nslookup command on Linux

The nslookup command is a troubleshooting tool. It sends DNS queries to the configured or specified DNS server and retrieves domain name or IP address information. We can use this command in two modes: noninteractive and interactive.

We use the noninteractive mode to perform simple tasks such as retrieving one record for one domain name or IP address from the configured nameservers in the /etc/resolv.conf file. We use the interactive mode to perform extensive tasks such as changing nameservers or options and retrieving multiple records.

Using the nslookup command in the noninteractive mode

In the noninteractive mode, the nslookup command uses the following syntax.

#nslookup [domain name or IP address]

The following noninteractive nslookup command sends a DNS query to the name server configured in the /etc/resolv.conf and prints the response.

#nslookup google.com

The following image shows the output of this command.

As we can see in the above output, the nslookup command sent a DNS query to provide all records related to the domain name google.com to the configured name server in the /etc/resolv.conf file and printed the answer it received from the configured name server.

The noninteractive mode is useful when we want to know a domain name's IP address or an IP address's domain name.

Using the nslookup command in the interactive mode

To start the nslookup command in the interactive mode, type nslookup and hit the Enter key.

#nslookup

The command enters the interactive mode and changes the command prompt to the greater than sign to indicate the nslookup command will process all inputs sent from the keyboard until you exit the interactive mode.

For example, if we type google.com in the interactive mode and press the Enter key, the nslookup command sends a DNS query to the configured named server, prints the answer, and returns the interactive mode's command prompt.

> google.com

Since we are still in the interactive mode, we can send another DNS query or perform other troubleshooting-related tasks.

To exit interactive mode, type exit and press the Enter key

Options and arguments for the nslookup command

The nslookup command supports many options and arguments to control its functions. Let us discuss important ones.

set all

This option prints the default nameserver's IP address and the configured port number. The nslookup command sends all DNS queries to the default name server on the configured port by default.

In the above output, the default nameserver is 192.168.29.100. It is configured to accept DNS queries on port 53. Therefore, the nslookup command will send DNS queries to 192.168.29.100 on port 53 unless we specify another nameserver or port.

After the default nameserver's IP address, it prints the frequently used options and their default value. The options are available in two flavours: Boolean and value. The Boolean options do not have an equal sign after them. They accept only two values: on and off. Their name indicates their default value. The default value is off if a Boolean option's name starts with no precedes.

The default value of Boolean options: novc, nodebug, and novc is off. The default value of the Boolean options: search and recurse is on.

The value options accept multiple values based on their functions. The default value of each value option is written after the equal sign. For example, the default value of the port option is 53.

In the interactive mode, the set option allows us to change the default value of options. In noninteractive mode, we precede the option with a hyphen (-) to change its value.

Let's take some examples to understand how to use these options and their meanings.

The [no]debug option

It is a Boolean option. The default value of this option is off. If we turn it on, the nslookup command displays response messages the nameserver receives from the authoritative nameserver for the specified domain name. Without this option, it only shows the answer to the query.

The following command displays only the answer to the query.

#nslookup computernetworkingnotes.com

The following command displays the responses the nameserver received from the authoritative nameservers to the query.

#nslookup -debug computernetworkingnotes.com

The following image shows the output of both commands.

In the interactive mode, you can use the set option to turn it on and off.

The following command turns it on.

>set debug

The following command turns it off.

>set nodebug

The following image shows how to use it in the interactive mode.

The [no]search option

This option supersedes the local domain name. By default, the nolookup command automatically appends the domain names in the search list (specified by the srchlist option) to names that do not end with a dot.

The [no]recurse option

It is a Boolean option. The default value of this option is on. This option turns on the recursion-desired bit in query messages. Because of this option, by default, the nslookup command sends recursive queries.

The [no]d2 option

It is also a Boolean option. By default, this option is set to off. If we turn it on, it starts the second level of debugging. The second debugging level displays the query messages sent out in addition to the regular debugging output.

The [no]vc option

By default, the nslookup command uses the UDP protocol to send queries. If we turn this option on, the nslookup command uses the TCP protocol to send queries.

The port option

By default, nameservers listen on port 53. If a nameserver is configured on any other port, you can use this option to specify that port number to the nslookup command. If you use this option, the nslookup command sends queries to the specified port instead of the default port.

The querytype option

By default, the nslookup command sends queries for the resource record types A and PTR.

If you want to retrieve information about another type, specify that type. For example, if you want to know the configured mail servers within a domain, use the record type MX.

The following command prints the configured nameservers within the domain Google.com.

The following command prints the SOA record.

The class option

There are three class types: IN, HS, and CH. Currently, only the IN class is used. The default value of this option is set to the IN class.

The timeout option

This option defines the time after that if the nslookup command does not receive the answer to the query, it resends the query to the name server. The default value is set to 5 seconds. You can change it to 10, 20, and then 40 seconds.

The retry option

This option defines the number of attempts the nslookup command can make before giving up. The default value is 4. If the nslookup command does not receive a response in four attempts, it prints an error message indicating the nameserver cannot be reached.

The srchlist option

If the search option is set to on, this option specifies the domain names that the nslookup command will append to names that do not end with a dot.

Conclusion

The nslookup command is a useful tool for troubleshooting network and DNS issues. It enables users to send specific DNS queries to designated name servers and examine the responses for analysis and diagnosis.