DEV Community

Sunny Bhambhani
Sunny Bhambhani

Posted on • Edited on

nslookup

nslookup

This is the second tool/utility on the list that is quite useful when it's necessary to determine whether a domain name or IP address can be resolved, or there can be other scenarios as well like:

  • health checks.
  • troubleshooting.
  • sanity testing.
  • put them in a pipeline.
  • there could be N different use cases.

This article is nothing about new technologies or tools, but it's just a refresher on the utility called nslookup and what all it can do :)

In simple terms, it is a utility that queries domain name servers to determine whether or not a specific IP address or domain name is resolveable. Honestly speaking, it doesn't end just with the A records, you can get a wealth of information just from this tool.

Below, we will just go through some of the simple examples of how it can help and what information we can get?

Though this command can be used in both modes, interactive and non-interactive, we will mostly look at the non-interactive side of it. But still, if you are looking for the interactive one, just type nslookup and press Enter, and you will be brought to the nslookup prompt.

$ nslookup
> google.com
Server: 127.0.0.53
Address: 127.0.0.53#53


Non-authoritative answer:
Name: google.com
Address: 142.250.192.46
Name: google.com
Address: 2404:6800:4009:828::200e
>
Enter fullscreen mode Exit fullscreen mode

Lets head on to some examples:

  • If you are looking out for a simple DNS lookup, you can just fire nslookup DOMAIN_NAME:
$ nslookup google.com
Server: 127.0.0.53
Address: 127.0.0.53#53


Non-authoritative answer:
Name: google.com
Address: 142.250.192.46
Name: google.com
Address: 2404:6800:4009:828::200e
Enter fullscreen mode Exit fullscreen mode
  • If you want to do a reverse DNS lookup, simply type nslookup IP:
$ nslookup 142.250.192.46
46.192.250.142.in-addr.arpa name = bom12s15-in-f14.1e100.net.
Enter fullscreen mode Exit fullscreen mode

NOTE: You might see -type / -query / -querytype being used interchanbely.

  • To find mail exchange servers, use nslookup -type=mx DOMAIN_NAME; honestly, this -type flag is really interesting and useful (you'll see some of the interesting things in the examples below).
$ nslookup -type=mx google.com
Server: 127.0.0.53
Address: 127.0.0.53#53


Non-authoritative answer:
google.com mail exchanger = 10 smtp.google.com.
Enter fullscreen mode Exit fullscreen mode
  • If you are looking for a list of name servers, you can use nslookup -type=ns DOMAIN_NAME:
$ nslookup -type=ns google.com
Server: 127.0.0.53
Address: 127.0.0.53#53


Non-authoritative answer:
google.com nameserver = ns1.google.com.
google.com nameserver = ns2.google.com.
google.com nameserver = ns3.google.com.
google.com nameserver = ns4.google.com.
Enter fullscreen mode Exit fullscreen mode
  • If you are looking for just the A records, use a with -type:
$ nslookup -type=a google.com
Server: 127.0.0.53
Address: 127.0.0.53#53


Non-authoritative answer:
Name: google.com
Address: 142.250.192.142
Enter fullscreen mode Exit fullscreen mode
  • The most interesting one is any with -type, which displays all the information that is available for a particular domain name:
$ nslookup -type=any google.com
Server: 127.0.0.53
Address: 127.0.0.53#53


Non-authoritative answer:
Name: google.com
Address: 216.58.196.78
Name: google.com
Address: 2404:6800:4009:809::200e
google.com rdata_257 = 0 issue "pki.goog"
google.com nameserver = ns2.google.com.
google.com text = "google-site-verification=TV9-DBe4R80X4v0M4U_bd_J9cpOJM0nikft0jAgjmsQ"
google.com text = "atlassian-domain-verification=5YjTmWmjI92ewqkx2oXmBaD60Td9zWon9r6eakvHX6B77zzkFQto8PQ9QsKnbf4I"
google.com text = "docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e"
google.com mail exchanger = 10 smtp.google.com.
google.com rdata_65 = 1 . alpn="h2,h3"
google.com text = "docusign=1b0a6754-49b1-4db5-8540-d2c12664b289"
google.com text = "onetrust-domain-verification=de01ed21f2fa4d8781cbc3ffb89cf4ef"
google.com nameserver = ns1.google.com.
google.com nameserver = ns3.google.com.
google.com text = "MS=E4A68B9AB2BB9670BCE15412F62916164C0B20BB"
google.com text = "v=spf1 include:_spf.google.com ~all"
google.com
origin = ns1.google.com
mail addr = dns-admin.google.com
serial = 496879129
refresh = 900
retry = 900
expire = 1800
minimum = 60
google.com text = "apple-domain-verification=30afIBcvSuDV2PLX"
google.com text = "google-site-verification=wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o"
google.com nameserver = ns4.google.com.
google.com text = "facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95"
google.com text = "webexdomainverification.8YX6G=6e6922db-e3e6-4a36-904e-a805c28087fa"
google.com text = "globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8="
Enter fullscreen mode Exit fullscreen mode
$ nslookup -type=soa google.com
Server: 127.0.0.53
Address: 127.0.0.53#53


Non-authoritative answer:
google.com
origin = ns1.google.com
mail addr = dns-admin.google.com
serial = 496879129
refresh = 900
retry = 900
expire = 1800
minimum = 60
Enter fullscreen mode Exit fullscreen mode
  • If you want to use any specific name server to fetch your results, you can use the name server as an argument in the command:
$ nslookup -type=a google.com ns3.google.com
Server: ns3.google.com
Address: 2001:4860:4802:36::a#53


Name: google.com
Address: 142.250.192.110
Enter fullscreen mode Exit fullscreen mode
  • If you want your result to time out after XYZ seconds, use -timeout, which can be used in any automation, such as a script.
$ nslookup -type=a -timeout=2 google.com ns3.google.com
Server: ns3.google.com
Address: 2001:4860:4802:36::a#53


Name: google.com
Address: 142.250.192.110
Enter fullscreen mode Exit fullscreen mode

If you want to learn more about nslookup and its option, just fire man nslookup.

Top comments (1)

Collapse
 
sunnybhambhani profile image
Sunny Bhambhani

If you haven't read the first one in the list, below is the URL, please go give it a read :)

dev.to/sunnybhambhani/curl-1lf4