Change or specify the DNS server to the nslookup command
The nslookup command sends DNS queries to the DNS server configured in the /etc/resolv.conf file. If multiple DNS servers are configured in this file, it sends DNS queries to the first DNS server in the list and follows the referral until it gets the answer to the query or an error. If it gets an error, it sends the same query to the next DNS server in the list and follows the same steps. It is the default behaviour of the nslookup command.
The following nslookup command sends DNS queries to the default DNS server for the domain name google.com.
#nslookup google.com
This command sends a recursive query to the default DNS server configured in the /etc/resolv.conf file.
There are many types of DNS servers. Authoritative and caching-only are the main ones. An authoritative DNS server is authorized to resolve queries for the configured domains. It accepts only non-recursive queries. In a non-recursive query, the requestor system asks the receiver system to provide the answer to the DNS query.
A caching-only DNS server is not authorized to resolve queries for any domain. It communicates with authoritative DNS servers and resolves queries for DNS clients. It accepts recursive queries. In a recursive query, the requestor system asks the receiver system to resolve the DNS query on its behalf.
DNS clients use recursive queries to communicate with caching-only DNS servers. Caching-only DNS servers use non-recursive queries to communicate with authoritative DNS servers.
Generally, administrators configure a caching-only DNS server's IP address in the /etc/resolv.conf file. If a caching-only DNS server's IP address is configured in the /etc/resolv.conf file, the following would happen.
- The system or the nslookup command sends recursive DNS queries to the configured caching-only DNS server.
- The caching-only DNS server converts them into non-recursive queries and forwards them to the authoritative DNS server.
- The authoritative DNS server resolves DNS queries and answers the caching-only DNS server.
- The caching-only DNS server saves the answer in the cache for further use and replies to the requestor system.
- If the caching-only DNS server receives the same recursive query again, it resolves it from the cache.
If an authoritative DNS server's IP address is configured in the /etc/resolv.conf file, the following would happen.
- The system or nslookup command sends non-recursive queries to the configured authoritative DNS server.
- For each query, the authoritative DNS server checks its database.
- If it finds an answer to the query, it resolves it and provides the answer to the requestor system or command.
- If it finds an answer to the query, it sends an error message to the requestor system, indicating the requested information is unavailable on this server.
Since an authoritative DNS server does not resolve queries for other domains, administrators do not configure DNS clients to send their queries to it. They configure them to send their queries to a caching-only DNS server. A caching-only DNS server can resolve queries for any domain by communicating with the domain's authoritative name server.
Authoritative V/s non-authoritative answers
An answer to a query is non-authoritative when it is provided by a DNS server that is not authorized to resolve the query. As mentioned earlier, a caching-only DNS server does not resolve queries for any domain. It provides only the answers it receives from authoritative DNS servers. Because of this, it always offers non-authoritative answers.
In contrast, an authoritative DNS server resolves queries for configured domains. It always provides authoritative answers.
The output of the nslookup command shows whether the answer is authoritative or non-authoritative.
If you want the nslookup command to send DNS queries to a specific DNS server, you need to change the default DNS server used by the nslookup command. The nslookup command works in two modes: interactive and non-interactive. In both modes, you can use the lserver and server options to specify the DNS server where the nslookup command should send DNS queries.
Let us take some examples to understand how to use both options.
Changing the default DNS server in the non-interactive mode
To send a DNS query to a specific DNS server, specify its name as an argument after the domain name. For example, the following command sends a DNS query to the default DNS server.
#nslookup google.com
The following command sends the same query to the ns1.google.com DNS server.
#nslookup google.com ns1.google.com
If you don't know the authoritative DNS server of a domain, you can use the querytype=NS option with the nslookup command to view its authoritative DNS servers. For example, to view the authoritative DNS servers of google.com, use the following command.
#nslookup -querytype=NS google.com
Changing the default DNS server in the interactive mode
The nslookup command starts an interactive session with the default DNS server. It uses the default DNS server to resolve queries until we specify a custom DNS server with the server option.
We need to change the query type to view all authoritative DNS servers of a domain. The following command sets the query type to NS.
>set querytype=NS
After changing the query type, specify the domain which DNS servers' names you want to see. The following command prints the DNS server of the domain google.com.
>google.com
To change the default DNS server, we use the server option. The following command changes the default DNS server to ns1.google.com
>server ns1.google.com
After this command, the nslookup command will send all queries to the ns1.google.com server.
>google.com
Since it is Google's authoritative DNS server, it will resolve queries only for the resources available within the domain google.com. To verify it, let us resolve the name yahoo.com.
>yahoo.com
As we can see in the above output, the DNS server refused to resolve this query.
To configure the nslookup command to use the local DNS server again, we use the lserver option. Specify the local DNS server's IP address or name after this option. The following command resets the default DNS server.
>lserver 192.168.29.100
After changing the default DNS server, you can send DNS queries again to the default DNS server.
Conclusion
The nslookup command sends DNS queries to the configured DNS servers on the system. It accepts the DNS server's IP address or name as the argument. If we provide it, it sends DNS queries to the given DNS server instead of the configured DNS server.
This tutorial is part of the following tutorial series on DNS server concepts and configurations.
Chapter 01 How to configure DNS Server in Linux
Chapter 02 DNS Basic Concepts, Fundamentals, and Terminology
Chapter 03 DNS Server and Query Types Explained
Chapter 04 The /etc/hosts, /etc/resolv.conf, and /etc/nsswitch.conf files
Chapter 05 The dig command on Linux
Chapter 06 The nslookup command on Linux
Chapter 07 Change or specify the DNS server to the nslookup command
Chapter 08 DNS zone File Format
Chapter 09 The TTL and ORIGIN directives in the zone file
Chapter 10 Types of resources records in zone files
Chapter 11 The SOA Record Explained in the DNS zone file
Chapter 12 The NS Record, Glue record, and Lame Delegation
Chapter 13 The MX record in a zone file explained
Chapter 14 The a, aaaa, and cname DNS record types
Chapter 15 The pointer (PTR) record and Reverse mapping Explained
Chapter 16 How to configure a caching-only name server
Chapter 17 How to configure DNS Forwarding and a forwarder name server
Chapter 18 How to configure a primary or master authoritative name server
Chapter 19 How to configure a secondary or slave authoritative name server
Chapter 20 How to configure reverse mapping on DNS name servers
By ComputerNetworkingNotes Updated on 2025-10-10