nslookup Linux Command Explained With Examples

Learn how to use the nslookup command in Linux to query DNS servers and get information for a domain name or IP address.

The nslookup command, short for name server lookup, is a network administration tool for querying the DNS (Domain Name System) servers to obtain a domain name or IP address mapping. Users can also use it to query several different types of DNS records, such as MX, NS, and SOA records.

Moreover, nslookup is often used for troubleshooting DNS or name resolution issues. In short, the Domain Name System provides a mapping between human-readable names, for example, www.archlinux.org, and their associated IP addresses, like 95.217.163.246.

At the same time, the dig command is a popular tool that can be used instead of nslookup. It has similar functionality but is more powerful and has more advanced features other than nslookup. Therefore, you’ll find our guide on the subject very helpful if you want to learn how to use the dig command on Linux.

This tutorial will guide you through the installation of nslookup on major Linux distributions and show various command line examples that you can use to obtain DNS information.

Install nslookup

Likely, nslookup is already installed on your system and ready to use. But if not, use the appropriate command below to install it.

To install nslookup on Ubuntu, Debian, Linux Mint, and Pop!_OS:

sudo apt install dnsutils

For installation on CentOS Stream, Fedora, RHEL, AlmaLinux, and Rocky Linux:

sudo yum install bind-utils

Arch Linux and Arch-based Distros (Manjaro, EndeavourOS, Garuda Linux):

sudo pacman -S dnsutils

openSUSE:

sudo zypper in bind-utils

nslookup Command Modes

The nslookup command has two modes: interactive and non-interactive. If you need to look up only a single piece of data, we recommend using the non-interactive mode.

You can use interactive mode if you need to look up more than one piece of data. Of course, choosing which mode to use is entirely up to you.

For example, the interactive mode is entered by typing the nslookup command without any arguments:

nslookup
>

While using the interactive mode, you can exit by typing exit.

The non-interactive mode is invoked by typing the nslookup command, followed by the name or the host’s IP address to be looked up.

nslookup archlinux.orgCode language: CSS (css)

1. nslookup Basic Usage

nslookup followed by the domain name will display the domain’s A record (IP Address).

nslookup archlinux.orgCode language: CSS (css)
nslookup Basic Usage

In the first part of the above output, Server and Address refers to the DNS server currently configured to be used by your system.

The hash (#) is a separator between the server’s IP that replied to your request and the port its service was running on.

Then the below section provides the A Record (IP Address) of the domain google.com.

In the output of nslookup, you will often notice the statement “Non-authoritative answer” (as illustrated above) as part of the lookup result.

This is to tell you that the results were provided by a server that is not the authoritative (primary) source.

Typically, this means the result was provided by a server (such as your Internet service provider) that held a cached copy of the DNS record.

On the other hand, an “Authoritative answer” is when the DNS server hosting the primary copy of the DNS records responds to your lookup.

2. Find the MX Record (Email Servers) for a Domain

An MX (mail exchanger) record specifies the mail server responsible for accepting emails on behalf of a domain name. In other words, this record controls where mail is sent to the domain.

To see the mail record (MX) for a domain, use the -type=mx option

nslookup -type=mx archlinux.org
Find the MX record using the nslookup command

3. Find the NS Record for a Domain

The NS (Name Servers) record of a domain is a map of all name servers that are authoritative for that domain. You can query for the NS records using the switch -type=ns.

As a result, it will output the name servers associated with the given domain.

nslookup -type=ns archlinux.org
Find the NS records using the nslookup command

4. Find the SOA Record of a Domain

SOA (Start Of Authority) record provides authoritative information about a domain as the email address of the administrator, when the domain was last updated, etc.

You can query for the SOA record using the switch -type=soa.

nslookup -type=soa archlinux.org
Find the SOA record using the nslookup command
  • origin: The primary name server for the domain
  • mail addr: The administrator’s email address can be confusing because it misses the @ sign. For example, in the above SOA record, hetzner.archlinux.org is the equivalent of [email protected].
  • serial: Incremental serial number that specifies the zone file version. The standard convention is to use the YYYYMMDD## format.
  • refresh: The time in seconds that a secondary DNS server waits before querying the primary DNS server.
  • retry: The interval to re-connect with the Primary DNS.
  • expire: The time that the secondary DNS will keep the cached zone file as valid.
  • minimum: the time that the secondary DNS should cache the zone file.

5. Reverse DNS Lookup

A reverse DNS lookup with querying for a server name based on an IP address you provide as an argument to nslookup.

nslookup 95.217.163.246Code language: CSS (css)
Reverse DNS lookup

6. Querying Another DNS Server

By default, nslookup will query the same DNS the system configures for all network operations. However, instead of using the default DNS server, you can specify a particular name server to resolve the domain name.

For example, you can set the authoritative name server as part of your request to get an authoritative answer.

nslookup archlinux.org oxygen.ns.hetzner.comCode language: CSS (css)
Querying another DNS server using the nslookup command

Here you may notice that we donโ€™t get any “Non-authoritative answer” header since oxygen.ns.hetzner.com has all the zone information of archlinux.org.

7. Debugging the Query Transaction

In addition, advanced users may need to examine the details of the query transaction more closely. This can be achieved using the -debug option:

nslookup -debug archlinux.orgCode language: CSS (css)
Debugging the nslookup query transaction

Conclusion

nslookup is one of the popular command-line software for DNS probing. This guide taught us how to install and use it for querying DNS information from a domain name and IP address.

Network administrators can use the nslookup command simultaneously with other software and receive diverse network data.

If you need it, here’s the man page for the nslookup command.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 68%