nslookup Linux Command Explained With Examples

The main use of nslookup is for troubleshooting DNS related problems.

nslookup Linux Command Explained With Examples

nslookup (from name server lookup) is a network administration tool for querying the DNS (Domain Name System) servers to obtain domain name or IP address mapping.

The nslookup command can also be used to query several different types of DNS records such as MX, NS and SOA records.

This tool is often used for troubleshooting DNS or name resolution issues. In short, the Domain Name System provides mapping between human readable names (like www.archlinux.org) and their associated IP addresses (like 95.217.163.246).

In this tutorial, we’ll guide you through the installation of nslookup on major Linux distributions and show various command line examples that you can use when you need to obtain DNS information.

Install nslookup

It is very likely that nslookup is already installed on your system and ready to use. But if not, just use the appropriate command below to install it.

To install nslookup on UbuntuDebianLinux Mint:

sudo apt install dnsutils

For installation on CentOS, Fedora, Red Hat:

sudo yum install bind-utils

To install nslookup on Arch Linux or Manjaro:

sudo pacman -S dnsutils

nslookup command modes

The nslookup command has two modes: interactive and non-interactive. If you need to look up only a single piece of data, we recommend using the non-interactive mode. If you need to look up more than one piece of data, you can use interactive mode. Of course the choice of which mode to use is entirely up to you.

For example, the interactive mode is entered by typing the nslookup command without any arguments:

nslookup
>

While using the interactive mode, you can exit by typing exit.

The non-interactive mode is invoked by typing the nslookup command, followed by the name or the IP address of the host to be looked up.

nslookup archlinux.org

1. nslookup basic usage

nslookup followed by the domain name will display the A Record (IP Address) of the domain.

nslookup archlinux.org
Server:     192.168.1.1
Address:    192.168.1.1#53

Non-authoritative answer:
Name:    archlinux.org
Address: 95.217.163.246

In the first part of above output, Server and Address refers to the DNS server which is currently configured to be used by your system. The hash (#) is a separator between the IP of the server that replied to your request, and the port it’s service was running on.

Then the below section provides the A Record (IP Address) of the domain google.com.

In the output of nslookup, you will often notice the statement “Non-authoritiative answer” (as illustrative above) as part of the lookup result. This is to tell you know that the results was provided by a server that is not the authoritative (primary) source. Typically, this means the result was provided by a server (such as your Internet service provider) that held a cached copy of the DNS record.

An “Authoritative answer” is when the DNS server hosting the primary copy of the DNS record responses to your lookup.

2. Find the MX record (Email Servers) for a domain

A MX (mail exchanger) record specifies the mail server responsible for accepting emails on behalf of a domain name. In other words this record controls where mail sent to the domain is sent to.

To see the mail record (MX) for a domain, use the -type=mx option

nslookup -type=mx archlinux.org
Server:     192.168.1.1
Address:    192.168.1.1#53

Non-authoritative answer:
archlinux.org    mail exchanger = 10 mail.archlinux.org.

Authoritative answers can be found from:
mail.archlinux.org    internet address = 95.216.189.61

3. Find the NS record for a domain

The NS (Name Servers) record of a domain is a map to all name servers that are authoritative for that domain. You can query for the NS records using the switch -type=ns. As a result it will output the name serves which are associated with the given domain.

nslookup -type=ns archlinux.org
Server:     192.168.1.1
Address:    192.168.1.1#53

Non-authoritative answer:
archlinux.org    nameserver = ns1.first-ns.de.
archlinux.org    nameserver = robotns2.second-ns.de.
archlinux.org    nameserver = robotns3.second-ns.com.

Authoritative answers can be found from:
ns1.first-ns.de          internet address = 213.239.242.238
robotns2.second-ns.de    internet address = 213.133.105.6
robotns3.second-ns.com   internet address = 193.47.99.3

4. Find the SOA record of a domain

SOA (Start Of Authority) record provides the authoritative information about a domain as the email address of the administrator, when the domain was last updated, etc. You can query for the SOA record using the switch -type=soa.

nslookup -type=soa archlinux.org
Server:     192.168.1.1
Address:    192.168.1.1#53

Non-authoritative answer:
archlinux.org
     origin = ns1.first-ns.de
     mail addr = hetzner.archlinux.org
     serial = 2021022500
     refresh = 3600
     retry = 1800
     expire = 604800
     minimum = 3600

Authoritative answers can be found from:
archlinux.org    nameserver = ns1.first-ns.de.
archlinux.org    nameserver = robotns2.second-ns.de.
archlinux.org    nameserver = robotns3.second-ns.com.
  • origin: The primary name server for the domain
  • mail addr: The administrator’s email address, which can be confusing because it is missing the ‘@’ sign. For example in an above SOA record ‘hetzner.archlinux.org’ is the equivalent of ‘[email protected]’.
  • serial: Incremental serial number that specifies the zone file version. The standard convention is to use “YYYYMMYYNN” format.
  • refresh: The time in seconds that a secondary DNS server waits before querying the primary DNS server.
  • retry: The interval to re-connect with the Primary DNS.
  • expire: The time that the secondary DNS will keep the cached zone file as valid.
  • minimum: the time that the secondary DNS should cache the zone file.

5. Reverse DNS Lookup

A reverse DNS lookup with querying for a server name based on an IP address you provide as argument to nslookup.

nslookup 95.217.163.246
246.163.217.95.in-addr.arpa    name = archlinux.org.

Authoritative answers can be found from:
163.217.95.in-addr.arpa    nameserver = ns.second-ns.com.
163.217.95.in-addr.arpa    nameserver = ns1.your-server.de.
163.217.95.in-addr.arpa    nameserver = ns3.second-ns.de.

6. Querying another DNS server

By default, nslookup will query the same DNS the system is configured to use for all network operations. Instead of using default DNS server, you can also specify a particular name server to resolve the domain name. For example, to get an authoritative answer, you can specify the authoritative name server as part of your request.

nslookup archlinux.org ns1.first-ns.de
Server:     ns1.first-ns.de
Address:    213.239.242.238#53

Name:    archlinux.org
Address: 95.217.163.246

Here you may notice that, we don’t get any “Non-authoritative answer” header, since ns1.first-ns.de has all the zone information of archlinux.org

7. Debugging the query transaction

In addition, advanced users may need to examine more closely the details of the query transaction. This can be achieved using the -debug option:

nslookup -debug archlinux.org
Server:   192.168.1.1
Address:  192.168.1.1#53

--------------
     QUESTIONS:
          archlinux.org, type = A, class = IN
     ANSWERS:
     ->  archlinux.org
         internet address = 95.217.163.246
         ttl = 7887
     AUTHORITY RECORDS:
     ADDITIONAL RECORDS:
--------------

Conclusion

nslookup is one of the popular command-line software for DNS probing. In this guide we learned how to install and use it for querying DNS information from a domain name and IP address. Network administrators can use nslookup command simultaneously with other software and receive diverse network data.

Need more details what is nslookup? Check the nslookup page on wikipedia.

Leave a Reply

Your email address will not be published.

Latest from Linux Knowledge