Introduction
When troubleshooting DNS issues, it is useful to have access to Domain Name System (DNS) records of a website. All mainstream operating systems have tools that enable users to query a web server and receive important information such as IP addresses and other pieces of domain-related information.
This article will introduce the nslookup command which is used for obtaining server records. It will also provide examples of the command’s most popular options.
Prerequisites
- Access to the command line interface
- Access to internet
Note: If you are not familiar with DNS record types, we strongly recommend you read DNS Record Types Explained before diving into this article.
nslookup Syntax
The nslookup command can be used in two modes: interactive and non-interactive. To initiate the nslookup interactive mode, type the command name only:
nslookupThe prompt that appears lets you issue multiple server queries.
For example, you can type a domain name and receive information about it.
www.google.comAfter nslookup outputs the information, it provides another prompt.
In interactive mode, specify an option in a separate line before the query. Precede the option with set:
set [option]
To exit interactive mode, type:
exitThe non-interactive mode lets you use nslookup to issue single queries. The syntax for the non-interactive mode is:
nslookup [options] [domain-name]The command and the query are written in the same line.
nslookup Options
Find all the important nslookup options in the following table.
| nslookup Option | Description |
|---|---|
-domain=[domain-name] |
Change the default DNS name. |
-debug |
Show debugging information. |
-port=[port-number] |
Specify the port for queries. The default port number is 53. |
-timeout=[seconds] |
Specify the time allowed for the server to respond. |
-type=a |
View information about the DNS A address records. |
-type=any |
View all available records. |
-type=hinfo |
View hardware-related information about the host. |
-type=mx |
View Mail Exchange server information. |
-type=ns |
View Name Server records. |
-type=ptr |
View Pointer records. Used in reverse DNS lookups. |
-type=soa |
View Start of Authority records. |
Installing nslookup
nslookup comes preinstalled on all major operating systems. If you need to install it again on Ubuntu or another Linux distro featuring the APT package manager, install the dnsutils package:
sudo apt install dnsutilsOn CentOS, Fedora, and Red Hat, nslookup is part of the bind-utils package. Install it by running:
sudo dnf install bind-utilsHow to Use nslookup?
Use the nslookup command to perform DNS and reverse DNS searches and troubleshoot server-related problems. The following sections present the most common uses of the command.
Note: The authoritative answer in the output of the nslookup refers to the answer provided by one of the nameservers belonging to the domain being searched. The non-authoritative answer is provided by a nameserver not associated with the specific domain, e.g., your ISP nameserver.
View Domain’s NS Records
Name Server (NS) records store names of the domain’s name servers. To see a domain’s NS records, type:
nslookup -type=ns [domain-name]The output lists all available name servers:
View Domains MX Records
MX records store all relevant Mail Exchange server data. This information is used to route all email requests for the domain to the appropriate mail server.
Check a domain’s MX data by typing:
nslookup -type=mx [domain-name]The output shows the names of mail servers.
Perform a Reverse DNS Lookup
While nslookup provides information about a domain name, it can also be used to look for the domain name associated with an IP address.
Perform a reverse DNS lookup using the following syntax:
nslookup [ip-address]The command outputs the domain name.
View SOA Records
Start of Authority (SOA) records provide authoritative information about the domain and the server, such as the email address of the administrator, serial number, refresh interval, query expiration time, etc.
View a domain’s SOA records by typing:
nslookup -type=soa [domain-name]The nslookup command output shows the relevant information:
View Text Records
TXT records contain important information for users outside of the domain. For example, Google and Facebook use TXT records to verify domain ownership.
View a domain’s TXT information by running the following nslookup command:
nslookup -type=txt [domain-name]The output shows each TXT record in a separate line:
View All Records
View all available DNS records of a domain using the any option.
nslookup -type=any [domain-name]The output shows NS, SOA, MX, and TXT information:
View Information About a Specific Name Server
See the name, IPv4 and IPv6 information of a specific name server on a domain by using the following syntax:
nslookup [domain-name] [name-server]The output is now limited to the nameserver you specified:
View Pointer Records
Pointer records are used for reverse DNS lookups to confirm that the IP address belongs to a specific domain name. When using the ptr option, type the IP address in reverse, i.e., 1.2.3.4 becomes 4.3.2.1:
nslookup -type=ptr [reverse-ip-address].in-addr.arpaLook for the domain name in the output.
Query a Non-Default Port
DNS servers use port 53 to communicate. If you want to check a different port, specify it with the port option:
nslookup -port=[port-number] [domain-name]View Debugging Information
To view information useful for debugging, use the debug option:
nslookup -debug [domain-name]
Note: In the interactive mode, setting the debug option turns on the debugging mode. To exit the mode, set the nodebug option.
Conclusion
After reading this article, you should know how to install and use the nslookup command on Linux. The article provided examples of the most common uses of nslookup.
