|Lesson 2 || Basic nslookup operation |
|Objective || Explain the basic use of the nslookup program. |
Basic nslookup Operation
Explain the basic use of the nslookup program to probe the DNS database.
The nslookup program, which stands for "name server lookup", is a powerful, command-line-based network administration tool used primarily for querying and diagnosing the Domain Name System (DNS) to obtain domain name or IP address mapping, or any specific DNS record.
Primarily, nslookup is used to resolve domain names into IP addresses and vice versa. It's a critical tool when troubleshooting DNS server problems, verifying the correct IP addresses are associated with a domain, and ensuring the DNS server is properly translating domain names.
To use nslookup, you will need to access your system's command line interface: the Command Prompt for Windows, Terminal for macOS and Linux. Once the command line interface is opened, you can start using the nslookup command in its simplest form.
- Domain name to IP resolution: Enter nslookup followed by the domain name to resolve the domain into its corresponding IP address(es).
This command will return the IP address associated with the specified domain name.
- IP to domain name resolution: Enter nslookup followed by the IP address to find the domain associated with it.
This command will return the domain name associated with the specified IP address.
- Finding mail servers (MX Records): The -query=mx option can be used to find mail servers associated with a domain.
nslookup -query=mx example.com
This command will return a list of Mail Exchange (MX) servers for the specified domain.
- Finding name servers (NS Records): The -query=ns option can be used to find the DNS servers associated with a domain.
nslookup -query=ns example.com
This command will return a list of Name Servers (NS) for the specified domain.
- Server option: The server command within nslookup can be used to set the DNS server for your queries. For example:
> server 22.214.171.124
This sets 126.96.36.199 (Google’s public DNS server) as the server that will be used for the DNS lookup and then proceeds to perform a lookup on www.example.com.
- Exit command: Type exit to quit the nslookup program.
Remember, while nslookup is a widely used tool for network administration and DNS troubleshooting, its usage requires careful interpretation as DNS records are often cached, and may not reflect recent changes until the cache is updated or cleared.
This brief overview is just the start of nslookup's capabilities. It provides various advanced features that can be used to perform more granular DNS queries, all of which can be accessed by typing nslookup on the command line and hitting enter, then typing help for a list of available commands and options.
The nslookup program operates interactively. When you start the program from the UNIX command line, it uses the /etc/resolv.conf file to locate a name server, and initially directs its queries at that server.
Default Server: dns.class.com
To look up the IP address of a host name, or the host name for an IP address, simply type the name or address to the prompt:
Default Server: dns.class.com
Addresses: 188.8.131.52, 184.108.40.206,
220.127.116.11, 18.104.22.168, 22.214.171.124,
126.96.36.199, 188.8.131.52, 184.108.40.206,
220.127.116.11, 18.104.22.168, 22.214.171.124,
126.96.36.199, 188.8.131.52, 184.108.40.206,
220.127.116.11, 18.104.22.168, 22.214.171.124
Evidently, Microsoft operates quite a few machines under the name www.microsoft.com.
You may see the phrase non-authoritative answer
in the output from nslookup.
This phrase means that
obtained the information from a server cache, rather than by consulting an authoritative source such as an authoritative server
or secondary server
- authoritative server: A primary or secondary server for a zone is called an authoritative server when it obtains its information directly from data files describing the zone.
- secondary server: In addition to its primary server, a zone may have one or more secondary servers. A secondary server provides an alternative source for information on the zone.