nslookup

Query your system's default name server for an IP address (A record) of the domain

$ nslookup [example.com]

$ nslookup -type=NS [example.com] [8.8.8.8]

$ nslookup -type=PTR [54.240.162.118]

$ nslookup -vc -type=ANY [example.com]

$ nslookup -vc -type=AXFR [example.com] [name_server]

$ nslookup -type=MX -debug [example.com]

$ nslookup -port=[port_number] -type=TXT [example.com] [name_server]

nslookup [options] [hostname | IP-address] [server]
nslookup [options] [server] (interactive mode)

-query= or -type=
    Specifies the type of resource record to query. Common types include A (IP address), MX (mail exchange), NS (name server), PTR (pointer for reverse lookups), CNAME (canonical name), and ANY (all available records).

-class=
    Specifies the query class. The default is IN (Internet).

-debug
    Turns on debugging output, showing more details about the query and response.

-vc
    Always use a virtual circuit (TCP) for queries, even for non-zone transfers. By default, UDP is used unless the response is truncated.

-port=
    Specifies the port number of the DNS server to use. The default is 53.

-timeout=
    Sets the initial number of seconds to wait for a reply from the DNS server.

-retry=
    Sets the number of times to retry a query if no response is received.

-domain=
    Sets the default domain name to append to unqualified hostnames.

-search
    Appends the domain search list to the query if it contains at least one dot.

-fail
    Exits if a DNS server returns an error (e.g., NXDOMAIN).

-d2
    Turns on exhaustive debugging, providing even more verbose output than -debug.

-set [=]
    Allows setting various internal options for the lookup. Examples include set all to view current options, set type=mx, set timeout=10.

nslookup is a command-line utility used for querying the Domain Name System (DNS) to obtain domain name or IP address mapping or other DNS records. It allows users to perform interactive queries or direct lookups for specific information.

While once widely used, it has largely been superseded by tools like dig and host for modern DNS troubleshooting and scripting due to its non-standard behavior and less predictable output. However, it remains available on most systems and can be useful for quick, basic DNS queries.

It can operate in two modes: non-interactive mode for a single query, and interactive mode for multiple queries, allowing users to specify different query types (e.g., A, MX, NS, PTR) and DNS servers. This makes it a foundational tool for network administrators and developers to diagnose DNS resolution issues and verify DNS configurations. Its primary function is to translate domain names to IP addresses (forward lookup) and IP addresses to domain names (reverse lookup).

nslookup is considered deprecated by the Internet Systems Consortium (ISC), the developers of BIND. While still widely available, it is not recommended for scripting due to its inconsistent output format and non-standard behavior. Newer tools like dig and host are preferred for robust DNS troubleshooting and automation tasks. Its behavior can sometimes vary subtly between different versions and operating systems.

nslookup can be used in two modes. In non-interactive mode, you specify the hostname or IP address directly on the command line (e.g., nslookup google.com). In interactive mode, you launch nslookup without arguments or with a server argument (nslookup server_ip), and then enter queries at the > prompt. Interactive mode allows setting various options (set type=mx, set server=8.8.8.8) before performing multiple lookups.

nslookup is frequently used to:
- Resolve a domain name to an IP address (e.g., nslookup example.com).
- Perform a reverse DNS lookup (IP to domain) (e.g., nslookup 192.0.2.1).
- Query specific record types like MX records for email servers (e.g., nslookup -type=mx example.com).
- Test a specific DNS server's resolution (e.g., nslookup example.com 8.8.8.8).

nslookup was historically included as part of the BIND (Berkeley Internet Name Domain) distribution. It was one of the earliest and most widely available tools for querying DNS. Its usage was prevalent in the early days of the internet for diagnosing DNS issues. However, over time, its limitations became apparent, leading to the development of more robust alternatives like dig. Despite its deprecation by ISC, it remains a commonly found utility on Linux, Unix, and Windows systems, often included for backward compatibility and basic troubleshooting.

dig(1), host(1), resolver(5), named(8)