1. Introduction

In this tutorial, let’s take a look at the different ways to use nslookup command for Linux.

2. nslookup Command

nslookup is a command-line tool used to query domain name servers (DNS) and is available for operating systems such as Linux and Windows:

nslookup_baeldung-1

2.1. Interactive vs Non-Interactive

We have two modes for using nslookup: interactive and non-interactive.

First, we can activate the interactive mode by typing the command with no parameters:

[kdoyle@localhost ~]$ nslookup
>

Subsequently, we receive a command prompt to type individual commands without typing nslookup each time.

On the other hand, non-interactive mode utilizes the same commands as parameters:

[kdoyle@localhost ~]$ nslookup -type=a redhat.com

Now, let’s run some queries with nslookup.

2.2. Lookup a Domain

Take a look at the results for a domain name lookup:

[kdoyle@localhost ~]$ nslookup redhat.com
Server:        192.168.1.1
Address:    192.168.1.1#53

Non-authoritative answer:
Name:    redhat.com
Address: 209.132.183.105

The DNS record – or A record – starts after the text, “Non-authoritative answer”. These records show the IP addresses associated with the domain.

Remember, DNS records map domain names to IP addresses for computer systems.

2.3. Reverse DNS Lookup

Similarly, we can look up a domain name from an IP address:

[kdoyle@localhost ~]$ nslookup
> type=ptr
> 209.132.183.105
105.183.132.209.in-addr.arpa    name = redirect.redhat.com.

Notice how the return domain name differs slightly from the original domain. A different record called a PTR is actually being returned.

Some domains do not have PTR records registered for IP addresses:

[kdoyle@localhost ~]$ nslookup
> 104.18.62.78
Server:        192.168.1.1
Address:    192.168.1.1#53

** server can't find 78.62.18.104.in-addr.arpa: NXDOMAIN

3. Type Parameter

Next, type parameters add more information to our lookups. For instance, ptr gives the reverse DNS as mentioned above.

Now let’s try some other types.

3.1. All Entries

We can get all DNS entries by specifying -type=a:

[kdoyle@localhost ~]$ nslookup -type=a baeldung.com
Server:        192.168.1.1
Address:    192.168.1.1#53

Non-authoritative answer:
Name:    baeldung.com
Address: 104.18.63.78
Name:    baeldung.com
Address: 104.18.62.78

3.2. Authoritative (SOA)

Next, we look at the authoritative (SOA) information about the domain. For instance, the A record contains mail information and other information shown here:

[kdoyle@localhost ~]$ nslookup -type=soa baeldung.com
Server:        192.168.1.1
Address:    192.168.1.1#53

Non-authoritative answer:
baeldung.com
    origin = lakas.ns.cloudflare.com
    mail addr = dns.cloudflare.com
    serial = 2033559691
    refresh = 10000
    retry = 2400
    expire = 604800
    minimum = 3600

With many domain name servers spread across the Internet, we get results that aren’t first-hand. These are called non-authoritative answers. However, they still provide accurate records.

3.3. Any Entries

Finally, type=any parameter returns all of the above including any other types of records on the server. This is helpful when we don’t know which record we want.

Be warned, type=any is not likely implemented on most public name servers, but it’s still useful on internal networks.

4. Name Server Information

Sometimes, we want to see the name server information to validate where a domain record exists.

For example, we can test for our domain with type=ns:

[kdoyle@localhost ~]$ nslookup -type=ns baeldung.com
Server:        192.168.1.1
Address:    192.168.1.1#53

Non-authoritative answer:
baeldung.com    nameserver = lakas.ns.cloudflare.com.
baeldung.com    nameserver = meera.ns.cloudflare.com.

As a result, we can identify what DNS to configure for server-to-server communication via the domain. Remember, querying a new DNS requires local network configuration changes.

5. Turn on Debug

In addition, nslookup‘s interactive mode gives users the ability to debug queries:

[kdoyle@localhost ~]$ nslookup -debug baeldung.com
Server:        192.168.1.1
Address:    192.168.1.1#53

------------
    QUESTIONS:
    baeldung.com, type = A, class = IN
    ANSWERS:
    ->  baeldung.com
    internet address = 104.18.63.78
    ttl = 300
    ->  baeldung.com
    internet address = 104.18.62.78
    ttl = 300
    AUTHORITY RECORDS:
    ADDITIONAL RECORDS:
------------
Non-authoritative answer:
Name:    baeldung.com
Address: 104.18.63.78
Name:    baeldung.com
Address: 104.18.62.78
------------
    QUESTIONS:
    baeldung.com, type = AAAA, class = IN
    ANSWERS:
    ->  baeldung.com
    has AAAA address 2606:4700:3030::6812:3e4e
    ttl = 300
    ->  baeldung.com
    has AAAA address 2606:4700:3036::6812:3f4e
    ttl = 300
    AUTHORITY RECORDS:
    ADDITIONAL RECORDS:
------------
Name:    baeldung.com
Address: 2606:4700:3030::6812:3e4e
Name:    baeldung.com
Address: 2606:4700:3036::6812:3f4e

6. Conclusion

To sum up, the nslookup command is fundamental and quite useful. We viewed the two modes and a variety of type queries as well as the ability to debug if troubleshooting is ever needed.

1 Comment
Oldest
Newest
Inline Feedbacks
View all comments
Comments are closed on this article!