Blog

  • Blog Home
  • What is the nslookup Command and How to Use it perfectly?
What is the nslookup Command and How to Use it perfectly?

October 3, 2023

8 min Read

What is the nslookup Command and How to Use it perfectly?

Are you here to learn about the nslookup command? Although it may seem complex, it is actually a common and essential tool for many users. The nslookup command stands for “name server lookup.” It helps you find the domain name associated with an IP address or the IP address associated with a domain name. The latter is known as reverse DNS lookup. This tool is particularly useful for those looking to resolve issues related to DNS or the Domain Name System. In this blog, you will delve into the nslookup command, comprehend its uses, and understand its significance. So, let’s dive right in.

Table of contents

  1. What is the nslookup Command?
  2. What is the Importance of the nslookup Command?
  3. A Few Examples of nslookup Command
  4. How to Use the nslookup Command and its Syntax?
  5. 10 Ways You Can Use the nslookup Command
  6. Conclusion

What is the nslookup Command?

Administrators or users troubleshooting DNS server issues often rely on this command for a quick solution. It is used to find an IP address within the DNS or Domain Name System records when you input a domain name or a hostname. Similarly, it can also be employed to search for the domain name when you enter an IP address. This process is known as reverse DNS lookup. In essence, it is a command-line tool that assists you in searching for a specific IP address or DNS record based on the provided domain name. Domain Name Systems, or DNS, can be either private or public, depending on the user’s preference.

What is the Importance of the nslookup Command?

The nslookup command is a valuable tool that enables you to search for domain names and IP addresses. Additionally, users frequently encounter DNS-related issues on their devices. This tool aids in resolving these DNS problems by identifying the correct domain name or IP address. Another capability of the nslookup command is retrieving essential mail records. For instance, if someone sends an email to your domain, that information is stored within the Mail Exchange Records. The nslookup command allows you to access these records for further use, making it especially beneficial for those who incorporate email marketing into their business strategies.

A Few Examples of nslookup Command

The nslookup command offers many variations, enabling you to utilize the tool based on different use cases. Some examples of this tool, along with brief descriptions, are presented here for your ease of use.
  • name - This displays information on the hostname or the domain name using the current default server.
  • server name - This sets up a default server using the information of the current server in use.
  • root - This designates the root server as the default server.
  • set type=<record type> - This retrieves the record you need based on the ‘type’ you enter as the keyword. The available keywords are A, CNAME, MX, NS, PTR, or SOA, where MX equals Mail Exchange Records. If you write ‘ANY’, you will receive all available records.
  • set debug - This places the tool in debug mode. Each query will have a specific response and accompanying information.
  • set recurse - If there is no information available on the default server, this directs the DNS nameserver to query other servers.
  • help - This provides detailed information on the various nslookup commands available and their functions.
  • exit - This exits the nslookup command tool.

How to Use the nslookup Command and its Syntax?

Now that we have learned about the nslookup command and its importance, let’s explore how we can use it to our advantage.

Prerequisites

There are two basic requirements for using the nslookup command. First, you need a stable internet connection, and second, you need access to the command line interface. This can be done on Windows, Mac, and Linux. You would need the Command Prompt on Windows or Terminal on Linux and macOS. The appearance will differ for each operating system.

Syntax

There are two primary modes available for use with the nslookup command: interactive mode and non-interactive mode. The interactive mode is helpful when you need to gather multiple pieces of information about the domain name or the host. It enables you to add different keywords and parameters to obtain more information. Its syntax is simply nslookup. This provides you with the default server, the address, and the command line prompt where you can add further parameters from your end. This mode uses one line for each command and domain name. As for the non-interactive mode, it is designed to help you get a single query about the domain name or the host. It serves as the default setting of the nslookup command, and its basic syntax is: nslookup google.com Instead of Google, you can input any domain name whose information you wish to collect. In the non-interactive mode, you need to place all commands and domain names in the same line, unlike the interactive mode, as it is a single-query command.

How Does it Work?

