nslookup is a debugging tool provided as part of the BIND software
package. It allows anyone to query a name server directly and retrieve
any of the information known to the DNS system. It is helpful for
determining if the server is running correctly and is properly
configured, or for querying for information provided by remote
servers.
The nslookup program is used to
resolve queries either interactively or directly from the command line.
Here is a command-line example of using nslookup to query for the IP address of a host:
% nslookup crab.wrotethebook.com
Server: rodent.wrotethebook.com
Address: 172.16.12.2
Name: crab.wrotethebook.com
Address: 172.16.12.1Here, a user asks nslookup to
provide the address of crab.wrotethebook.com.
nslookup displays the name and
address of the server used to resolve the query, and then it displays
the answer to the query. This is useful, but nslookup is more often used
interactively.
The real power of nslookup is
seen in interactive mode. To enter interactive mode, type nslookup on the command line without any
arguments. Terminate an interactive session by typing Ctrl-D (^D) or
entering the exit command at the
nslookup prompt. As an interactive
session, the previous query shown is:
% nslookup Default Server: rodent.wrotethebook.com Address: 172.16.12.2 > crab.wrotethebook.com Server: rodent.wrotethebook.com Address: 172.16.12.2 Name: crab.wrotethebook.com Address: 172.16.12.1 > ^D
By default, nslookup queries
for A records, but you can use the set type
command to change the query to another resource record type or to the
special query type ANY. ANY is used to retrieve all available resource
records for the specified host.[95]
The following example checks MX records for crab and
rodent. Note that once the query type is set to MX,
it stays MX. It doesn’t revert to the default A-type query. Another
set type command is required to reset
the query type.
% nslookup Default Server: rodent.wrotethebook.com Address: 172.16.12.2 > set type=MX > crab.wrotethebook.com Server: rodent.wrotethebook.com Address: 172.16.12.2 crab.wrotethebook.com preference = 5, mail exchanger = crab.wrotethebook.com crab.wrotethebook.com inet address = 172.16.12.1 > rodent.wrotethebook.com Server: rodent.wrotethebook.com Address: 172.16.12.2 rodent.wrotethebook.com preference = 5, mail exchanger = rodent.wrotethebook.com rodent.wrotethebook.com inet address = 172.16.12.2 > exit
You can use the server command
to control the server used to resolve queries. This is particularly
useful for going directly to an authoritative server to check some
information. The following example does just that. In fact, this example
contains several interesting commands:
First we set type=NS and get the NS records for the
zoo.edu domain.
From the information returned by this query, we select a
server and use the server command
to direct nslookup to use that
server.
Next, using the set
domain command, we set the
default domain to zoo.edu. nslookup uses this default domain name to
expand the hostnames in its queries in the same way that the
resolver uses the default domain name defined in
resolv.conf.
We reset the query type to ANY. If the query type is not
reset, nslookup still queries for
NS records.
Finally, we query for information about the host tiger.zoo.edu. Because the default domain is set to zoo.edu, we simply enter tiger at the prompt.
Here’s the example:
% nslookup Default Server: rodent.wrotethebook.com Address: 172.16.12.2 > set type=NS > zoo.edu Server: rodent.wrotethebook.com Address: 172.16.12.2 Non-authoritative answer: zoo.edu nameserver = NOC.ZOO.EDU zoo.edu nameserver = NI.ZOO.EDU zoo.edu nameserver = NAMESERVER.AGENCY.GOV Authoritative answers can be found from: NOC.ZOO.EDU inet address = 172.28.2.200 NI.ZOO.EDU inet address = 172.28.2.240 NAMESERVER.AGENCY.GOV inet address = 172.21.18.31 > server NOC.ZOO.EDU Default Server: NOC.ZOO.EDU Address: 172.28.2.200 > set domain=zoo.edu > set type=any > tiger Server: NOC.ZOO.EDU Address: 172.28.2.200 tiger.zoo.edu inet address = 172.28.172.8 tiger.zoo.edu preference = 10, mail exchanger = tiger.ZOO.EDU tiger.zoo.edu CPU=ALPHA OS=Unix tiger.zoo.edu inet address = 172.28.172.8, protocol = 6 7 21 23 25 79 tiger.ZOO.EDU inet address = 172.28.172.8 > exit
The final example shows how to download an entire domain from an authoritative server and examine it on your
local system. The ls command requests
a zone transfer and displays the contents of the zone it
receives.[96] If the zone file is more than a few lines long, redirect
the output to a file and use the view
command to examine the contents of the file. (view sorts a file and displays it using the
Unix more command.) The combination
of ls and view is helpful when tracking down a remote
hostname. In this example, the ls
command retrieves the big.com zone
and stores the information in temp.file. Then view is used to examine temp.file.
rodent% nslookup Default Server: rodent.wrotethebook.com Address: 172.16.12.2 > server minerals.big.com Default Server: minerals.big.com Address: 192.168.20.1 > ls big.com > temp.file [minerals.big.com] ######## Received 406 records. > view temp.file acmite 192.168.20.28 adamite 192.168.20.29 adelite 192.168.20.11 agate 192.168.20.30 alabaster 192.168.20.31 albite 192.168.20.32 allanite 192.168.20.20 altaite 192.168.20.33 alum 192.168.20.35 aluminum 192.168.20.8 amaranth 192.168.20.85 amethyst 192.168.20.36 andorite 192.168.20.37 apatite 192.168.20.38 beryl 192.168.20.23 --More--q > exit
These examples show that nslookup allows you to:
Query for any specific type of standard resource record
Directly query the authoritative servers for a domain
Get the entire contents of a domain into a file so you can view it
Use nslookup’s help command to see its other features. Turn
on debugging (with set debug) and
examine the additional information this provides. As you play with this
tool, you’ll find many
helpful features.
[95] “All available” records can vary based on the server answering the question. A server that is authoritative for the zone that contains the host’s records responds with all records. A nonauthoritative server that has cached information about the host provides all of the records it has cached, which might not be every record the host owns.
[96] For security reasons, many name servers do not respond to the
ls command. See the allow-transferoption in Appendix C for information on how to
limit access to zone transfers.