web server and receive important information such as IP addresses and other pieces of domain-related information.

This article will introduce the nslookup command which is used for obtaining server records. It will also provide examples of the command's most popular options.

How to use the nslookup command with examples.

Prerequisites

  • Access to the command line interface
  • Access to internet

Note: If you are not familiar with DNS record types, we strongly recommend you read DNS Record Types Explained before diving into this article.

nslookup Syntax

The nslookup command can be used in two modes: interactive and non-interactive. To initiate the nslookup interactive mode, type the command name only:

nslookup

The prompt that appears lets you issue multiple server queries.

Entering the interactive mode.

For example, you can type a domain name and receive information about it.

www.google.com

After nslookup outputs the information, it provides another prompt.

Querying in the interactive mode.

In interactive mode, specify an option in a separate line before the query. Precede the option with set:

set [option]
Setting options in the interactive mode.

To exit interactive mode, type:

exit

The non-interactive mode lets you use nslookup to issue single queries. The syntax for the non-interactive mode is:

nslookup [options] [domain-name]

The command and the query are written in the same line.

Viewing basic information about a domain in non-interactive mode.

nslookup Options

Find all the important nslookup options in the following table.

nslookup OptionDescription
-domain=[domain-name]Change the default DNS name.
-debugShow debugging information.
-port=[port-number]Specify the port for queries. The default port number is 53.
-timeout=[seconds]Specify the time allowed for the server to respond.
-type=aView information about the DNS A address records.
-type=anyView all available records.
-type=hinfoView hardware-related information about the host.
-type=mxView Mail Exchange server information.
-type=nsView Name Server records.
-type=ptrView Pointer records. Used in reverse DNS lookups.
-type=soaView Start of Authority records.

Installing nslookup

nslookup comes preinstalled on all major operating systems. If you need to install it again on Ubuntu or another Linux distro featuring the APT package manager, install the dnsutils package:

sudo apt install dnsutils

On CentOS, Fedora, and Red Hat, nslookup is part of the bind-utils package. Install it by running:

sudo dnf install bind-utils

How to Use nslookup?

Use the nslookup command to perform DNS and reverse DNS searches and troubleshoot server-related problems. The following sections present the most common uses of the command.

Note: The authoritative answer in the output of the nslookup refers to the answer provided by one of the nameservers belonging to the domain being searched. The non-authoritative answer is provided by a nameserver not associated with the specific domain, e.g., your ISP nameserver.

View Domain's NS Records

Name Server (NS) records store names of the domain's name servers. To see a domain's NS records, type:

nslookup -type=ns [domain-name]

The output lists all available name servers:

Viewing name server information.

View Domains MX Records

MX records store all relevant Mail Exchange server data. This information is used to route all email requests for the domain to the appropriate mail server.

Check a domain's MX data by typing:

nslookup -type=mx [domain-name]

The output shows the names of mail servers.

Viewing Mail Exchange server information.

Perform a Reverse DNS Lookup

While nslookup provides information about a domain name, it can also be used to look for the domain name associated with an IP address.

Perform a reverse DNS lookup using the following syntax:

nslookup [ip-address]

The command outputs the domain name.

Performing a reverse DNS lookup.

View SOA Records

Start of Authority (SOA) records provide authoritative information about the domain and the server, such as the email address of the administrator, serial number, refresh interval, query expiration time, etc.

View a domain's SOA records by typing:

nslookup -type=soa [domain-name]

The nslookup command output shows the relevant information:

Viewing the domain's SOA records.

View Text Records

TXT records contain important information for users outside of the domain. For example, Google and Facebook use TXT records to verify domain ownership.

View a domain's TXT information by running the following nslookup command:

nslookup -type=txt [domain-name]

The output shows each TXT record in a separate line:

Viewing the domains TXT records.

View All Records

View all available DNS records of a domain using the any option.

nslookup -type=any [domain-name]

The output shows NS, SOA, MX, and TXT information:

Viewing all available DNS records for a domain.

View Information About a Specific Name Server

See the name, IPv4 and IPv6 information of a specific name server on a domain by using the following syntax:

nslookup [domain-name] [name-server]

The output is now limited to the nameserver you specified:

Viewing information about a specific name server for a domain.

View Pointer Records

Pointer records are used for reverse DNS lookups to confirm that the IP address belongs to a specific domain name. When using the ptr option, type the IP address in reverse, i.e., 1.2.3.4 becomes 4.3.2.1:

nslookup -type=ptr [reverse-ip-address].in-addr.arpa

Look for the domain name in the output.

Performing a reverse DNS lookup using pointer records.

Query a Non-Default Port

DNS servers use port 53 to communicate. If you want to check a different port, specify it with the port option:

nslookup -port=[port-number] [domain-name]

View Debugging Information

To view information useful for debugging, use the debug option:

nslookup -debug [domain-name]
Viewing debugging information.

Note: In the interactive mode, setting the debug option turns on the debugging mode. To exit the mode, set the nodebug option.

Conclusion

After reading this article, you should know how to install and use the nslookup command on Linux. The article provided examples of the most common uses of nslookup.

Was this article helpful?
YesNo
Marko Aleksic
Marko Aleksić is a Technical Writer at phoenixNAP. His innate curiosity regarding all things IT, combined with over a decade long background in writing, teaching and working in IT-related fields, led him to technical writing, where he has an opportunity to employ his skills and make technology less daunting to everyone.
Next you should read
How to Use Linux dig Command (DNS Lookup)
September 1, 2020

The dig command collects data about Domain Name Servers. It is helpful for troubleshooting DNS problems, but is also used to display DNS information. This guide will help you understand and use the Linux dig command.
Read more
How to Flush DNS Cache in macOS, Windows, & Linux
January 8, 2019

Clearing DNS cache deletes all saved DNS lookup information. Your computer then gets updated data from DNS servers next time it sends a lookup request. Learn how to flush DNS on in macOS, Windows, & Linux below.
Read more
DNS Best Practices for Security and Performance
November 11, 2019

This article will outline the best practices and the most important security measures to keep your DNS infrastructure healthy. Make sure to take into account the points listed below to build a secure and robust DNS.
Read more
What is a Domain Name System (DNS) & How Does it Work?
January 22, 2019

A Domain Name System (DNS) first emerged in the early 1980s. It represents a system of interconnected servers that store registered domain names and Internet Protocol (IP) addresses.
Read more
  • © 2022 Copyright phoenixNAP | Global IT Services. All Rights Reserved.