So, what goes on behind the nslookup command? Well, there are two answers that you might get from the command: the authoritative answer and the non-authoritative answer. The latter occurs when you have been using the command enough times to develop a cache. As a result, the tool fetches the results from the DNS cache rather than the authoritative domain server. When you use the command for the very first time, there is no cache stored, so you receive the authoritative responses on the first try. The process goes something like this: You access a website, and the browser sends a query to the DNS resolver to fetch the website’s IP address for the connection to occur on your end. The DNS resolver conveys this query to the root server with the necessary privileges, which then directs the resolver to the top-level domain (TLD) server. The TLD server takes this response to the authoritative server, where all the information about the website’s domain name and IP address is stored. The authoritative server fetches this DNS record and takes it all the way back to the browser, maintaining the desired connection on your end. Now, whenever you access the website again, the whole process will not repeat or go through irrelevant steps. Instead, the browser will go to the DNS cache, fetch the records, and provide you with a faster connection and a personalized experience. However, just like browser cache, the DNS cache can also create a hurdle of errors for you. The DNS records in the DNS cache may be outdated, resulting in non-authoritative responses that are old. This might be a problem if you are already trying to mitigate DNS-related errors on your end. You don’t need more errors piling up. But there are syntaxes that can help you get the authoritative answer even if you are not using the tool for the first time. We will discuss this further with more examples of the nslookup command.

10 Ways You Can Use the nslookup Command

Here are the multiple ways you can use the nslookup command,
  1. View NS Records
The NS records are used when you need to find all possible domain name servers for the query. The NS records store all the names of the domain name servers. Here is how you can view them through the nslookup command:   nslookup -type=ns [domain-name]  
  1. View MX Records
The MX records are the mail exchange records. They are used to process mail requests for a specific domain. They store the relevant email requests and send them to the valid mail server. Here is how to access them using the nslookup command:   nslookup -type=mx [domain-name]  
  1. Do the Reverse DNS Lookup
The nslookup command is usually used when you need to find out the IP address of a domain name. However, sometimes, you might need to look up the domain name using the IP address. This is when the reverse DNS lookup is used. Here is how you can use it:   nslookup [ip-address]  
  1. View SOA Records
This command provides authoritative information about the authoritative server. It will display results like the administrator’s email address, serial number, refresh interval, and even the query expiration time. This is known as the Start of Authority Records, and you can get the desired output through this syntax:   nslookup [ip-address]   However, there is another important use case for the SOA records. As discussed earlier, there is an authoritative response and a non-authoritative response. You can get an authoritative response even if you are not using the tool for the first time. The information is also stored in the SOA records. Hence, to get the authoritative response for your domain name, you can make this variation in the SOA records syntax:   nslookup -type=soa domainname.tld  
  1. View Text Records
This command allows the administrator to put readable text into the DNS. It contains readable text and information for people outside the domain. Here is how to get these records on the command line: nslookup -type=txt [domain-name]  
  1. View All Records
If you want to fetch all the information through a one-line syntax, you can do so with this command. By using ‘ANY’ as the keyword, all possible records are displayed, including NS records, MX records, SOA records, and TXT records. Here is how to use it:   nslookup -type=any [domain-name]  
  1. View a Specific Name Server’s Details
If you want information on a specific server, its internet protocol system, whether it is IPv4 or IPv6, you need this syntax to help you out:   nslookup [domain-name] [name-server]  
  1. View Pointer Records
This command is basically a verification for the Reverse DNS lookup command. It holds the records to confirm whether the IP address does indeed belong to the designated domain name. To use this command, you must enter the IP address in reverse to make it work. Here is how:   nslookup -type=ptr [reverse-ip-address].in-addr.arpa  
  1. Use a Non-Default Port for Queries
There are different ports that you can use for your queries. Normally, the DNS server uses port 53 to process the requests and commands. However, to shift the queries, you can define a port by using the following syntax: nslookup -port=[port-number] [domain-name]  
  1. Enable the Debug Mode
The debug mode can help you get detailed information and debugging details about each query. Here is how to enable it:   nslookup -debug [domain-name]  

Conclusion

In summary, the nslookup command serves as a valuable tool for addressing DNS issues whenever needed. It assists in retrieving DNS records, mail exchange records, and locating debugging information for a domain name server. While it operates in two fundamental modes, it encompasses a range of use cases that can be advantageous for you.

Related Articles