How to Use Nslookup Command in Linux [10 Best Ways]

Written by

Reviewed by

Last updated: June 16, 2024

Expert verified

SVG Image

TL;DR

To effectively use the nslookup command in Linux, try the following methods:

  1. Quickly find the IP address for a domain by entering nslookup example.com in your terminal.
  2. Determine the domain name associated with an IP by running nslookup 192.0.2.1.
  3. Query a specific DNS server to compare data or troubleshoot by using nslookup example.com 8.8.8.8.
  4. Retrieve specific DNS records like MX by entering nslookup -query=MX example.com.
  5. Engage in interactive mode for extended DNS querying by typing nslookup, then query various records without exiting.
  6. Gain insight into domain delegation by querying for NS records with nslookup -type=NS example.com.

Dealing with DNS issues can be frustrating, but there’s a straightforward solution, the nslookup command in Linux. This tool helps you quickly diagnose and resolve DNS problems, making your tasks easier. In this post, I’ll guide you through different methods to use nslookup in Linux, including querying DNS records, diagnosing server issues, and performing reverse lookups. I’ll also share best practices and security tips to ensure you’re using nslookup safely and efficiently.

What Is Nslookup Command in Linux?

The nslookup command in Linux is a network administration tool used for querying Domain Name System (DNS) servers to obtain domain name or IP address mappings. This tool can help you diagnose DNS-related problems and is often used to verify and troubleshoot DNS configurations.

Key Functions of nslookup

  • Query DNS Records: nslookup allows you to query for various types of DNS records, including A (address records), MX (mail exchange records), TXT (text records), and more.
  • Server Testing: You can specify a particular DNS server to query against, which is useful for checking the responses from different DNS servers.
  • Reverse DNS Lookup: By inputting an IP address, nslookup can perform a reverse lookup to find the hostname associated with that IP address.

Basic Usage

Here’s how you generally use nslookup in Linux:

nslookup [option] [hostname] [server]
  • [hostname]: The domain name you want to query.
  • [server]: The DNS server you want to use for the query. If omitted, nslookup uses the system’s default DNS server.

Examples

  1. Query the IP address of a domain:
   nslookup example.com
  1. Query a specific DNS record type (e.g., MX records):
   nslookup -query=MX example.com
  1. Use a specific DNS server for querying:
   nslookup example.com 8.8.8.8

Note

nslookup has two modes: interactive and non-interactive. The examples above use the non-interactive mode, suitable for quick queries. For more complex investigations, the interactive mode allows multiple queries without re-entering the command.

While nslookup is widely used, it is considered deprecated in favor of more robust tools like dig. However, it remains available and useful in many systems for basic DNS troubleshooting tasks.

How to Use Nslookup in Linux?

To use the nslookup command in Linux, open your terminal and type nslookup followed by the domain name or IP address you want to query. This command is used to query Internet domain name servers for information about network addresses, mail exchanges, name servers, and related information. Here’s a basic example:

nslookup example.com

This command will display the DNS details for example.com, including its IP address. If you want to query a specific DNS server, you can specify the server:

nslookup example.com dns.server.ip

Additionally, entering nslookup without arguments puts you in interactive mode, where you can perform successive queries without re-entering the nslookup command.

Below is a detailed explanation of this method and 9 other methods to use nslookup for Linux, starting with the basic domain lookup process:

1. Basic Domain Lookup

This method is used to find the IP address associated with a domain name, which is fundamental for understanding how DNS resolves domain names to IP addresses. Follow these steps for the domain name lookup:

  1. Launch your Terminal application.
open terminal
  1. Enter the following command:
nslookup example.com

Replace example.com with the domain name, you want to check.

The output will be:

viewing ip address associated with domain name

2. Reverse DNS Lookup

Reverse DNS lookups are used to find the domain name associated with an IP address, often helpful for network diagnostics and logging. Here is the step-by-step guide for reverse DNS lookup:

  1. Open your Terminal and enter the following command:
nslookup 8.8.8.8

The output will show the hostname associated with the IP address 8.8.8.8

performing reverse DNS lookup

3. Specifying a DNS Server

This method allows querying a specific DNS server, which can be useful for comparing DNS data across different servers or troubleshooting DNS issues with a specific provider. Here is how to do it:

  1. Launch your command window and type the command with the DNS server of your choice:
nslookup example.com 8.8.8.8

Replace example.com with the domain name, you want to check.

  1. The query will return results from Google’s DNS server, 8.8.8.8, instead of the system’s default server.
specifying a DNS server

4. Querying Specific DNS Record Types

Querying specific DNS records, such as MX or TXT, is crucial for detailed DNS management and troubleshooting specific services like email. Follow these steps to query the DNS records:

  1. Access command window and execute the following command to query the MX records:
nslookup -query=MX example.com

Replace example.com with the domain name, you want to check.

