Introduction
In Linux system administration, one of the most common tasks is verifying domain name resolution. The nslookup command allows querying DNS servers and obtaining information about records such as A, AAAA, MX, TXT, and many more. Although this tool is considered a successor of earlier versions, it remains useful for quick diagnosis and learning DNS concepts.
What is nslookup?
Nslookup (Name Server Lookup) is a command-line utility that intervenes in the query of domain name servers. Its operation is based on sending questions directly to a DNS server and displaying the received responses. It can operate in two modes: interactive, where a subshell is opened to perform multiple queries, and non-interactive, where each query is written as a single command.
Installation
In most modern Linux distributions, nslookup comes preinstalled as part of the bind-utils or dnsutils package. If it is not present, it can be easily installed. On Debian/Ubuntu: sudo apt-get update && sudo apt-get install dnsutils. On Red Hat/CentOS/Fedora: sudo yum install bind-utils or sudo dnf install bind-utils. After installation, the command will be available in any terminal.
Interactive vs Non-interactive Mode
In non-interactive mode, it is enough to type nslookup example.com to obtain the associated IP address. In interactive mode, executing nslookup without arguments changes the prompt to > and allows writing successive queries such as set type=MX followed by example.com. This mode is useful when you need to perform several queries without retyping the full command.
Common Query Examples
- A record (IPv4 address):
nslookup example.com - AAAA record (IPv6):
nslookup -type=AAAA example.com - MX record (mail servers):
nslookup -type=MX example.com - TXT record (text information, SPF, DKIM):
nslookup -type=TXT example.com - CNAME record (alias):
nslookup -type=CNAME example.com - Query all records:
nslookup -type=ANY example.com
Interpretation of Results
The output of nslookup shows several fields. The first indicates the DNS server that responded and its IP address. Then the section Non-authoritative answer: appears if the response comes from a server that does not have authority over the domain, followed by the requested records. Each record includes its type, value, and, in some cases, the class (usually IN for Internet). It is important to observe whether the response is authoritative; if not, it may be cached.
Limitations and Alternatives
Although nslookup is practical, it has some limitations: its output can be ambiguous for novice users and it does not show the response time (TTL) in detail. For a deeper analysis, it is recommended to use dig, which offers greater control and readability. Another alternative is host, simpler but less flexible. Knowing these tools allows choosing the most suitable one according to the situation.
Best Practices and Tips
- Always verify that you are using the correct DNS server; you can specify it with
nslookup example.com 8
This post is also available in ESPAÑOL.