1. Introduction
In this tutorial, let’s take a look at the different ways to use nslookup command for Linux.
2. nslookup Command
nslookup is a command-line tool used to query domain name servers (DNS) and is available for operating systems such as Linux and Windows:
2.1. Interactive vs Non-Interactive
We have two modes for using nslookup: interactive and non-interactive.
First, we can activate the interactive mode by typing the command with no parameters:
[kdoyle@localhost ~]$ nslookup
>
Subsequently, we receive a command prompt to type individual commands without typing nslookup each time.
On the other hand, non-interactive mode utilizes the same commands as parameters:
[kdoyle@localhost ~]$ nslookup -type=a redhat.com
Now, let’s run some queries with nslookup.
2.2. Lookup a Domain
Take a look at the results for a domain name lookup:
[kdoyle@localhost ~]$ nslookup redhat.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: redhat.com
Address: 209.132.183.105
The DNS record – or A record – starts after the text, “*Non-authoritative answer”.*** These records show the IP addresses associated with the domain.
Remember, DNS records map domain names to IP addresses for computer systems.
2.3. Reverse DNS Lookup
Similarly, we can look up a domain name from an IP address:
[kdoyle@localhost ~]$ nslookup
> type=ptr
> 209.132.183.105
105.183.132.209.in-addr.arpa name = redirect.redhat.com.
Notice how the return domain name differs slightly from the original domain. A different record called a PTR is actually being returned.
Some domains do not have PTR records registered for IP addresses:
[kdoyle@localhost ~]$ nslookup
> 104.18.62.78
Server: 192.168.1.1
Address: 192.168.1.1#53
** server can't find 78.62.18.104.in-addr.arpa: NXDOMAIN
3. Type Parameter
Next, type parameters add more information to our lookups. For instance, ptr gives the reverse DNS as mentioned above.
Now let’s try some other types.
3.1. All Entries
We can get all DNS entries by specifying -type=a:
[kdoyle@localhost ~]$ nslookup -type=a baeldung.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: baeldung.com
Address: 104.18.63.78
Name: baeldung.com
Address: 104.18.62.78
3.2. Authoritative (SOA)
Next, we look at the authoritative (SOA) information about the domain. For instance, the A record contains mail information and other information shown here:
[kdoyle@localhost ~]$ nslookup -type=soa baeldung.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
baeldung.com
origin = lakas.ns.cloudflare.com
mail addr = dns.cloudflare.com
serial = 2033559691
refresh = 10000
retry = 2400
expire = 604800
minimum = 3600
With many domain name servers spread across the Internet, we get results that aren’t first-hand. These are called non-authoritative answers. However, they still provide accurate records.
3.3. Any Entries
Finally, type=any parameter returns all of the above including any other types of records on the server. This is helpful when we don’t know which record we want.
Be warned, type=any is not likely implemented on most public name servers, but it’s still useful on internal networks.
4. Name Server Information
Sometimes, we want to see the name server information to validate where a domain record exists.
For example, we can test for our domain with type=ns:
[kdoyle@localhost ~]$ nslookup -type=ns baeldung.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
baeldung.com nameserver = lakas.ns.cloudflare.com.
baeldung.com nameserver = meera.ns.cloudflare.com.
As a result, we can identify what DNS to configure for server-to-server communication via the domain. Remember, querying a new DNS requires local network configuration changes.
5. Turn on Debug
In addition, nslookup‘s interactive mode gives users the ability to debug queries:
[kdoyle@localhost ~]$ nslookup -debug baeldung.com
Server: 192.168.1.1
Address: 192.168.1.1#53
------------
QUESTIONS:
baeldung.com, type = A, class = IN
ANSWERS:
-> baeldung.com
internet address = 104.18.63.78
ttl = 300
-> baeldung.com
internet address = 104.18.62.78
ttl = 300
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Non-authoritative answer:
Name: baeldung.com
Address: 104.18.63.78
Name: baeldung.com
Address: 104.18.62.78
------------
QUESTIONS:
baeldung.com, type = AAAA, class = IN
ANSWERS:
-> baeldung.com
has AAAA address 2606:4700:3030::6812:3e4e
ttl = 300
-> baeldung.com
has AAAA address 2606:4700:3036::6812:3f4e
ttl = 300
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Name: baeldung.com
Address: 2606:4700:3030::6812:3e4e
Name: baeldung.com
Address: 2606:4700:3036::6812:3f4e
6. Conclusion
To sum up, the nslookup command is fundamental and quite useful. We viewed the two modes and a variety of type queries as well as the ability to debug if troubleshooting is ever needed.