The `nslookup` command is a powerful tool used by system administrators and network engineers to troubleshoot DNS issues. This command can help determine the IP address associated with a domain name, as well as the DNS server being used by a particular device.
Here are the 10 practical examples of how you can use nslookup for troubleshooting DNS issues.
1. Determine the IP Address of a Domain
To determine the IP address associated with a domain name, you can use the following nslookup command:
nslookup tecadmin.net
Replace ‘tecadmin.net’ with your domain name.
Output:Server: dns.google Address: 8.8.8.8 Non-authoritative answer: Name: tecadmin.net Addresses: 172.67.134.5 104.28.16.96 104.28.17.96
2. Check the DNS server being used by a device
You can use the following command to check the DNS server being used by a device:
nslookup -query=ns example.com
3. Check the CNAME record for a domain
To check the CNAME (Canonical Name) record for a domain, you can use the following command:
nslookup -query=cname example.com
4. Perform a reverse DNS lookup
A Reverse DNS (rDNS) lookup is when you have an IP address and want to find the associated domain name. You will see any output only if a reverse zone is configured corresponding to that IP address. Generally, this is configured by the hosting provider or datacenters.
To view the reverse dns lookup for an IP address, type:
nslookup 216.58.219.206
Output:Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: 206.219.58.216.in-addr.arpa name = lga25s40-in-f14.1e100.net. 206.219.58.216.in-addr.arpa name = lga25s40-in-f14.1e100.net. 206.219.58.216.in-addr.arpa name = lga25s40-in-f206.1e100.net. 206.219.58.216.in-addr.arpa name = lga25s40-in-f206.1e100.net.
5. Query to specific DNS server
The default nslookup quires to DNS server configured on your system’s network interface. But you can specify the DNS server to which nslookup queried directly instead of local configured.
You need to pass an additional parameters of name server IP address or domain name. For example to query to 9.9.9.9 name server use the following command.
nslookup tecadmin.net 9.9.9.9
Output:Server: dns9.quad9.net Address: 9.9.9.9 Non-authoritative answer: Name: tecadmin.net Addresses: 104.28.17.96 172.67.134.5 104.28.16.96
6. Check the SOA (Start of Authority) record for a domain
SOA is the abbreviation of Start of Authority. This is a useful DNS record for any domain that contains administrative information about the zone.
To find the SOA record of any domain, you need to specify -type=soa as command line parameter. For example:
nslookup -type=soa google.com
Output:Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: google.com origin = ns4.google.com mail addr = dns-admin.google.com serial = 159912615 refresh = 900 retry = 900 expire = 1800 minimum = 60 Authoritative answers can be found from:
Description of the result values:
- origin: The authority from which the information originated.
- mail addr: The email address of the domain administrator (The first dot represents @ symbol in an email address).
- serial: The revision data for the zone for of domain in the form YYYYMMDDNN.
- refresh: A refersh interval in seconds where the secondary name server will check the primary name server for an updated revision of the zone.
- retry: Waiting time for the secondary nameserver before attempting to reconnect to the primary name server after a failed attempt.
- expire: The time in seconds for the secondary nameserver’s cache to expire.
- minimum: The time in seconds the secondary nameserver’s cache should not be refreshed if time has not elapsed since the last refresh.
7. Find the mail server associated with a domain name
The Mail Exchange record is used for email delivery to the correct email server IP address. You can also find the MX records for any domain to verify the settings.
In case of, emails are not delivering to the Mailbox, verify that MX records are pointed to the correct addresses.
nslookup -query=mx google.com
Output:Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: google.com mail exchanger = 10 aspmx.l.google.com. google.com mail exchanger = 30 alt2.aspmx.l.google.com. google.com mail exchanger = 50 alt4.aspmx.l.google.com. google.com mail exchanger = 40 alt3.aspmx.l.google.com. google.com mail exchanger = 20 alt1.aspmx.l.google.com. Authoritative answers can be found from:
Remember that MX records are used for receiving emails not for sending.
8. Query TXT Records for Domain
TXT records are useful for multiple types of records like DKIM, SPF, etc. You can find all TXT records configured for any domain using the below command.
nslookup -query=txt google.com
Output:Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: google.com text = "v=spf1 include:_spf.google.com ~all" Authoritative answers can be found from:
9. Find all records of a domain
Use -query=any to list all avaialble records for a domain in dns server.
nslookup -query=any google.com
Output:Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: google.com Address: 216.58.219.206 google.com has AAAA address 2607:f8b0:4006:80e::200e google.com mail exchanger = 20 alt1.aspmx.l.google.com. google.com mail exchanger = 40 alt3.aspmx.l.google.com. google.com nameserver = ns2.google.com. google.com nameserver = ns4.google.com. google.com nameserver = ns3.google.com. google.com rdata_257 = 0 issue "pki.goog" google.com mail exchanger = 30 alt2.aspmx.l.google.com. google.com mail exchanger = 10 aspmx.l.google.com. google.com mail exchanger = 50 alt4.aspmx.l.google.com. google.com text = "v=spf1 include:_spf.google.com ~all" google.com nameserver = ns1.google.com. google.com rdata_257 = 0 issue "symantec.com" google.com origin = ns2.google.com mail addr = dns-admin.google.com serial = 159912615 refresh = 900 retry = 900 expire = 1800 minimum = 60 Authoritative answers can be found from:
10. Using nslookup in interactive mode
We can also use nslookup in interactive mode. To go in interactive mode type nslookup on console and press enter. You will get nslookup prompt like > . Here you can run the same query and get the information for the domain from the DNS server. For your understanding, I have added comments in between commands.
nslookup
Output:### Type domain name to get information from dns server google.com Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: google.com Address: 172.217.10.46 ### Set the another specific dns server to query. server 8.8.4.4 Default server: 8.8.4.4 Address: 8.8.4.4#53 ### Again try to get the dns information, This time nslookup connects to specified dns server. google.com Server: 8.8.4.4 Address: 8.8.4.4#53 Non-authoritative answer: Name: google.com Address: 172.217.10.46 ### Set the query type. for example to get MX information set query=mx set query=mx ### Again try to get the dns information, This time nslookup will show MX information for domain google.com Server: 8.8.4.4 Address: 8.8.4.4#53 Non-authoritative answer: google.com mail exchanger = 30 alt2.aspmx.l.google.com. google.com mail exchanger = 50 alt4.aspmx.l.google.com. google.com mail exchanger = 40 alt3.aspmx.l.google.com. google.com mail exchanger = 10 aspmx.l.google.com. google.com mail exchanger = 20 alt1.aspmx.l.google.com. Authoritative answers can be found from:
Conclusion
In conclusion, the `nslookup` command is an essential tool for troubleshooting DNS issues. The ten examples discussed in this article should provide a good starting point for using this command in real-world scenarios. However, there are many more options and advanced usage techniques available with nslookup, so it’s recommended that you explore this tool further.