nslookup (short for “name server lookup”) is a command-line utility used for querying the Domain Name System (DNS) to obtain domain name or IP address mapping, or other DNS records. It’s an essential tool for network administrators, developers, and anyone troubleshooting DNS-related issues.

What Does DNS Do?

Before diving into nslookup, it’s important to understand DNS. DNS is often called the “phonebook of the internet.” It translates human-readable domain names (like www.google.com) into machine-readable IP addresses (like 172.217.160.132), which computers need to connect to each other.

What nslookup Does:

nslookup allows you to manually query DNS servers to perform these translations or retrieve other types of DNS records. It helps you verify:

• If a domain name resolves to the correct IP address.

• If your DNS server is working correctly.

• If there are multiple IP addresses for a single domain name (for load balancing or redundancy).

• If various other DNS record types exist for a domain.

How nslookup Works:

When you use nslookup, it typically sends a query to the DNS server configured on your computer (or a specific DNS server you specify). This DNS server then performs the lookup process (which might involve querying other DNS servers, like root servers, TLD servers, and authoritative servers) and returns the requested information.

nslookup Modes:

nslookup can operate in two modes:

1. Interactive Mode: You type nslookup and then continuously enter queries until you type exit. This is useful for performing multiple lookups or changing settings.

2. Non-interactive Mode: You provide the query directly on the command line, and nslookup returns the result and exits. This is good for quick, one-off lookups or for scripting.

Common nslookup Commands and Examples:

1. Basic Non-Interactive Lookup (Domain to IP):

nslookup example.com

Output Explanation:

• Server: YourDNSServerIP: The IP address of the DNS server that handled your query (typically your local router’s IP or your ISP’s DNS server).

• Address: YourDNSServerIP#53: The DNS server’s IP address and port number (DNS uses UDP port 53).

• Non-authoritative answer:: This indicates that the answer came from a caching DNS server (like your ISP’s DNS server) and not directly from the authoritative DNS server for example.com. Authoritative answers come directly from the server that “owns” the domain’s DNS records.

• Name: example.com: The domain name you queried.

• Address: 93.184.216.34: The IPv4 address associated with example.com.

• Name: example.com (sometimes repeated with different addresses): If a domain has multiple IP addresses, they will all be listed.

• Address: 2606:2800:220:1:248:1893:25c8:1946: If the domain has an IPv6 address (AAAA record), it will be shown.

2. Basic Non-Interactive Lookup (IP to Domain – Reverse DNS):

nslookup 93.184.216.34

This performs a reverse DNS lookup, trying to find the domain name associated with an IP address. This works if the IP address owner has configured a PTR (Pointer) record in their DNS.

3. Querying a Specific DNS Server:

nslookup example.com 8.8.8.8

This command queries example.com using Google’s public DNS server (8.8.8.8) instead of your default configured DNS server. This is invaluable for troubleshooting if you suspect your local DNS server is causing issues.

4. Querying for Specific Record Types (Interactive Mode or set type):

To query for different types of DNS records, you typically enter interactive mode or use the set type command within interactive mode (or specify it directly in non-interactive mode).

• Start Interactive Mode: nslookup

• Set Query Type: set type=mx (for Mail Exchanger records – used for email routing) set type=ns (for Name Server records – authoritative DNS servers for the domain) set type=txt (for Text records – often used for SPF, DKIM, DMARC for email security, or domain verification) set type=ptr (for Pointer records – reverse DNS) set type=cname (for Canonical Name records – aliases for other domain names) set type=srv (for Service records – location of services like SIP or LDAP) set type=any (for all available records)

• Then enter the domain name: google.com (after set type=mx)

• Exit Interactive Mode: exit

Example (Non-interactive for MX records):

nslookup -type=mx google.com

Output (simplified):

Server:  YourDNSServerIP
Address: YourDNSServerIP#53

Non-authoritative answer:
google.com      mail exchanger = 10 aspmx.l.google.com.
google.com      mail exchanger = 20 alt1.aspmx.l.google.com.
... (other MX records with different priorities)

5. Debugging Mode (More Verbose Output):

nslookup -debug example.com

This command provides a more verbose output, showing the full query sent, the DNS server’s response, and sometimes even the recursion path. Useful for deep troubleshooting.

Why nslookup is Useful for Troubleshooting:

• Verify DNS Resolution: The most common use. If you can’t access a website by name, but you can by IP address, it strongly suggests a DNS problem. nslookup helps you confirm if the domain resolves at all and to what IP.

• Test Specific DNS Servers: If you suspect your ISP’s DNS server is slow or providing incorrect information, you can use nslookup with 8.8.8.8 or 1.1.1.1 to test against known public DNS servers.

• Check Mail Flow: Use set type=mx to ensure the MX records for a domain point to the correct mail servers.

• Domain Ownership/Verification: set type=txt can reveal TXT records often used for domain verification by services like Google Workspace or for SPF/DKIM records.

• Identify Aliases: set type=cname helps understand if a domain is an alias for another.

nslookup vs. dig (Linux/Unix/macOS):

While nslookup is available on all major OSes, the dig command is often preferred by advanced users and administrators on Linux, Unix, and macOS. dig is generally considered more powerful, flexible, and provides more detailed and consistent output, especially for scripting and complex queries. nslookup is simpler and more readily available across all platforms out-to-the-box in Windows.

In summary, nslookup is your essential first step when diagnosing any network connectivity issue that involves domain names. It quickly helps you determine if DNS resolution is working as expected.