Learning Center
Network

A Complete Guide to the nslookup Command in Linux and Windows

18 Oct 2024
Shahid Ali
Shahid Ali

The nslookup command is a widely used tool for querying Domain Name System (DNS) records. It helps network administrators troubleshoot DNS-related issues by allowing them to perform a range of lookups, from finding IP addresses associated with domain names to querying specific DNS servers. This tutorial will guide you through the basics of using nslookup on both Linux and Windows platforms.

In this tutorial, you will learn:

  • Basic syntax and options of nslookup
  • How to perform simple DNS queries
  • Retrieving mail exchange (MX) records
  • Performing reverse DNS lookups
  • Querying specific DNS servers
  • Using non-interactive mode

By the end of this tutorial, you will be familiar with the most common and useful nslookup commands for effective DNS troubleshooting.

Basic Syntax and Options for nslookup
Copy link

The basic syntax for the nslookup command is straightforward:

nslookup [options] [domain]

Here is a breakdown of the commonly used options:

  • No parameters: Opens an interactive mode where you can enter multiple queries
  • [domain]: Performs a DNS lookup for the specified domain name
  • -type=[record_type]: Specify the type of DNS record to query (e.g., A, MX, AAAA, etc.)
  • [server]: Specify a DNS server for querying instead of using the default system server

For example:

nslookup example.com

This command performs a DNS lookup for "example.com" using your default DNS server.

Common Options for nslookup
Copy link

  • -query=A: Query the IP address (default record type)
  • -query=MX: Retrieve mail exchange records
  • -query=AAAA: Query for IPv6 addresses
  • -timeout=[seconds]: Set a timeout for the response
  • -debug: Show detailed information about the query process

How to Perform a Simple DNS Query
Copy link

One of the most common uses of nslookup is to resolve domain names to IP addresses.

Step-by-Step Guide to Performing a Simple DNS Query

  1. Open the terminal or command prompt.
  2. Type the nslookup command followed by the domain name:
nslookup google.com

Output:
Image1

In this example, the DNS server at 8.8.8.8 (Google's public DNS server) returned the IP address 142.250.65.238 for google.com.

Using nslookup to Retrieve MX Records
Copy link

The mail exchange (MX) records for a domain indicate which mail servers are responsible for receiving emails on behalf of that domain. To retrieve the MX records using nslookup:

Use the -type=MX option to specify that you want to retrieve MX records.

    nslookup -query=MX gmail.com

Image3

The output will list the MX records, including the mail servers and their priority:

Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
gmail.com	mail exchanger = 20 alt2.gmail-smtp-in.l.google.com..
gmail.com	mail exchanger = 10 alt1.gmail-smtp-in.l.google.com.

In this case, the mail servers for gmail.com are listed along with their priorities. The lower the number, the higher the priority.

Performing Reverse DNS Lookups
Copy link

A reverse DNS lookup translates an IP address back to its associated domain name. This is useful for identifying the domain that corresponds to a given IP address.

To perform a reverse DNS lookup, input the IP address into the nslookup command:

nslookup 142.250.65.238

The output should display the domain name associated with the IP:

Image2

Non-authoritative answer:
238.65.250.142.in-addr.arpa     name = lga25s73-in-f14.1e100.net.

In this example, the IP 142.250.65.238 resolves back to lga25s73-in-f14.1e100.net, which is part of Google's infrastructure.

Querying Specific DNS Servers
Copy link

By default, `nslookup` uses the system's configured DNS server to perform queries. However, you can specify a different DNS server if needed.

To query a specific DNS server, append the server's IP address to the command:

nslookup example.com 1.1.1.1

Image5

The command will query the 1.1.1.1 DNS server (Cloudflare's DNS) for the domain example.com:

Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
Name:		example.com
Address:	93.184.215.14

This allows you to test DNS resolution from different servers.

Using Non-Interactive Mode in nslookup
Copy link

In non-interactive mode, you can issue multiple queries without entering nslookup's interactive shell. This is useful when scripting or automating tasks.

To use nslookup non-interactively, simply pass the domain name and the server (optional) in one command:

nslookup example.com 8.8.8.8

Image4

The response will be printed directly, without entering the interactive shell:

Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:		example.com
Address:	93.184.215.14

This method is efficient when you need to quickly query DNS records without additional input.

Conclusion
Copy link

The nslookup command is a powerful and flexible tool for performing DNS queries. Whether you're troubleshooting domain resolution, retrieving MX records, or performing reverse lookups, nslookup is an essential command for network administrators. By mastering the options and syntax, you can use nslookup effectively on both Linux and Windows systems.

  • To recap, here’s what we covered in this tutorial:
  • Performing simple DNS queries
  • Retrieving MX records
  • Conducting reverse DNS lookups
  • Querying specific DNS servers
  • Using non-interactive mode