Table of contents

Pratik M Develop and Solve

A Beginner's Guide to Using nslookup on Linux

Cover Image for A Beginner's Guide to Using nslookup on Linux

If you're new to Linux and want to learn how to look up DNS records, nslookup is here to help. Nslookup is a useful command-line tool that comes installed on most Linux distributions. With just a few commands, you can use nslookup to find key details about domain names and their associated IP addresses.

In this beginner's guide, we'll cover the basics of using nslookup on Linux, including:

  • What is nslookup and why is it useful?

  • How to use nslookup for forward and reverse DNS lookups

  • How to set a default DNS server in nslookup

  • Tips and tricks for getting more out of nslookup

  • Common nslookup errors and how to fix them

By the end, you'll have hands-on experience with nslookup and be able to use it to diagnose and troubleshoot DNS issues on your Linux machine or network.

Let's get started.

An Introduction to nslookup

Nslookup is a command-line administration tool for testing and troubleshooting the Domain Name System (DNS). It allows you to manually query name servers to see whether they have specific DNS records.

Some common reasons to use nslookup include:

  • Finding the IP address associated with a domain name

  • Discovering which domain name server is authoritative for a particular domain

  • Testing if DNS records are configured correctly

  • Diagnosing DNS issues like missing records or connection problems

Nslookup has been around for many years and remains widely used today. Understanding nslookup gives you greater visibility into how DNS operates.

Step-by-Step: Making Your First nslookup Query

Running a nslookup query is straightforward. All you need to get started is access to a Linux terminal and an active internet connection.

Here's how to manually look up a domain's DNS details:

  1. Open your Linux terminal if you haven't already. You can open a terminal by pressing Ctrl+Alt+T in Ubuntu and most other Linux distributions.

  2. Type nslookup and press Enter. This will put you into nslookup's interactive prompt.

  3. Now enter the domain name you want to look up. For example, example.com. Then hit Enter again:

> example.com
Server:         10.0.2.3
Address:        10.0.2.3#53

Non-authoritative answer:
Name:   example.com
Address: 93.184.216.34

In a few seconds, nslookup returns details for that domain. You can see that example.com points to the IP address 93.184.216.34.

The default nslookup name server also gets listed. Here it is 10.0.2.3.

That's all you need to make a basic DNS query with nslookup. Next, let's cover some more in-depth topics.

How to Lookup DNS Records with nslookup

Nslookup lets you lookup ANY DNS record type that exists for a domain, including:

  • A record - Stores a domain's IP address

  • AAAA records - Stores IPv6 addresses

  • MX records - Specifies mail servers for a domain

  • CNAME records - For alias hostnames

  • NS records - Lists nameservers for a domain

And many more.

You can lookup most DNS record types by adding arguments to nslookup. For example, this command gets the MX records for wikipedia.org:

> set query=mx
> wikipedia.org
Server:         10.0.2.3
Address:        10.0.2.3#53

Non-authoritative answer:
wikipedia.org   mail exchanger = 10 mchenry.wikipedia.org.
wikipedia.org   mail exchanger = 20 lists.wikimedia.org.

Here are some other useful arguments you can set:

set query=any         # Returns all records
set query=a           # Lookup A records 
set query=aaaa        # Returns IPv6 addresses (quad A records)
set query=cname       # Finds canonical name
set query=mx          # Checks mail exchangers
set query=ns          # Finds name servers
set query=soa         # Displays start of authority record
set query=hinfo       # Returns host CPU and OS info

Play around with these arguments to become more fluent with nslookup queries.

How to Perform a Reverse DNS Lookup

A reverse DNS lookup allows you to query PTR records to find the domain name associated with an IP address.

This type of query is also known as a reverse DNS lookup. It's invaluable for tracking down domain names for IPs.

Here's the syntax for a reverse DNS lookup in nslookup:

> 10.0.0.1
Server:        10.0.2.3      
Address:    10.0.2.3#53

1.0.0.10.in-addr.arpa    name = host1.companyabc.com

Breaking this down:

Now you can decipher hostnames from IP addresses with nslookup as well.

How to Change the Default DNS Server

By default, nslookup uses your system's configured DNS servers for queries.

You can override this and set a custom DNS server to send your lookups to instead. Here's the syntax:

> server 8.8.8.8
Default server: 8.8.8.8

Now this nslookup session uses 8.8.8.8 for DNS resolution.

Why change the default server? Sometimes you might have to query a specific DNS server for troubleshooting. Using a public server like Google's 8.8.8.8 can also prevent issues caused by your own DNS infrastructure.

Tips for Better Nslookup Queries

Here are some tips for getting even more out of nslookup:

  • Add the debug parameter to see the full DNS traffic and gain expert visibility.

  • Use ls to list all DNS records for a domain in one query.

  • Pipe nslookup output to grep or other commands for better parsing.

  • Run nslookup commands in a script to automate DNS administration tasks.

  • Batch mode with - silence stops interactive prompts which is great for scripts.

  • Flush the DNS cache if needed with clear cache before testing DNS changes.

Take some time to experiment with features like debugging mode and batch scripts. Becoming a nslookup power user will pay off.

Common Nslookup Issues

Of course, even with a handy tool like nslookup, DNS problems can happen. Here are some common nslookup errors and their usual fixes:

  • NXDOMAIN: This means the domain name queried does not actually exist in DNS. Check your spelling and domain's configuration.

  • Timeout errors: Network issue stopping DNS queries from going through. Try flushing the cache and checking firewall rules.

  • Connection refused: The DNS server rejects connections from nslookup. Double-check if that server allows zone transfers.

  • Non-authoritative answer: The current DNS server cannot give definitive answers about a domain. Pick another server instead.

Knowing the possible errors ahead of time helps diagnose issues faster. Pay attention to the exact warning for clues on how to resolve misbehaving DNS queries.

Next Steps with Nslookup

Now you know the fundamentals of using nslookup for interactively exploring DNS on Linux.

You can now:

  • Find the IP addresses, mail servers, and other records associated with domain names

  • Perform reverse lookups to uncover hostnames for IP addresses

  • Override the default DNS server and configure debugging/output options

  • Recognize and fix common nslookup errors

Nslookup won't win any awards for user-friendliness - but what it lacks in looks it makes up for in transparency into the hidden world of DNS infrastructure.

Going forward, consider integrating nslookup directly into your own Linux scripts and tooling. Automating DNS queries can save tons of time when managing lots of domains or troubleshooting at scale.

I hope this guide has shown how useful the venerable nslookup tool can be. Now get out there, run some queries, and unlock the secrets held in your DNS server.

Also read -

Mounting NFS Shares from a Linux Server on Windows 2012

Installing Java on Amazon Linux

Setting a Static IP Address on Linux

Comments (0)

Discuss on Hashnode