Sep 01, 2023
What Is nslookup Command and How to Use It
The name server lookup (nslookup) command-line tool finds the internet protocol (IP) address or domain name system (DNS) record for a specific hostname. This command also supports reverse DNS lookups by inputting the IP addresses of the domains to be looked up.
The nslookup tool can be used for DNS-related tasks like server testing and troubleshooting. Enter “nslookup” into a command-line interface (CLI) such as Command Prompt on Windows or Terminal on Linux and macOS to use this tool.
This article will explain what nslookup is, what it does, what commands it has, and how to use it. Finally, we will address some of the tool’s frequently asked questions.
What Is nslookup?
nslookup is a command-line tool to discover the IP address or DNS record of a specific domain name. It also allows for reverse DNS lookup, letting you find the domain attached to an IP address. To use the tool, enter “nslookup” into the Command Prompt or Terminal.
What Is the Purpose of the nslookup Command
The primary purpose of nslookup is to retrieve detailed information about the specified domain. This information is essential for troubleshooting DNS-related problems.
For example, your website is not working, and you want to check if the host server is reachable by pinging it. Use the following command to send a lookup request for the IP address:
Check if the DNS server is down using this nslookup syntax:
nslookup domainname.tld dns.server.ip.address
If the DNS server is working normally, you will see the following result:
Otherwise, an error message will appear if the DNS doesn’t respond to the query. This may indicate a DNS server failure.
If you omit the DNS server’s IP, nslookup will send a resolution request to the default DNS server on your computer’s settings.
You can switch DNS servers by entering:
Another DNS-related issue may occur when your domain points to the incorrect nameservers. To check a domain’s nameservers, enter the following:
nslookup -type=ns yourdomainname.tld
Besides nameservers, you can use another query type to look up different resource records, such as A, AAA, CNAME, LOC, PTR, and MX records.
DNS records are information stored in the DNS nameservers about a domain name. The maximum number of DNS entries varies. It can go up to thousands for a domain with premium DNS hosting. Each record type serves a different purpose:
- A – responsible for mapping a domain name to an IP address.
- AAA – same as A record, but using IPv6 instead of IPv4.
- CNAME – information about a domain’s alternative name.
- LOC – specifies the geographical location of a domain name.
- PTR – maps an IP address to a hostname and is also responsible for mail exchange. PTR records require the domain to have a dedicated IP address.
- MX – responsible for mail exchange. MX records map domains to mail servers.
A PTR record is essential for reverse DNS lookup, which uses an IP address to ask for a domain name. Reverse DNS lookup helps mail servers confirm whether incoming emails are from valid sources.
To verify that an IP address resolves to your hostname, check the PTR record value by typing
nslookup followed by the hostname’s IP address.
For example, you want to do a PTR lookup for google.com. Since its IP address is 22.214.171.124, enter:
In the following example, we can see that the PTR record of the IP address is sm-in-f113.1e100.net.
Configuring the PTR record is essential for mail exchange. It prevents email bouncing by ensuring that the mail server’s IP address and the forward DNS match.
However, since it requires a dedicated IP, you can only set up PTR records on a domain with virtual private server hosting.
List of nslookup Commands
There are various types of nslookup commands for requesting different domain information. The most commonly used commands include:
- name – shows information about the domain name or hostname using the default server.
- server name – sets a different default DNS server using the current one’s information.
- root – assigns the root server as the default.
- set type=<record type> – queries a specific DNS record type, such as A, MX, PTR, or SOA. Use ANY to display all server records.
- set debug – displays debugging information about each query and its corresponding response.
- set recurse – asks the DNS nameserver to query other servers if it can’t provide the information.
- help – shows a list of nslookup commands and their functions.
- exit – quits the nslookup tool and returns users to the CLI.
How to Use the nslookup Command
You can use nslookup in nearly any operating system’s command-line application, such as the Command Prompt on Windows or Terminal on Linux and macOS.
On different OSs, nslookup works similarly despite looking slightly different. For example, here’s what it looks like on Linux:
There are two modes of nslookup, interactive and non-interactive. While both serve a similar purpose, they are designed for different use cases.
The interactive mode lets users enter additional parameters, allowing them to query nameservers for multiple information about domains or hosts.
Meanwhile, the non-interactive mode only provides a single piece of information about a domain or host.
To enter the interactive mode, type
nslookup without arguments into your CLI. It will display the default server name, addresses, and the line where you can input a domain name or different commands.
To access the non-interactive mode, enter nslookup followed by a domain name as the first argument. You can precede the domain name with various commands to ask for different information or follow it with a nameserver address.
With the non-interactive mode, you should type the domain and commands in the same line. In contrast, the interactive mode uses one line for each domain and argument.
Sometimes, nslookup will return a non-authoritative answer after entering a query. This occurs when nslookup fetches information from your local DNS server cache, not the domain’s authoritative server.
When accessing a website for the first time, your browser will ask the DNS resolver for the domain’s IP address. The resolver will then ask the root server, directing the former to the domain’s top-level domain (TLD) server.
Then, the TLD server will send a response, directing the resolver to the authoritative server. The resolver will ask the authoritative server for information, which includes its IP address and DNS record.
Next, the authoritative server will send the queried domain’s address and DNS records back to the resolver, which forwards it to the client. The web browser can now connect to the domain upon receiving the IP address.
The client and resolver servers will store the domain’s information locally as a DNS cache. Therefore, when the user reaccesses the same domain, there is no need to repeat the entire process. The browser can simply fetch the IP address from the DNS cache.
Non-authoritative answers are possibly outdated because the information is fetched from the cache. They are unsuitable for troubleshooting purposes. To get an authoritative answer, enter:
nslookup -type=soa domainname.tld
This will query the standard of authority (SOA) record containing important information about the specified domain. For example, you want to get an authoritative response for the domain google.com:
Since you only need the primary name server, there is no need to worry about the non-authoritative answer.
Next, use the primary nameserver to perform the query. The non-authoritative message should disappear:
Use the nslookup Command to Look up DNS Servers From a Browser
Look up DNS servers from your browser using online network tools such as ping.eu or centralops.net. Both web applications provide basic nslookup functions. However, the latter offers more advanced features, such as recursion.
nslookup is a command-line tool to retrieve a domain’s information, including its IP address and DNS record. To use this tool, enter “nslookup” in the Command Prompt or Terminal.
Using various nslookup commands, you will get different information about your domain. This can help troubleshoot DNS-related issues. But, when doing so, ensure that the server provides an authoritative answer. You can do this by asking for the domain’s SOA records.
To help you further understand nslookup, we have answered FAQs about the command.
What Is nslookup FAQ
What’s the Difference Between nslookup and Ping?
While both are useful for troubleshooting network problems, ping uses additional steps to resolve a domain name to an IP address. Meanwhile, nslookup only relies on the DNS server.
Pinging an IP address lets you verify if the address exists and can handle requests. nslookup, on the other hand, provides information about domain names’ IP addresses and DNS records.
What Are the Different nslookup Command Modes?
There are two modes of nslookup, non-interactive and interactive. Both modes provide the same server information. However, they are meant for different use cases.
We recommend the nslookup interactive mode to look up multiple information. To use this mode, type nslookup without any argument and enter different commands, IP addresses, or domain names in the subsequent lines.
Use the non-interactive mode when looking up a single data. To access it, type nslookup followed by a domain name as the first argument and the DNS server IP address as the second.
Is nslookup a DNS?
They are different, but nslookup requires DNS to work. A domain name system resolves a domain name to its IP address. Meanwhile, nslookup is a tool that allows users to request DNS nameservers for information about a hostname.