nslookup (from name server lookup) is a network administration tool for querying the DNS (Domain Name System) servers to obtain domain name or IP address mapping.
nslookup command can also be used to query several different types of DNS records, such as MX, NS, and SOA records.
This tool is often used for troubleshooting DNS or name resolution issues. In short, the Domain Name System provides a mapping between human-readable names (like www.archlinux.org) and their associated IP addresses (like 184.108.40.206).
This tutorial will guide you through the installation of
nslookup on major Linux distributions and show various command line examples that you can use when you need to obtain DNS information.
nslookup is already installed on your system and ready to use. But if not, use the appropriate command below to install it.
sudo apt install dnsutils
sudo yum install bind-utils
sudo pacman -S dnsutils
nslookup Command Modes
nslookup command has two modes: interactive and non-interactive. If you need to look up only a single piece of data, we recommend using the non-interactive mode.
If you need to lookup more than one piece of data, you can use interactive mode. Of course, choosing which mode to use is entirely up to you.
For example, the interactive mode is entered by typing the
nslookup command without any arguments:
While using the interactive mode, you can exit by typing
The non-interactive mode is invoked by typing the
nslookup command, followed by the name or the host’s IP address to be looked up.
1. nslookup Basic Usage
nslookup followed by the domain name will display the domain’s A record (IP Address).
In the first part of the above output,
Address refers to the DNS server which is currently configured to be used by your system.
The hash (#) is a separator between the server’s IP that replied to your request and the port its service was running on.
Then the below section provides the A Record (IP Address) of the domain google.com.
In the output of
nslookup, you will often notice the statement “Non-authoritative answer” (as illustrative above) as part of the lookup result.
This is to tell you that the results were provided by a server that is not the authoritative (primary) source.
Typically, this means the result was provided by a server (such as your Internet service provider) that held a cached copy of the DNS record.
On the other hand, an “Authoritative answer” is when the DNS server hosting the primary copy of the DNS records responds to your lookup.
2. Find the MX Record (Email Servers) for a Domain
An MX (mail exchanger) record specifies the mail server responsible for accepting emails on behalf of a domain name. In other words, this record controls where mail sent to the domain is sent to.
To see the mail record (MX) for a domain, use the
nslookup -type=mx archlinux.org
3. Find the NS Record for a Domain
The NS (Name Servers) record of a domain is a map to all name servers that are authoritative for that domain. You can query for the NS records using the switch
As a result, it will output the name serves associated with the given domain.
nslookup -type=ns archlinux.org
4. Find the SOA Record of a Domain
SOA (Start Of Authority) record provides the authoritative information about a domain as the email address of the administrator, when the domain was last updated, etc.
You can query for the SOA record using the switch
nslookup -type=soa archlinux.org
- origin: The primary name server for the domain
mail addr: The administrator’s email address can be confusing because it is missing the
@sign. For example, in the above SOA record,
hetzner.archlinux.orgis the equivalent of
serial: Incremental serial number that specifies the zone file version. The standard convention is to use
- refresh: The time in seconds that a secondary DNS server waits before querying the primary DNS server.
- retry: The interval to re-connect with the Primary DNS.
- expire: The time that the secondary DNS will keep the cached zone file as valid.
- minimum: the time that the secondary DNS should cache the zone file.
5. Reverse DNS Lookup
A reverse DNS lookup with querying for a server name based on an IP address you provide as an argument to
6. Querying Another DNS Server
nslookup will query the same DNS the system is configured to use for all network operations. However, instead of using the default DNS server, you can specify a particular name server to resolve the domain name.
For example, you can set the authoritative name server as part of your request to get an authoritative answer.
nslookup archlinux.org oxygen.ns.hetzner.com
Here you may notice that we don’t get any “Non-authoritative answer” header since
oxygen.ns.hetzner.com has all the zone information of
7. Debugging the Query Transaction
In addition, advanced users may need to examine the details of the query transaction more closely. This can be achieved using the
nslookup -debug archlinux.org
nslookup is one of the popular command-line software for DNS probing. This guide taught us how to install and use it for querying DNS information from a domain name and IP address.
Network administrators can use the
nslookup command simultaneously with other software and receive diverse network data.
If you need it, here’s the man page for the