The Advanced Guide to Using nslookup in Linux

Nslookup Featured

As a network administrator, you will find that the nslookup command is one of your most essential tools. With nslookup, you can check DNS records to troubleshoot problems with your DNS server or a specific DNS record. In this article, we take a closer look at nslookup and show you some practical examples of how to use it.

What Is nslookup?

Nslookup stands for “name server lookup.” The nslookup command line tool is used for querying the Domain Name System (DNS) to obtain domain name or IP address mapping or other DNS records. It’s simple yet powerful, and you can use it to find out more information about a DNS record.

Why Use nslookup?

The nslookup command is a very powerful DNS query tool. It can be used for troubleshooting DNS issues or simply to obtain information about a DNS record. For example, you can use nslookup to find out the IP address of a website or to find out the DNS records of a domain.

With that said, let’s take a closer look at how to install and use nslookup.

Installing nslookup on Linux

On most Linux distributions, nslookup is included in the bind-utils package.

On Debian or Ubuntu, you can use the apt package manager:

sudo apt install dnsutils-y

On Centos/RHEL/Fedora, you can use the yum package manager:

sudo yum install bind-utils -y

On ArchLinux:

pacman -Sy dnsutils

Performing a Simple Query

The general syntax for the nslookup command is as follows:

nslookup <domain-name><options>

<domain-name> is the domain name that you want to query, and <options> is any options that you want to use. These options control how nslookup behaves. You will learn more about the options throughout this tutorial. For now, let’s start with a simple example.

To perform a simple DNS query, specify the domain name that you want to query without specifying any options.

For example, run the following command to query the DNS records for the domain name google.com:

nslookup google.com

This command returns all of the DNS records for the specified domain name.

Understanding the Output

When you run the nslookup command without specifying any options, it will return a lot of information by default. Let’s take a closer look at what this output means.

Nslookup Understand Outout

The first thing you will see is the server and the address that nslookup is using. By default, nslookup uses the DNS server that is configured on your system. In most cases, this will be the DNS server of your ISP.

In this case, the server is “127.0.0.53,” which is the localhost IP address, this tutorial is running nslookup on the same machine that is hosting my DNS server. If you’re not running your own DNS server, you will see the IP address of your ISP’s DNS server.

Port 53 is the port that is used for DNS queries and is the standard port for DNS queries.

Nslookup Server Address

After the server information, you will see the Non-authoritative answer line. This line indicates that the answer that nslookup received was not from the authoritative DNS server for the domain. This answer is cached and forwarded from the local server that nslookup queried.

In most cases, this is totally fine, and you don’t need to worry about it. But if you’re troubleshooting DNS issues, you may want to get the answer from the authoritative DNS server for the domain.

Below the Non-authoritative answer line, you will see the DNS records for the specified domain name. In this case, there are two A records returned. These A records contain the IP addresses for the domain name.

You will also see that there are different IP addresses returned, as Google has set up “DNS load balancing.” When you query Google’s DNS servers, you will get a different IP address each time to distribute the load across their servers and make things faster for everyone.

Nslookup Dns Records

Note: if you are not getting any results, you may need to flush the DNS cache on your system. If you have edited your “/etc/hosts” file, it may skew the nslookup results too.

Using a Specific DNS Server

Using a specific DNS server can be useful if you’re troubleshooting DNS issues pertaining to a specific DNS server. Or, maybe you’re on a network that is using a private DNS server and want to query using that server instead of your ISP’s DNS servers.

To use a specific DNS server with nslookup, you need to specify the domain name that you want to query followed by the DNS server. For example, to query the DNS records for superuser.com using the Google DNS servers (8.8.8.8), run the following command:

nslookup superuser.com 8.8.8.8

The Google DNS servers are a good choice because they’re fast and reliable, but you can use any DNS server you wish.

This time, we got the DNS records from the Google DNS servers – and four A records instead of two, as superuser.com uses four different DNS servers to handle the traffic.

You can use this same technique to query any DNS server you would like. Specify the domain name followed by the IP address of the DNS server.

Nslookup Specify Dns Server

Specifying the Record Type

By default, nslookup will return all A DNS records for a domain. But what if you only want to query for a specific record type?

For example, maybe you’re trying to access a website but getting an error saying that the DNS server can’t find the A record for the domain. In this case, you could use nslookup to query for the A record and see if it’s returning the correct IP address.

To query for a specific DNS record type, use the -type option. It takes one argument, which is the record type that you want to query for. The most common DNS record types are:

  • A: Address Record – maps a domain name to an IPv4 address.
  • AAAA: IPv6 Address Record – maps a domain name to an IPv6 address.
  • CNAME: Canonical Name Record – maps an alias to a real domain name and is helpful when you run an FPT or an Nginx web server.
  • MX: Mail Exchange Record – maps a domain name to an email server and helps you verify that your email is set up correctly.
  • NS: Name Server Record – maps a domain name to a DNS server and specifies which DNS server is responsible for a domain and where to find the DNS records for that domain.
  • TXT: Text Record – stores text information for a domain, can be used to store things like SPF records and ensures that your email is safe from spam or phishing attacks.

