Nslookup command explained for begginers

by BrooklynNetworkPosted on No Comments

When you browse the web, access an email, or use any internet service, your device constantly communicates with servers. But how do these devices know where to find each other? That’s where Domain Name System (DNS) comes in. DNS works like a phonebook for the internet, translating human-friendly domain names (like google.com) into IP addresses (like 172.217.14.206) that machines understand. One tool that can help you interact with DNS servers is the nslookup command. Whether you’re troubleshooting a network issue, testing your DNS settings, or simply curious about how things work, nslookup is a great utility to use. Let’s break it down for beginners.

What Is the Nslookup Command?

Nslookup stands for Name Server Lookup. It’s a command-line tool used to query DNS servers. With nslookup, you can:

  • Find the IP address of a domain name.
  • Look up DNS records like mail servers (MX records), name servers (NS records), and more.
  • Check if your local DNS resolver is working properly.
  • Troubleshoot network and DNS-related issues.

Nslookup works by sending a query to a DNS server. The server then returns the requested information, whether it’s an IP address or other DNS records.

How to Use Nslookup

Nslookup is available on most operating systems, including Windows, macOS, and Linux. Let’s look at some basic examples to get you started.

Basic Syntax

Open a command-line interface (Command Prompt on Windows, Terminal on macOS/Linux) and type:

nslookup [domain-name]

For example, to look up the IP address of google.com, you would type:

nslookup google.com

You should see an output like this:

Server:  UnKnown
Address:  192.168.1.1

Non-authoritative answer:
Name:    google.com
Addresses:  172.217.14.206

The result tells you the IP address of google.com, which in this case is 172.217.14.206. The “Non-authoritative answer” part means the information came from a DNS cache, not directly from Google’s DNS servers.

Nslookup Command Options

The nslookup command has several useful options for more specific queries. Here are a few common ones:

1. Find the IP Address of a Domain Name

This is the most common usage of nslookup. When you type:

nslookup google.com

The command will return the IP address of google.com. This is useful when you need to know which server is hosting the website or if you’re troubleshooting network issues.

2. Query Specific DNS Records

By default, nslookup queries for A (Address) records, which are the IP addresses linked to a domain. However, you can use nslookup to look up other types of DNS records.

For example, to find the MX (Mail Exchange) records for a domain (which tell you where the mail servers for the domain are located), type:

nslookup -query=mx google.com

You’ll see a list of mail servers associated with the domain.

3. Use a Specific DNS Server

By default, nslookup uses the DNS server configured on your computer. However, you can specify a different DNS server by adding the server’s address to the command.

For example, to query Google’s public DNS server (8.8.8.8), type:

nslookup google.com 8.8.8.8

This can be helpful if you want to bypass your default DNS server or troubleshoot DNS issues with a specific server.

4. Set Interactive Mode

You can run nslookup in an interactive mode by simply typing nslookup and pressing Enter. Once in interactive mode, you can enter multiple queries without having to type nslookup each time.

In interactive mode, you can type:

> set type=mx
> google.com

This will show the mail exchange records for google.com.

To exit interactive mode, just type:

exit

5. Reverse DNS Lookup

You can also use nslookup to perform a reverse DNS lookup, which is when you want to find the domain name associated with an IP address.

For example, if you want to know the domain name of IP address 8.8.8.8 (Google’s public DNS server), you would type:

nslookup 8.8.8.8

The result might look like:

8.8.8.8.in-addr.arpa  name = dns.google

This tells you that the IP address 8.8.8.8 corresponds to the domain dns.google.

Understanding Nslookup Results

When you run nslookup, the results can show various pieces of information. Here’s what they mean:

  • Server: The DNS server that nslookup used to get the information.
  • Address: The IP address of the DNS server.
  • Non-authoritative answer: The response comes from a cache rather than directly from the authoritative DNS server.
  • Name: The domain name you’re querying.
  • Addresses: The IP addresses associated with that domain.

If you’re looking up other types of records (e.g., MX records), the results will show that specific information.

Troubleshooting with Nslookup

Nslookup is a great tool for diagnosing DNS issues. For example, if a website isn’t loading, you can use nslookup to check if the DNS records are resolving correctly.

  1. Check DNS Server Issues: You can test if a specific DNS server is responding by using nslookup with that server’s IP address. If no result comes back or the query times out, there may be an issue with the server.
  2. Verify DNS Resolution: If a domain is not resolving properly, you can check if your DNS server has the correct records by querying a specific DNS record type (like MX or A records).

Common Nslookup Use Cases

The nslookup command can be extremely useful in various scenarios beyond basic lookups. Here are some common use cases:

  1. Checking Website Availability: If a website is down, you can use nslookup to see if the domain is resolving correctly. If nslookup can’t find the domain, the issue might be with your DNS server or the domain itself.
  2. Verifying DNS Propagation: After making changes to your DNS records, it can take time for them to propagate. You can use nslookup to check if the new records are live or if they’re still using cached versions.
  3. Troubleshooting Mail Issues: Nslookup is especially useful when troubleshooting email delivery problems. By looking up MX records, you can ensure that the mail servers for a domain are set up correctly.
  4. Investigating Security: Security professionals often use nslookup to investigate suspicious domains or IP addresses. By running reverse lookups or querying for DNS records, you can uncover information about potentially malicious websites.

Conclusion

The nslookup command is a simple yet powerful tool for anyone working with networks or trying to understand how DNS functions. Whether you’re troubleshooting, verifying DNS records, or doing some light networking research, nslookup is a must-have utility in your toolkit. It’s easy to use, and with a little practice, you’ll become comfortable with its many features.

By getting familiar with how to use nslookup, you can get a better understanding of the DNS system, resolve domain issues, and check the health of your network with just a few commands. Happy querying!