DEV Community

Sunny Bhambhani
Sunny Bhambhani

Posted on • Edited on

nslookup

#sbwriteups #network #tipsandtricks #linux

nslookup

This is the second tool/utility on the list that is quite useful when it's necessary to determine whether a domain name or IP address can be resolved, or there can be other scenarios as well like:

  • health checks.
  • troubleshooting.
  • sanity testing.
  • put them in a pipeline.
  • there could be N different use cases.

This article is nothing about new technologies or tools, but it's just a refresher on the utility called nslookup and what all it can do :)

In simple terms, it is a utility that queries domain name servers to determine whether or not a specific IP address or domain name is resolveable. Honestly speaking, it doesn't end just with the A records, you can get a wealth of information just from this tool.

Below, we will just go through some of the simple examples of how it can help and what information we can get?

Though this command can be used in both modes, interactive and non-interactive, we will mostly look at the non-interactive side of it. But still, if you are looking for the interactive one, just type nslookup and press Enter, and you will be brought to the nslookup prompt.

$ nslookup > google.com Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: google.com Address: 142.250.192.46 Name: google.com Address: 2404:6800:4009:828::200e >
Enter fullscreen mode Exit fullscreen mode

Lets head on to some examples:

  • If you are looking out for a simple DNS lookup, you can just fire nslookup DOMAIN_NAME: 
$ nslookup google.com Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: google.com Address: 142.250.192.46 Name: google.com Address: 2404:6800:4009:828::200e
Enter fullscreen mode Exit fullscreen mode
  • If you want to do a reverse DNS lookup, simply type nslookup IP: 
$ nslookup 142.250.192.46 46.192.250.142.in-addr.arpa name = bom12s15-in-f14.1e100.net.
Enter fullscreen mode Exit fullscreen mode

NOTE: You might see -type / -query / -querytype being used interchanbely.

  • To find mail exchange servers, use nslookup -type=mx DOMAIN_NAME; honestly, this -type flag is really interesting and useful (you'll see some of the interesting things in the examples below). 
$ nslookup -type=mx google.com Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: google.com mail exchanger = 10 smtp.google.com.
Enter fullscreen mode Exit fullscreen mode
  • If you are looking for a list of name servers, you can use nslookup -type=ns DOMAIN_NAME: 
$ nslookup -type=ns google.com Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: google.com nameserver = ns1.google.com. google.com nameserver = ns2.google.com. google.com nameserver = ns3.google.com. google.com nameserver = ns4.google.com.
Enter fullscreen mode Exit fullscreen mode
  • If you are looking for just the A records, use a with -type: 
$ nslookup -type=a google.com Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: google.com Address: 142.250.192.142
Enter fullscreen mode Exit fullscreen mode
  • The most interesting one is any with -type, which displays all the information that is available for a particular domain name: 
$ nslookup -type=any google.com Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: google.com Address: 216.58.196.78 Name: google.com Address: 2404:6800:4009:809::200e google.com rdata_257 = 0 issue "pki.goog" google.com nameserver = ns2.google.com. google.com text = "google-site-verification=TV9-DBe4R80X4v0M4U_bd_J9cpOJM0nikft0jAgjmsQ" google.com text = "atlassian-domain-verification=5YjTmWmjI92ewqkx2oXmBaD60Td9zWon9r6eakvHX6B77zzkFQto8PQ9QsKnbf4I" google.com text = "docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e" google.com mail exchanger = 10 smtp.google.com. google.com rdata_65 = 1 . alpn="h2,h3" google.com text = "docusign=1b0a6754-49b1-4db5-8540-d2c12664b289" google.com text = "onetrust-domain-verification=de01ed21f2fa4d8781cbc3ffb89cf4ef" google.com nameserver = ns1.google.com. google.com nameserver = ns3.google.com. google.com text = "MS=E4A68B9AB2BB9670BCE15412F62916164C0B20BB" google.com text = "v=spf1 include:_spf.google.com ~all" google.com origin = ns1.google.com mail addr = dns-admin.google.com serial = 496879129 refresh = 900 retry = 900 expire = 1800 minimum = 60 google.com text = "apple-domain-verification=30afIBcvSuDV2PLX" google.com text = "google-site-verification=wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o" google.com nameserver = ns4.google.com. google.com text = "facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95" google.com text = "webexdomainverification.8YX6G=6e6922db-e3e6-4a36-904e-a805c28087fa" google.com text = "globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8="
Enter fullscreen mode Exit fullscreen mode 
$ nslookup -type=soa google.com Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: google.com origin = ns1.google.com mail addr = dns-admin.google.com serial = 496879129 refresh = 900 retry = 900 expire = 1800 minimum = 60
Enter fullscreen mode Exit fullscreen mode
  • If you want to use any specific name server to fetch your results, you can use the name server as an argument in the command: 
$ nslookup -type=a google.com ns3.google.com Server: ns3.google.com Address: 2001:4860:4802:36::a#53 Name: google.com Address: 142.250.192.110
Enter fullscreen mode Exit fullscreen mode
  • If you want your result to time out after XYZ seconds, use -timeout, which can be used in any automation, such as a script. 
$ nslookup -type=a -timeout=2 google.com ns3.google.com Server: ns3.google.com Address: 2001:4860:4802:36::a#53 Name: google.com Address: 142.250.192.110
Enter fullscreen mode Exit fullscreen mode

If you want to learn more about nslookup and its option, just fire man nslookup.

Top comments (1)

Collapse
 
sunnybhambhani profile image
Sunny Bhambhani

If you haven't read the first one in the list, below is the URL, please go give it a read :)

dev.to/sunnybhambhani/curl-1lf4