What is the ‘nslookup’ command, and how can I use it?

The nslookup command is a built-in network administration tool available on Windows, macOS, and many Linux distributions. It is used to query DNS servers to retrieve information about domain names, IP addresses, and DNS records.

Basic Syntax:

nslookup [hostname] [DNS server]

Components:

1. hostname: The domain name (e.g., example.com) or IP address you want to query.
2. DNS server (optional): The DNS server to use for the query. If omitted, the system’s default DNS server will be used.

---

Common Use Cases:

1. Query the Default DNS Server for a Domain Name: nslookup example.com This resolves example.com using your default DNS server and returns its IP address.
2. Query a Specific DNS Server: nslookup example.com 8.8.8.8 This queries Google’s public DNS server (8.8.8.8) to resolve example.com.
3. Query Specific DNS Record Types: You can specify the type of DNS record to retrieve by using the set type command:
   • A Record (IPv4 Address): nslookup -type=A example.com
   • MX Record (Mail Exchange): nslookup -type=MX example.com
   • NS Record (Name Servers): nslookup -type=NS example.com
   • TXT Record (Text Records): nslookup -type=TXT example.com
4. Perform a Reverse DNS Lookup: To find the domain name associated with an IP address:bashCopy codenslookup 8.8.8.8
5. Interactive Mode: You can run nslookup without arguments to enter interactive mode. In this mode, you can issue multiple queries without retyping the command: nslookup Example session: Default Server: dns.example.com Address: 192.168.1.1 > set type=MX > example.com To exit, type exit.
6. Query with Debug Information: You can use the debug option to see detailed DNS query information: nslookup -debug example.com

Example Output:

Query a Domain:

nslookup example.com

Output:

Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    example.com
Address: 93.184.216.34

Query an MX Record:

nslookup -type=MX example.com

Output:

Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
example.com    MX preference = 10, mail exchanger = mail.example.com

Key Commands in Interactive Mode:

• set type=[record_type]: Specify the type of DNS record (e.g., A, MX, TXT, etc.).
• server [DNS_server]: Change the DNS server for queries.
• exit: Exit interactive mode.

Basic IPv6 Lookup with nslookup

You use nslookup to find IPv6 addresses by querying for AAAA records, which are the DNS record type that maps hostnames to IPv6 addresses.

nslookup -type=AAAA www.google.com

This explicitly asks DNS for IPv6 addresses.

Example Output (abridged)

Server:   2001:4860:4860::8888
Address:  2001:4860:4860::8888#53

Non-authoritative answer:
Name:    www.google.com
Address: 2607:f8b0:4005:80a::2004

Query a Specific DNS Server over IPv6

nslookup -type=AAAA www.google.com 2001:4860:4860::8888

This confirms both IPv6 reachability and DNS resolution.

Interactive Mode (IPv6)

nslookup
> set type=AAAA
> www.google.com

Exit with:

> exit

Verify Dual-Stack Behavior (A + AAAA)

nslookup www.google.com

If AAAA records exist, they will be listed alongside IPv4 results.

Pros and Cons of nslookup:

Pros:

• Built-in on Windows, macOS, and most Linux distributions.
• Simple and easy to use for basic DNS queries.
• Can perform reverse lookups.

Cons:

• Output is less detailed than dig.
• Limited options for advanced DNS troubleshooting compared to dig or host. If you would like to learn more about ‘dig’ – go here.

---

Comments are welcomed below from registered users.  You can also leave comments at our Discord server. 

If you would like to see more content and articles like this, please support us by clicking the patron link where you will receive free bonus access to courses and more, or simply buying us a cup of coffee!