This will return the MX records, showing mail servers associated with the domain.

querying specific DNS record type

5. Using nslookup in Interactive Mode

Interactive mode allows multiple sequential DNS queries without re-entering the nslookup command, useful for extended troubleshooting or comparison. Here is the step-by-step guide:

  1. Start your Terminal application.
  2. Simply type the following command and press Enter:
nslookup

You will enter the interactive mode.

using nslookup in interactive mode
  1. Now to query A records, type:
set type=A
example.com

Replace example.com with the domain name, you want to check.

setting query type

setting-query-type

  1. Change type as needed and enter more domains.
  2. Type exit to leave the interactive mode.
exiting interactive mode

6. Advanced DNS Server Query Options

Querying for detailed DNS server information, like NS records, helps understand domain delegation and authoritative DNS infrastructure. Follow these steps:

  1. Launch your command prompt.
  2. To find out the authoritative name servers, type the command:
nslookup -type=NS example.com

Replace example.com with the domain name you want to check.

finding authoritative name servers

7. Checking CNAME (Canonical Name) Records

CNAME records, or Canonical Name records, are DNS records that serve as aliases for domain names, pointing one domain to another. This is particularly useful for managing subdomains and redirecting traffic. Checking CNAME records can help in verifying these redirections and ensuring the correct configuration of your DNS settings.

  1. Begin by opening your terminal application. Type the following command to query the CNAME records:
nslookup -query=cname www.example.com

Replace www.example.com with the domain name you wish to query.

The output will display the CNAME record, showing the alias and the target domain it points to. 

viewing cname of a domain

8. Diagnosing DNS Server Problems

Diagnosing DNS server problems involves checking if a specific DNS server can resolve a domain name. This is crucial for troubleshooting connectivity issues and ensuring that DNS servers are properly configured and operational. By using Nslookup, you can specify which DNS server to query and verify its response to domain name requests.

  1. Start by opening your terminal application.
  2. Type the Linux nslookup command and press Enter to enter the interactive mode.
nslookup
enabling interactive mode
  1. Within interactive mode, type the following command to set a specific DNS server (e.g., Google’s public DNS server at 8.8.8.8):
server 8.8.8.8
setting a specific DNS server
  1. Now type the domain name you wish to resolve using the specified DNS server:
example.com

The output will display the DNS response from the specified server.

viewing dns response from specified server

9. Querying NS (Name Server) Records

Name Server (NS) records are DNS records that specify the authoritative name servers for a domain. These records are crucial for directing DNS queries to the correct servers that hold the authoritative DNS information for a domain. Querying NS records can help in verifying the domain’s delegation and ensuring that the correct name servers are being used.

  1. Launch your command window and type the following command to query the NS records for a domain:
nslookup -query=ns example.com

Replace example.com with the domain name you wish to query.

The output will display the NS records, showing the authoritative name servers for the domain.

viewing name servers for the domain

10. Checking SOA (Start of Authority) Records

Start of Authority (SOA) records are DNS records that provide administrative information about a domain, including the primary name server, the email address of the domain administrator, and various timers related to refreshing the zone. Checking SOA records is important for understanding the administrative setup of a domain and ensuring that the domain’s DNS information is up to date and correctly configured.

  1. Begin by opening your terminal application.Run the following command to query the SOA record for a domain:
nslookup -query=soa example.com

Replace example.com with the domain name you wish to query.

The output will display the SOA record, showing details such as the primary name server, the administrator’s email address, and the various timing values.

viewing soa records for a domain 1

4 Best Practices for Using the nslookup Command

When working with the nslookup on Linux, it’s essential to follow best practices to ensure accuracy, efficiency, and safety in your DNS queries. Here are four key guidelines to enhance your experience:

  • 🌐 Verify Output Accuracy: Always double-check the output from nslookup for accuracy. Incorrect DNS data can lead to misconfigurations and connectivity issues. Verify against multiple sources or tools when diagnosing DNS problems.
  • 🔧 Use Specific DNS Servers: For consistent results, specify DNS servers rather than relying on the default. This helps in comparing responses from different servers and isolating issues specific to a certain DNS provider.
  • 📝 Document Queries: Keep a record of the queries you perform, especially in a professional setting. This helps in future audits and understanding the historical changes and issues within your network’s DNS structure.
  • 🔄 Update Regularly: Ensure that your system’s nslookup tool is updated regularly. Using the latest version can protect you from vulnerabilities and ensures compatibility with newer DNS standards and protocols.

