Table of Contents

About

Nslookup is a DNS client program to query (ie lookup) domain name servers and get back DNS record information

nslookup is not performing a lookup on the content of the host file as ping does.

Mode

Nslookup has two modes:

interactive (online)

nslookup -DnsServerHostName

non-interactive

nslookup myHostName

The local DNS file is /etc/resolv.conf

How to

Search an IP from a Domain Name

The syntax to search an IP from a Domain Name is: 

nslookup name.domain_name dns_server

where:

Example when:

  • The domain name looked is gerardnico.com
  • The DNS server is a cloudflare one. adel.ns.cloudflare.com
  • You got as IPv4: 104.18.42.134

Forward DNS Query: 

nslookup datacadamia.com adel.ns.cloudflare.com

Result: 

Server:  adel.ns.cloudflare.com
Address:  173.245.58.55

Name:    datacadamia.com
Addresses:  2606:4700:30::6812:2b86
          2606:4700:30::6812:2a86
          104.18.42.134
          104.18.43.134

Reverse lookup (from IP to Name)

For a reverse lookup, just enter the IP.

Example: 

nslookup 192.168.135.15

Server:  amplifi.lan
Address:  192.167.133.1

Name:    webserver.lan
Address:  192.168.133.15

Get all DNS properties

nslookup -all 10.50.35.120

Default server: 10.50.34.245
Address: 10.50.34.245#53
Default server: 10.50.34.244
Address: 10.50.34.244#53

Set options:
  novc                  nodebug         nod2
  search                recurse
  timeout = 0           retry = 3       port = 53       ndots = 1
  querytype = A         class = IN
  srchlist = reddog.microsoft.com/ad.whatever
120.35.40.09.in-addr.arpa       name = hostname.ad.whatever

Get records by type

Example for the NS record (ie What is a DNS Server (nameserver) ?) 

nslookup -type=NS google.com

google.com      nameserver = ns2.google.com
google.com      nameserver = ns3.google.com
google.com      nameserver = ns4.google.com
google.com      nameserver = ns1.google.com

Help

> help

Commands:   (identifiers are shown in uppercase, [] means optional)
NAME            - print info about the host/domain NAME using default server
NAME1 NAME2     - as above, but use NAME2 as server
help or ?       - print info on common commands
set OPTION      - set an option
    all                 - print options, current server and host
    [no]debug           - print debugging information
    [no]d2              - print exhaustive debugging information
    [no]defname         - append domain name to each query
    [no]recurse         - ask for recursive answer to query
    [no]search          - use domain search list
    [no]vc              - always use a virtual circuit
    domain=NAME         - set default domain name to NAME
    srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc.
    root=NAME           - set root server to NAME
    retry=X             - set number of retries to X
    timeout=X           - set initial time-out interval to X seconds
    type=X              - set query type (ex. A,AAAA,A+AAAA,ANY,CNAME,MX,NS,PTR,SOA,SRV)
    querytype=X         - same as type
    class=X             - set query class (ex. IN (Internet), ANY)
    [no]msxfr           - use MS fast zone transfer
    ixfrver=X           - current version to use in IXFR transfer request
server NAME     - set default server to NAME, using current default server
lserver NAME    - set default server to NAME, using initial server
root            - set current default server to the root
ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE)
    -a          -  list canonical names and aliases
    -d          -  list all records
    -t TYPE     -  list records of the given RFC record type (ex. A,CNAME,MX,NS,PTR etc.)
view FILE           - sort an 'ls' output file and view it with pg
exit            - exit the program

where:

Documentation / Reference