nslookup DNS Query

nslookup cheatsheet — query DNS records for A, MX, NS, TXT. nslookup domain, nslookup -type=MX, nslookup -type=TXT. Works on Windows and Linux for DNS debugging.

5 min read

What it is

A network administration command-line tool for querying the Domain Name System (DNS) to obtain domain name or IP address mapping, or for any other DNS record.

Installation

nslookup is typically included by default on most Linux, macOS, and Windows systems. If for some reason it’s not available:

Linux (Debian/Ubuntu):

sudo apt update
sudo apt install dnsutils

Linux (Fedora/CentOS/RHEL):

sudo yum update
sudo yum install bind-utils
# or
sudo dnf update
sudo dnf install bind-utils

macOS: It’s pre-installed.

Windows: It’s pre-installed.

Commands / Usage

Basic DNS Lookups

Look up an A record (IPv4 address):

nslookup google.com

Queries for the IPv4 address of google.com.

Look up an AAAA record (IPv6 address):

nslookup -query=AAAA google.com

Queries for the IPv6 address of google.com.

Look up an MX record (Mail Exchanger):

nslookup -query=MX google.com

Queries for the mail servers responsible for google.com.

Look up an NS record (Name Server):

nslookup -query=NS google.com

Queries for the name servers authoritative for google.com.

Look up a TXT record (Text):

nslookup -query=TXT google.com

Queries for TXT records associated with google.com (often used for SPF, DKIM).

Look up CNAME records (Canonical Name):

nslookup -query=CNAME www.google.com

Queries for any CNAME records for www.google.com.

Look up SOA records (Start of Authority):

nslookup -query=SOA google.com

Queries for the SOA record of the google.com zone.

Look up all records for a domain (wildcard query):

nslookup -query=* google.com

Attempts to retrieve all available DNS record types for google.com.

Specifying a DNS Server

Query a specific DNS server for an A record:

nslookup google.com 8.8.8.8

Queries the Google Public DNS server (8.8.8.8) for the A record of google.com.

Query a specific DNS server for an MX record:

nslookup -query=MX google.com 1.1.1.1

Queries the Cloudflare DNS server (1.1.1.1) for the MX records of google.com.

Query a specific DNS server for a PTR record (reverse DNS):

nslookup -query=PTR 8.8.8.8 1.1.1.1

Queries the Cloudflare DNS server (1.1.1.1) for the PTR record of the IP address 8.8.8.8.

Interactive Mode

Enter interactive mode:

nslookup

Starts nslookup in interactive mode, allowing multiple queries without retyping the command.

In interactive mode, set the default server:

set type=A
server 8.8.8.8

Sets the default query type to A and the default server to 8.8.8.8 for subsequent queries.

In interactive mode, set the default query type:

set type=MX

Sets the default query type to MX for subsequent queries.

In interactive mode, exit:

exit

Exits interactive mode.

Advanced Options

Set the query timeout:

nslookup -timeout=5 google.com

Sets the timeout for DNS queries to 5 seconds.

Set the number of retries:

nslookup -retry=3 google.com

Sets the number of retries for DNS queries to 3.

Set the recursion desired flag (usually default):

nslookup -debug -recurse google.com

Enables debug output and explicitly requests recursion from the DNS server.

Disable recursion:

nslookup -norecurse google.com

Disables the recursion desired flag, forcing the server to only provide information it has directly.

View debug output:

nslookup -debug google.com

Displays detailed information about the DNS query and response process.

Specify the port for the DNS query:

nslookup -port=5353 google.com

Queries DNS on port 5353 instead of the default port 53.

Common Patterns

Check if a domain is resolving correctly across different DNS servers:

nslookup google.com 8.8.8.8
nslookup google.com 1.1.1.1
nslookup google.com 9.9.9.9

Runs the same query against multiple public DNS resolvers to identify potential inconsistencies.

Perform reverse DNS lookup for an IP address:

nslookup 172.217.160.142

Performs a PTR record lookup for the given IP address to find its associated hostname.

Find mail servers for a domain:

nslookup -query=MX example.com

Identifies the mail servers responsible for handling email for example.com.

Troubleshoot DNS propagation after a record change:

nslookup www.yourdomain.com yournameserver.yourdomain.com

Queries your specific authoritative name server directly to see if the new record has propagated there.

Gotchas

  • Default Server: nslookup uses your system’s configured DNS resolver by default. If you’re troubleshooting DNS issues, explicitly specifying a public resolver like 8.8.8.8 or 1.1.1.1 can help determine if the problem is with your local resolver or the DNS records themselves.
  • Interactive Mode vs. Non-Interactive: In interactive mode, set commands persist for subsequent queries within that session. In non-interactive mode, options must be specified with each command.
  • Return Order: The order of IP addresses returned for a single hostname can vary between DNS servers and even between queries to the same server. This is normal behavior.
  • Firewall Blocking: Firewalls can block DNS queries (typically UDP port 53). If you’re not getting responses, a firewall might be the cause.
  • nslookup vs. dig: While nslookup is widely available, dig (Domain Information Groper) is often preferred by network administrators for its more detailed output and flexible querying capabilities. nslookup can sometimes truncate long responses.
  • Non-Existent Domains: For non-existent domains, nslookup will typically return an NXDOMAIN (Non-Existent Domain) status.