nslookup command on Linux

The nslookup command is a troubleshooting tool. It sends DNS queries to the configured or specified DNS server and retrieves information about the specified domain name or IP address. We can use this command in two modes: noninteractive and interactive.

We use the noninteractive mode to perform simple tasks such as retrieving one record for one domain name or IP address from the configured nameservers in the /etc/resolv.conf file. We use the interactive mode to perform extensive tasks such as changing nameservers or options and retrieving multiple records.

Using the nslookup command in the noninteractive mode

In the noninteractive mode, the nslookup command uses the following syntax.

#nslookup [domain name or IP address]

The following noninteractive nslookup command sends a DNS query to the name server configured in the /etc/resolv.conf and prints the response.

#nslookup google.com

The following image shows the output of this command.

the nslookup command

As we can see in the above output, the nslookup command sent a DNS query to provide all records related to the domain name google.com to the configured name server in the /etc/resolv.conf file and printed the answer it received from the configured name server.

The noninteractive mode is useful when we want to know the IP address of a domain name or the domain name of an IP address.

Using the nslookup command in the interactive mode

To start the nslookup command in the interactive mode, type nslookup and hit the Enter key.

#nslookup

The command enters the interactive mode and changes the command prompt to the greater than sign to indicate the nslookup command will process all inputs sent from the keyboard until you exit the interactive mode.

For example, if we type google.com in the interactive mode and press the Enter key, the nslookup command sends a DNS query to the configured named server, prints the answer, and returns the interactive mode's command prompt again.

> google.com

difference between interactive and noninteractive mode

Since we are still in the interactive mode, we can send another DNS query or perform other troubleshooting-related tasks.

To exit interactive mode, type exit and press the Enter key

exit the nslookup command

Options and arguments for the nslookup command

The nslookup command supports many options and arguments to control its functions.

set all

This option prints the default nameserver's IP address and the configured port number. By default, the nslookup command sends all DNS queries to the default name server on the configured port.

In the above output, the default nameserver is 192.168.29.100. It is configured to accept DNS queries on port 53. This means the nslookup command will send DNS queries to 192.168.29.100 on port 53 unless we specify another nameserver or port.

the nslookup command options and arguments

After the default nameserver's IP address, it prints the frequently used options and their default value. The options are available in two flavors: Boolean and value. The Boolean options do not have an equal sign after them. They accept only two values on and off. Their name indicates their default value. If a Boolean option's name starts with no precedes, its default value is off.

The default value of Boolean options novc, nodebug, and novc is off. The default value of the Boolean option search and recurse is on.

The value options accept multiple values based on their functions. The default value of each value option is written after the equal sign. For example, the default value of the port option is 53.

In the interactive mode, the set option allows us to change the default value of options. In noninteractive mode, we precede the option with a hyphen (-) to change its value.

Let's take some examples to understand how to use these options and their meanings.

The [no]debug option

This is a Boolean option. The default value of this option is off. If we turn it on, the nslookup command displays response messages the nameserver receives from the authoritative nameserver for the specified domain name. Without this option, it only displays the answer to the query.

The following command displays only the answer to the query.

#nslookup computernetworkingnotes.com

The following command displays the responses the nameserver received from the authoritative nameservers to the query.

#nslookup -debug computernetworkingnotes.com

The following image shows the output of both commands.

debug option interactive mode

In the interactive mode, you can use the set option to turn it on and off.

The following command turns it on.

>set debug

The following command turns it off.

>set nodebug

The following image shows how to use it in the interactive mode.

the debug option noninteractive option

The [no]search option

This option supersedes the local domain name. By default, the nolookup command automatically appends the domain names in the search list (specified by the srchlist option) to names that do not end with a dot.

The [no]recurse option

This is a Boolean option. The default value of this option is on. This option turns on the recursion-desired bit in query messages. Because of this option, by default, the nslookup command sends recursive queries.

The [no]d2 option

This is also a Boolean option. By default, this option is set to off. If we turn it on, it starts the second level of debugging. In the second level of debugging, it displays the query messages sent out in addition to the regular debugging output.

The [no]vc option

By default, the nslookup command uses the UDP protocol to send queries. If we turn this option on, the nslookup command uses the TCP protocol to send queries.

The port option

By default, nameservers listen on port 53. If a nameserver is configured on any other port, you can use this option to specify that port number to the nslookup command. If you use this option, the nslookup command sends queries to the specified port instead of the default port.

The querytype option

By default, the nslookup command sends queries for the resource record types A and PTR.

the nslookup command a and ptr records

If you want to retrieve information about another type, you need to specify that type. For example, if you want to know the configured mail servers within a domain, you need to use the record type MX.

the nslookup command mx record

The following command prints the configured nameservers within the domain Google.com.

the nslookup command ns record type

The following command prints the SOA record.

the nslookup command soa record

To learn about resource record types in detail, you can check this tutorial.

Types of resources records in zone files

The class option

There are three class types: IN, HS, and CH. Currently, only the IN class is used. The default value of this option is set to the IN class.

The timeout option

This option defines the time after that if the nslookup command does not receive the answer to the query, it resends the query to the name server. The default value is set to 5 seconds. You can change it to 10, 20, and then 40 seconds.

The retry option

This option defines the number of attempts the nslookup command can make before giving up. The default value is 4. If the nslookup command does not receive a response in four attempts, it prints an error message indicating the nameserver cannot be reached.

The srchlist option

If the search option is set to on, this option specifies the domain names the nslookup command will append to names that do not end with a dot.

By ComputerNetworkingNotes Updated on 2023-04-12 06:30:17 IST

ComputerNetworkingNotes Linux Tutorials nslookup command on Linux

Change or specify the DNS server to the nslookup command
How to configure reverse mapping on DNS name servers