Use the following syntax to query for a specific record type:

nslookup <domain> <dns_server> set type=<record_type>

For example, run the following command to query for the CNAME record of superuser.com:

nslookup superuser.com -type=cname
Nslookup Specify Cname Record

To query for the MX record of google.com, run the following command:

nslookup google.com -type=mx
Nslookup Specify Mx Record

Similarly, you can query for any other DNS record type that you want – just be sure to use the correct record type in the command.

Querying All DNS Record Types

If you want to query for all of the DNS record types for a domain, you need to use the -type=any option. It returns every record type for a domain, including A, AAAA, CNAME, MX, etc.

This option can be useful if you want to get a complete picture of the DNS records for a domain.

For example, run the following command to query all the DNS records of google.com:

nslookup -type=any superuser.com

As you can see below, this command returns all of the DNS records for google.com:

Nslookup Specify All Record

Performing a Reverse DNS Lookup

In addition to querying DNS servers for information about a domain, you can also use nslookup to query DNS servers for information about an IP address. This is called a reverse DNS lookup.

Suppose you have the IP address of a server and want to find the hostname of that server. A reverse DNS lookup can help you do that.

To perform a reverse DNS lookup, run the nslookup command followed by the IP address that you want to lookup.

For example, run the following command to perform a reverse DNS lookup for the IP address “142.250.204.46”:

nslookup 142.250.204.46

This will return the hostname of the server with the IP address 142.250.204.46.

Enabling the Debugging Mode

Advanced users can enable the debugging mode in nslookup to get more information about the DNS queries. This mode is helpful if you’re troubleshooting DNS issues and want to see what’s happening behind the scenes.

To enable the debugging mode, use the -debug option. For example, to query for the A record of google.com and enable the debugging mode, run the following command:

nslookup -debug google.com
Nslookup Debugging Mode 1

This command returns a lot of information about the DNS query. This information can be helpful if you’re trying to troubleshoot DNS issues.

Logging the Output to a File

It can be helpful to log the output of nslookup to a file. You can save this file and share it with your fellow system administrators so that they can help you troubleshoot DNS issues.

Use the following syntax to save the output of nslookup to a file:

nslookup <domain> > /path/to/file

For example, to query for all of the A DNS records for google.com and save the output to a file called “google_dns_records.txt,” run the following command. The > symbol is used to redirect the output of a command to a file.

nslookup -debug google.com > google_dns_records.txt

Run the ls -la command below to verify that the log file was created:

ls -la google_dns_records.txt

As you can see below, the file was successfully created.

Nslookup Log File

Run the cat command below to view the contents of the file.

cat google_dns_records.txt

As you can see below, the log file contains all of the DNS records for google.com.

Nslookup View Log File

Using the Interactive Mode

Throughout this article, we’ve used the nslookup command with different options to query DNS servers in non-interactive mode, which allows you to specify all of the options in a single command.

In addition to the non-interactive mode, nslookup also has an interactive mode. In interactive mode, you can issue different commands to query DNS servers without having to type the entire nslookup command each time.

In general, if you’re going to issue a few DNS queries, the non-interactive mode is the way to go. But if you’re going to issue many DNS queries or want to experiment with different nslookup options, interactive mode can be more convenient and logical.

To enter interactive mode, run the below command.

nslookup

Your prompt will change to > as shown below. This indicates that you’re now in interactive mode.

Nslookup Interactive Mode

You can run all of the nslookup commands that we’ve covered in this tutorial without having to type nslookup each time.

Nslookup Use Interactive Mode

To exit interactive mode, run the exit command.

Nslookup Exit Interactive Mode

If you want to learn more about using nslookup, check out the nslookup man page.

nslookup vs. dig

Both nslookup and dig are great tools for querying DNS servers. In general, both tools will give you the same results. You can run a query using both tools and compare the results. This is a great way to cross-check the results of your query.

If you have to choose one tool over the other, it’s recommended to use dig, as nslookup is ancient. It was first released in the early 1980s and has been largely abandoned by its developers. In contrast, dig is still being actively developedm si you’re more likely to find new features and bug fixes in dig than in nslookup.

Note: if you are seeing a “No Route to Host” connection error, we have fixes here.

Frequently Asked Questions

Is nslookup a DNS?

No. nslookup is a network administration tool for querying the Domain Name System (DNS) and requires a DNS server to be running to work. However, nslookup can also use a file called “/etc/hosts” as a source of DNS information.

How do I check my DNS settings in Linux?

The “/etc/resolv.conf” file is where your DNS settings are stored in Linux. Use the cat command to view the contents of this file.

I encountered the "Can't find server name…" error when using nslookup. How do I fix this?

This is a known bug with nslookup. The workaround is to use your local DNS server to make the query. Omit the custom DNS server’s IP address parameter from the command as nslookup google.com, and it should work.

Image credit: Unsplash. All screenshots by Nicholas Xuan Nguyen.

Nicholas Xuan Nguyen
Nicholas Xuan Nguyen

I am a big fan of Linux and open source software. I have been using Linux for over a decade and I absolutely love it. I am also a big fan of writing. In my spare time, I enjoy reading, playing video games.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox