Table of Contents
What is the nslookup command?
Normally, IP address queries to DNS servers are done automatically; users are not aware of queries to DNS servers when viewing Web sites with a Web browser or sending and receiving e-mail with e-mail software.
Although we are not usually aware of it, we may have to verify the registration of resource records on DNS servers or manually query DNS servers when DNS behavior is not correct due to some failure or misconfiguration of DNS servers.
The nslookup command allows you to manually query the DNS server for an IP address.
Mode of the nslookup command
The nslookup command has two modes
- non-interactive mode
- interactive mode
The non-interactive mode specifies arguments such as hostname and option specifications directly after the nslookup command. The command then exits as soon as the results are displayed.
On the other hand, the interactive mode does not terminate execution of a command after a single query, but allows successive queries one after another. At that time, you can specify options and switch the DNS servers to query. To run interactive mode, enter only the nslookup command. Then you will see only “>”, indicating that you are in interactive mode. To exit from the interactive mode, type “exit” or “Ctrl+C”.
Example of nslookup command
The nslookup command has many options and can perform a variety of queries to the DNS servers. The following example of querying the following resource records in interactive mode is explained.
- A record
- PTR record
- MX record
- NS record
Example of A Record query
The A record contains the IP address for the hostname, and the most common query to a DNS server is an A record query. The following is an example of an A record query for www.google.co.jp.
C:\Users\gene>nslookup 既定のサーバー: UnKnown Address: 192.168.1.1 > www.google.co.jp サーバー: UnKnown Address: 192.168.1.1 権限のない回答: 名前: www.google.co.jp Addresses: 2404:6800:4004:80c::2003 188.8.131.52
“Server” and “Address” are the DNS servers being queried. “Server” is Unknown because the hostname of the DNS server is unknown. Since the DNS server to be queried is not specified, the information of the DNS server configured on the PC is displayed. In a home network, it is usually the IP address of the broadband router.
The part below that is the result of the query. The “unauthorized response” indicates that the information is not registered with the DNS server that made the query, but with another DNS server. “Name” is the host name of the server and “Addresses” is the corresponding IP address. And the corresponding IP addresses are IPv4 address “184.108.40.206” and IPv6 address “2404:6800:4004:80c::2003”.
Example of PTR record query
A PTR record is information about the host name corresponding to an IP address. When a server receives some request from a client, it may know the IP address of the client but not the hostname. In such cases, the PTR record can be queried to find out the hostname information corresponding to the IP address.
The nslookup command automatically determines whether it is an A record query or a PTR record query; for a PTR record query, simply specify the IP address. Let’s try a PTR record query by specifying the IP address that we looked up in the A record of www.google.co.jp earlier.
C:\Users\gene>nslookup 既定のサーバー: UnKnown Address: 192.168.1.1 > 220.127.116.11 サーバー: UnKnown Address: 192.168.1.1 名前: nrt12s14-in-f227.1e100.net Address: 18.104.22.168
You can see that it is “nrt12s14-in-f227.1e100.net” as the hostname for “22.214.171.124”. There are actually several Google web servers, each with its own hostname and IP address. The hostname for the grouping of a number of web servers is “www.google.co.jp”.
Example of MX record query
An MX record is a registration of information about the mail server.E-mails are forwarded from mail server to mail server. An MX record query is performed to find out information about the forwarding mail server. The following is an example of an MX record query for the domain “n-study.com”.
C:\Users\gene>nslookup 既定のサーバー: UnKnown Address: 192.168.1.1 > set tyep=MX > n-study.com サーバー: UnKnown Address: 192.168.1.1 権限のない回答: n-study.com MX preference = 50, mail exchanger = mx01.lolipop.jp
The “set type=MX” changes the query to query MX records. Then, when you enter a domain name, a query is made for the MX record for the domain name you entered. The domain name is the part of the e-mail address to the right of @. The mail server information for the specified domain will then be displayed.
Multiple mail server information can be registered. The “MX preference” indicates the priority of multiple mail servers. The higher the value, the higher the priority mail server.
The MX record gives the hostname of the mail server; to find out the IP address, a further query of the A record is made.
Example of NS record query
NS records contain information about the domain’s DNS servers, where NS stands for Name Server. The following is an example of an NS record query.
C:\Users\gene>nslookup 既定のサーバー: UnKnown Address: 192.168.1.1 > set type=NS > n-study.com サーバー: UnKnown Address: 192.168.1.1 権限のない回答: n-study.com nameserver = dns01.muumuu-domain.com n-study.com nameserver = dns02.muumuu-domain.com
The “set type=NS” changes the query to query NS records. Then, when you enter the domain name, it will query the NS records for the domain name you entered, and you will see that the DNS servers for n-study.com are the servers “dns01.muumuu-domain.com” and “dns02.muumuu-domain.com”.
- IP(Internet Protocol) : The Most Important Data Transfer Protocol
- Ping “Will the data be transfered properly?”
- Ping command on Windows OS
- Traceroute : Which router does the data go through?
- ICMP Redirect
- Where’s the Trouble? Ping and Traceroute
- ARP(Address Resolution Protocol)
- ARP Format
- Gratuitous ARP(GARP)
- nslookup command : Verifying DNS name resolution
- DHCP : Automatically Assign IP Address
- Cisco IOS DHCP Server Configuration and Verification Commands
- Cisco Router DHCP Server Configuration Example
- DHCP Relay Agent
- DHCP Relay Agent Configuration Example [Cisco]
- Summary of DHCP Server Placement
- TCP/IP Configuration Summary
- ipconfig command : To verify TCP/IP configurations on Windows OS
- Commands to Verify TCP/IP Configuration On Linux (Ubuntu)
- Web Proxy Server
- FTP : Representative File Transfer Protocol
- TFTP(Trivial File Transfer Protocol)
- TFTP Client on Windows10/11