nslookup is the name of a program that lets an Internet server administrator or any computer user enter a host name (for example, "whatis.com") and find out the corresponding IP address or domain name system (DNS) record. The user can also enter a command for it to do a reverse DNS lookup and find the host name for an IP address that is specified.
Uses of nslookup
nslookup is used to troubleshoot server connections or for security reasons. Such reasons include guard against phishing attacks, in which a domain name is altered -- for example, by substituting the numeral 1 for a lowercase l -- to make an unfriendly site look friendly and familiar (joes1owerprices.com vs. joeslowerprices.com).
DNS, or nslookup, also helps deter cache poisoning, in which data is distributed to caching resolvers, posing as an authoritative origin server.
Examples of nslookup commands
If "WhatIs.com” is entered into a nslookup program, the user would receive the site’s IP address as a response, which happens to be 220.127.116.11. If the user enters "18.104.22.168", it would return "sites.techtarget.com".
Popular nslookup commands include:
- /name: queries the current name server for the specified name
- /server name: sets the current name server to the server the user specifies
- /root: sets the root server as the current server
- /set type=x: specifies the type of records to be displayed, such as A, CNAME, MX, NS, PTR or SOA. Specify ANY to display all records.
- /set debug: turns on debug mode, which displays detailed information about each query
- /set recurse: tells the DNS name server to query other servers if it does not have the information
- /exit: exits nslookup and returns the user to a command prompt
Nslookup has two modes: interactive and noninteractive. To look up only a single piece of data, use noninteractive mode. To look up more than one piece of data, use interactive mode.
nslookup sends a domain name query packet to a designated (or defaulted) domain name system server. Depending on the system being used, the default may be the local DNS server at the service provider, some intermediate name server or the root server system for the entire domain name system hierarchy.
DNS lookup with Linux
Using Linux and other versions of nslookup, other information associated with the host name or IP address can be located, such as associated mail services. nslookup is included with some UNIX-based operating systems. A more limited alternative to nslookup for looking up an IP address is the ping command.
Public vs. private DNS
DNS records can be public or private. DNS was originally created to help users find things on the Internet. For a site to be found, it needed an IP address and corresponding DNS record in public view. Since then, however, organizations have come to realize that they don't necessarily want people outside of the company to know internal processes. Therefore, organizations began using private DNS servers to store IP addresses for internal file servers, domain controllers, database servers, mail servers and application servers.
Watch the video below for more information on how to use nslookup commands in Linux: