How to use Nslookup in Debian

How to use Nslookup in Debian
Nslookup or name server lookup is a tool used by network administrators to find the hostname, IP address or other DNS records such as MX records, NS records, etc. It is often used to fix DNS related issues.

In this article, we will explain how to use Nslookup to query different types of DNS records. We have run the commands and procedure mentioned in this article on a Debian 10 OS. However, the same procedure can be followed in other distributions and versions of Linux as well.

There are two modes in which Nslookup works: Interactive mode and Non-interactive mode. We have explained the procedure in not-interactive mode. However, at the end will also learn how to use the interactive mode.

Nslookup Non-interactive mode

In non-interactive mode, the entire command is issued at the Terminal. Use this mode when you require a single piece of information from a particular server.

For using non-interactive mode, the general syntax is:

$ nslookup [option] [hostname] [DNS server or IP]

How it works?

Open the Terminal in your Debian OS. In the top left corner of your desktop, you will see the Activities tab. By clicking this tab, a search bar will appear. From there, you can search for Terminal application.

Obtain IP address for a hostname

In order to find the IP address for a hostname, the syntax is:

$ example.com

This method is also known as forward DNS lookup.

For instance, to find the IP address of redhat.com, enter the following command in Terminal:

$ nslookup redhat.com

The above command implies that the Nslookup has requests the DNS server to find the IP address of redhat.com. The DNS server then requests to other servers, get a response and then sending it back to the Nslookup.

In the Terminal, you will receive the following info:

Understanding the output

The above output has provided us with some findings. Let’s understand them:

Server:  192.168.72.2

# It is the IP address of the DNS server to which Nslookup requested to.

Server:  192.168.72.2#53

# It is the IP address of the DNS server along with the port number 53 Nslookup talked to.

Non-authoritative answer
Address: 209.132.183.105

# Non-authoritative answer indicates we have got the cached reply from the DNS server.

Obtain hostname from IP address

We can also perform reverse Nslookup to resolve hostname against an IP address. It is known as reverse DNS lookup.

The syntax of the command is:

$ nslookup IP_address

In the following example, we are finding the hostname against the IP 209.132.183.105 as follows:

$ nslookup 209.132.183.105

From the following output, you can see that Nslookup has returned the hostname against the specified IP address.

Obtain MX records

MX ( Mail Exchange ) records determine the mail server settings configured for a specific domain. It contains the mapping of a domain name to a list of email servers.  MX records tells which mail server will handle the mails sent to a specific domain. MX records are configured in such a way that when an email is sent to @example.com, it is routed to the mail servers for the domain example.com.

To find the MX records for a specific domain, the syntax is:

$ nslookup -query=mx example.com

In the following example, we are finding the MX records for the domain debian.org:

$ nslookup –query=mx debian.org

The following output shows the MX records for the domain debian.org.

Obtain NS records

In the domain name system, NS records are used to identify which name servers are responsible and authoritative for a domain.

To find the NS  records for a specific domain, the syntax is:

$ nslookup -query=mx example.com

In the following example, we are finding the NS records for the domain debian.org:

$ nslookup -query=mx debian.org

The following output shows the NS records for the domain debian.org.

Obtain all DNS records

Nslookup can also be used to retrieve all the records simultaneously including A, NS, MX, TXT, SPF, etc. for the hostname you specify.

To find all the DNS records, use the following syntax:

$ nslookup -query=any <URL>

For instance, to find all DNS records of a domain debian.org, the command would be:

$ nslookup -query=any Debian.org

Nslookup Interactive mode

In interactive mode, you first enter in a separate prompt, and then add subsequent parameters to inquire further information. Use this mode when you require a lot of information from a server.

In order to use interactive mode, simply type nslookup in Terminal and press Enter.

$ nslookup

You will see the prompt like >. Here you can query for information.

In the following example, after entering in the Nslookup prompt, we have entered the following commands:

# To obtain IP address information for the domain redhat.com

> redhat.com

# To obtain MX records for the domain redhat.com

> set query=mx
>  redhat.com

As we have seen, Nslookup provides a lot of information regarding DNS such as forward and reverse lookup information, NS records, MX records, etc. However, it is not limited to just this information rather it provides a lot more than this. But for now, we hope it would be enough for you to have a basic understanding of Nslookup works.

Related Posts
Leave a Reply

Your email address will not be published.Required fields are marked *