The nslookup command sends DNS queries to the DNS server configured in the /etc/resolv.conf file. If multiple DNS servers are configured in this file, it sends DNS queries to the first DNS server in the list and follows the referral until it gets the answer to the query or an error. If it gets an error, it sends the same query to the next DNS server in the list and follows the same steps. This is the default behavior of the nslookup command.
Using the nslookup command to send queries to the default DNS server
Open a terminal and run the following command.
#nslookup google.com
This command sends a recursive query to the default DNS server configured in the /etc/resolv.conf file.
There are many types of DNS servers. Authoritative and caching-only are the main ones. An authoritative DNS server is authorized to resolve queries for the configured domains. It accepts only non-recursive queries. In a non-recursive query, the requestor system asks the receiver system to provide the answer to the DNS query.
A caching-only DNS server is not authorized to resolve queries for any domain. It communicates with authoritative DNS servers and resolves queries for DNS clients. It accepts recursive queries. In a recursive query, the requestor system asks the receiver system to resolve the DNS query on its behalf.
DNS clients use recursive queries to communicate with caching-only DNS servers. Caching-only DNS servers use non-recursive queries to communicate with authoritative DNS servers.
Generally, administrators configure a caching-only DNS server's IP address in the /etc/resolv.conf file.
If a caching-only DNS server's IP address is configured in the /etc/resolv.conf file, the following would happen.
- The system or the nslookup command sends recursive DNS queries to the configured caching-only DNS server.
- The caching-only DNS server converts them into non-recursive queries and forwards them to the authoritative DNS server.
- The authoritative DNS server resolves queries and answers the caching-only DNS server.
- The caching-only DNS server saves the answer in the cache for further use and replies to the requestor system.
- If the caching-only DNS server receives the same recursive query again, it resolves it from the cache.
If an authoritative DNS server's IP address is configured in the /etc/resolv.conf file, the following would happen.
- The system or nslookup command sends non-recursive queries to the configured authoritative DNS server.
- For each query, the authoritative DNS server checks its database.
- If it finds an answer to the query, it resolves the query and provides the answer to the requestor system or command.
- If it does find an answer to the query, it sends an error message to the requestor system indicating the requested information is not available on this server.
Since an authoritative DNS server does not resolve queries for other domains, administrators do not configure DNS clients to send their queries to it. They configure them to send their queries to a caching-only DNS server. A caching-only DNS server can resolve queries for any domain by communicating with the domain's authoritative name server.
To learn more about DNS servers and query types, you can check the following tutorial.
Authoritative V/s non-authoritative answers
An answer to a query is non-authoritative when it is provided by a DNS server that is not authorized to resolve the query. As mentioned earlier, a caching-only DNS server does not resolve queries for any domain. It provides only the answers it receives from authoritative DNS servers. Because of this, it always provides non-authoritative answers.
In contrast, an authoritative DNS server resolves queries for configured domains. It always provides authoritative answers.
The output of the nslookup command shows whether the answer is authoritative or non-authoritative.
If you want the nslookup command to send DNS queries to a specific DNS server, you need to change the default DNS server used by the nslookup command. The nslookup command works in two modes: interactive and non-interactive. In both modes, you can use the lserver and server options to specify the DNS server where the nslookup command should send DNS queries.
Let us take some examples to understand how to use both options.
Changing the default DNS server in the non-interactive mode
To send a DNS query to a specific DNS server, specify its name as an argument after the domain name. For example, the following command sends a DNS query to the default DNS server.
#nslookup google.com
The following command sends the same query to the ns1.google.com DNS server.
#nslookup google.com ns1.google.com
If you don't know the authoritative DNS server of a domain, you can use the querytype=NS option with the nslookup command to view its authoritative DNS servers. For example, to view the authoritative DNS servers of google.com, use the following command.
#nslookup -querytype=NS google.com
Changing the default DNS server in the interactive mode
The nslookup command starts an interactive session with the default DNS server. It uses the default DNS server to resolve queries until we specify a custom DNS server with the server option.
To view all authoritative DNS servers of a domain, we need to change the query type. The following command set the query type to NS.
>set querytype=NS
After changing the query type, specify the domain which DNS servers' names you want to see. The following command prints the DNS server of the domain google.com.
>google.com
To change the default DNS server, we use the server option.
The following command changes the default DNS server to ns1.google.com
>server ns1.google.com
After this command, the nslookup command will send all queries to the ns1.google.com server.
>google.com
Since it is Google's authoritative DNS server, it will resolve queries only for the resources available within the domain google.com. To verify it, let us resolve the name yahoo.com.
>yahoo.com
As we can in the above output, the DNS server refused to resolve this query.
To configure the nslookup command to use the local DNS server again, we use the lserver option. Specify the local DNS server's IP address or name after this option. The following command resets the default DNS server.
>lserver 192.168.29.100
After changing the default DNS server, you can send DNS queries again to the default DNS server.