DNS Lookup   «Prev  Next»
Lesson 2 Basic nslookup operation
Objective Explain the basic use of the nslookup program.

Basic nslookup Operation

Explain the basic use of the nslookup program to probe the DNS database.
The nslookup program, which stands for "name server lookup", is a powerful, command-line-based network administration tool used primarily for querying and diagnosing the Domain Name System (DNS) to obtain domain name or IP address mapping, or any specific DNS record. Primarily, nslookup is used to resolve domain names into IP addresses and vice versa. It's a critical tool when troubleshooting DNS server problems, verifying the correct IP addresses are associated with a domain, and ensuring the DNS server is properly translating domain names.
To use nslookup, you will need to access your system's command line interface: the Command Prompt for Windows, Terminal for macOS and Linux. Once the command line interface is opened, you can start using the nslookup command in its simplest form.
  1. Domain name to IP resolution: Enter nslookup followed by the domain name to resolve the domain into its corresponding IP address(es). For example:
    nslookup www.example.com
    

    This command will return the IP address associated with the specified domain name.
  2. IP to domain name resolution: Enter nslookup followed by the IP address to find the domain associated with it.
    For example:
    nslookup 192.0.2.1
    

    This command will return the domain name associated with the specified IP address.
  3. Finding mail servers (MX Records): The -query=mx option can be used to find mail servers associated with a domain. For example:
    nslookup -query=mx example.com	
    

    This command will return a list of Mail Exchange (MX) servers for the specified domain.
  4. Finding name servers (NS Records): The -query=ns option can be used to find the DNS servers associated with a domain.
    For example:
    nslookup -query=ns example.com
    

    This command will return a list of Name Servers (NS) for the specified domain.
  5. Server option: The server command within nslookup can be used to set the DNS server for your queries. For example:
    nslookup
    > server 8.8.8.8
    > www.example.com
    

    This sets 8.8.8.8 (Google’s public DNS server) as the server that will be used for the DNS lookup and then proceeds to perform a lookup on www.example.com.
  6. Exit command: Type exit to quit the nslookup program.
Remember, while nslookup is a widely used tool for network administration and DNS troubleshooting, its usage requires careful interpretation as DNS records are often cached, and may not reflect recent changes until the cache is updated or cleared.
This brief overview is just the start of nslookup's capabilities. It provides various advanced features that can be used to perform more granular DNS queries, all of which can be accessed by typing nslookup on the command line and hitting enter, then typing help for a list of available commands and options.
The nslookup program operates interactively. When you start the program from the UNIX command line, it uses the /etc/resolv.conf file to locate a name server, and initially directs its queries at that server.

$ nslookup
Default Server: dns.class.com
Address: 196.241.12.122
>

To look up the IP address of a host name, or the host name for an IP address, simply type the name or address to the prompt:
$ nslookup
Default Server: dns.class.com
Address: 196.241.12.122
> www.microsoft.com
Server: dns.class.com 
Address: 196.241.12.122
Name: www.microsoft.com
Addresses: 207.68.156.58, 207.68.156.61, 
207.46.130.14, 207.46.130.15,207.46.130.16, 
207.46.130.17, 207.46.130.138, 207.46.130.139,
207.46.130.149,207.46.130.150, 207.46.130.151,
207.46.130.164, 207.46.130.165, 207.46.131.13,
207.46.131.15, 207.46.131.16, 207.46.131.141,
207.68.137.53, 207.68.137.56, 207.68.137.59,
207.68.156.16, 207.68.156.49, 207.68.156.52
> 207.68.156.52
Server: dns.class.com 
Address: 196.241.12.122
Name:  www.microsoft.com
Address: 207.68.156.52

Evidently, Microsoft operates quite a few machines under the name www.microsoft.com.
You may see the phrase non-authoritative answer in the output from nslookup. This phrase means that nslookup obtained the information from a server cache, rather than by consulting an authoritative source such as an authoritative server or secondary server.
  1. authoritative server: A primary or secondary server for a zone is called an authoritative server when it obtains its information directly from data files describing the zone.
  2. secondary server: In addition to its primary server, a zone may have one or more secondary servers. A secondary server provides an alternative source for information on the zone.