nslookup is a very powerful tool used to get DNS realted information from DNS servers. We can get web server IP address, Mail Server IP address, Alternative IP addresses, DNS Management Information etc from DNS servers with the nslookup command.
Query and Print A Type Records
We will start with a simple and general example. We will query and list the A type of records. A type record is used to get an IP Address from the domain name. In this example, we will query for the IP address of poftut.com.
$ nslookup poftut.com
We see that the IP Address of the poftut.com is 45.79.133.118 . This query is sent to the name server 127.0.0.1 which is localhost because local daemon for DNS is used.
Query and Print NS Type Records
Every domain has a domain name server. Domain name servers are used to store domain name configuration. A single domain may have multiple domain servers for reliability and backup purposes. Domain name servers can be stored as ns type records. We can specify domain name servers with the -type and ns like below.
$ nslookup -type=ns poftut.com
Query and Print SOA Record
Domain names are assigned to the organizations and have some configuration about their usage. This information is stored in the Start of Authority records a.k.a. SOA. We can query and print SOA record with the soa type like below.
$ nslookup -type=soa poftut.com
We can see that the following information is provided by the DNS SOA record.
- origin provides the SOA information origin which is given domain primary DNS server which is `ns1.linode.com` in this example
- `mail addr` is the used to provide the mail address of the domain owner
- `serial` is the serial number of the domain name which is generally the date and time which is 2016082817 in this example
- `refresh` provides the refresh time which is used by other DNS servers
- `retry`
- `expire`
- `minimum`
Query and Print MX Records
DNS servers also provide the main server IP address with the MX type records. We can find mail server name of the given record with the following command.
$ nslookup -type=mx poftut.com
Query and Print All DNS Records
Up to now, we have checked different DNS types by specifying them with -type option. We can also check all of these DNS record types with a single command. We will provide any values to the -typeoption like below.
$ nslookup -type=any poftut.com
Query and Check Specific DNS Server
The default behavior of the nslookup command is to check the default DNS server for the given query. We can also specify the DNS server we want to check. We will just add DNS server name to the end of the command. In this example, we will check DNS server ns2.linode.com for the domain name poftut.com.
$ nslookup poftut.com ns2.linode.com
Query Reverse DNS Lookup
Up to now we have queried given a domain name and get the IP address. But in some cases, we may need to get the domain name by providing the IP address. This type of query is named as reverse DNS lookup. We can query the domain name of the IP address by just providing the IP address to the nslookup command like below.
$ nslookup 45.79.133.118
Query Specified DNS Server Port
DNS servers use TCP or UDP port 53 by default. So while using nslookup we do not need to specify the port number of the remote DNS server. If we know that given DNS server uses a different port then 53 we can specify DNS service port explicitly with the -port option.
$ nslookup -port=100 poftut.com
Print Details with Debug Mode
During a DNS server lookup, there will be a lot of actions which is not shown by default. If there is a problem or we want to check these actions we need to show verbose output with the debug mode. We will use -debug option to print detailed information about nslookup.
$ nslookup -debug poftut.com