4 Security Considerations When Using nslookup Linux

Utilizing nslookup involves certain security considerations that are crucial for maintaining the integrity and privacy of your network operations. Here are four important security aspects to keep in mind when using nslookup command Linux:

  • 🛡️ Avoid Exposing Sensitive Information: Be cautious when performing reverse lookups or querying DNS records. Revealing too much information about your network structure can pose a security risk.
  • 🌍 Be Wary of Public Wi-Fi: Using nslookup over public Wi-Fi can expose your DNS queries to interception. Always use secure, encrypted connections when performing DNS lookups in public spaces.
  • 🔐 Limit Privileged Access: Only authorized personnel should have access to perform nslookup queries in corporate environments. This minimizes the risk of internal misuse and protects sensitive network infrastructure details.
  • 🕵️‍♂️ Monitor for Abnormal Activity: Regularly monitor DNS queries and their patterns. Anomalies might indicate malicious activity such as DNS hijacking or cache poisoning. Setting up alerts for unusual queries can help in early detection and mitigation.

Nslookup in Linux: In a Nutshell

In conclusion, using the nslookup command in Linux can really enhance your ability to query DNS records, diagnose server issues, and perform reverse lookups. Just keep in mind the security aspects, like avoiding exposure of sensitive information and monitoring for any anomalies.

If you found this guide useful, I think you’ll also enjoy:

  • Learning how to reboot a Linux server, which is essential for maintaining and troubleshooting server issues.
  • Exploring solutions for the “wget command not found” error to ensure you have all the necessary tools for network troubleshooting.
  • Understanding the use of the dig command, which offers more advanced DNS query options and complements what you’ve learned with nslookup.

Frequently Asked Questions

What is Domain Lookup?

A domain lookup refers to the process of querying DNS (Domain Name System) servers to retrieve information about a domain name’s registration and its associated records, such as IP addresses for A (IPv4) and AAAA (IPv6) records, mail servers for MX records, and other DNS records. This process is crucial for translating human-readable domain names to machine-readable IP addresses, enabling browsers and other services to connect to websites and internet services effectively. Domain lookup is a fundamental component of Internet navigation and communication.

What are the limitations of nslookup compared to newer tools like dig?

Nslookup is less versatile than dig when it comes to DNS troubleshooting and analysis. While nslookup offers basic DNS querying capabilities, dig provides more detailed information about the DNS response, including query times, message size, and the full reply from the DNS server, making it more suitable for in-depth DNS analysis.

What should I do if nslookup returns “Non-existent domain” but the website is accessible via a browser?

If nslookup returns “Non-existent domain” but the website is still accessible through a browser, it’s likely a DNS caching issue. Browsers often cache DNS information more aggressively than your system’s DNS cache. To resolve this discrepancy, try clearing your DNS cache or using a different DNS server to confirm the domain’s existence.

Can nslookup be automated to perform bulk DNS lookups from a list?

Yes, you can automate nslookup to handle bulk DNS queries by writing scripts in Bash or Python. These scripts can read multiple domain names from a file and run nslookup on each, gathering and possibly logging the results. This automation is particularly useful for network diagnostics and audits involving numerous domains.

Does nslookup work the same way on all Linux distributions?

Nslookup generally works the same across different Linux distributions, but its availability and the version provided can vary. Some minimal Linux installations may not include nslookup by default, requiring you to install it manually through your distribution’s package manager. This ensures that you are using the version most compatible with your specific system.

Ojash

Author

Ojash is a skilled Linux expert and tech writer with over a decade of experience. He has extensive knowledge of Linux's file system, command-line interface, and software installations. Ojash is also an expert in shell scripting and automation, with experience in Bash, Python, and Perl. He has published numerous articles on Linux in various online publications, making him a valuable resource for both seasoned Linux users and beginners. Ojash is also an active member of the Linux community and participates in Linux forums.

Akshat

Reviewer

Akshat is a software engineer, product designer and the co-founder of Scrutify. He's an experienced Linux professional and the senior editor of this blog. He is also an open-source contributor to many projects on Github and has written several technical guides on Linux. Apart from that, he’s also actively sharing his ideas and tutorials on Medium and Attirer. As the editor of this blog, Akshat brings his wealth of knowledge and experience to provide readers with valuable insights and advice on a wide range of Linux-related topics.

Share this article
Shareable URL
Prev Post

How to Find the PID and PPID Linux [7 Easy Methods]

Next Post

10 Easy Steps to Enable Discord Screen Share Audio Linux?

Leave a Reply

Your email address will not be published. Required fields are marked *

Read next