What is nslookup?

Nslookup is the name of a program that lets users enter a host name and find out the corresponding IP address or domain name system (DNS) record. Users can also enter a command in nslookup to do a reverse DNS lookup and find the host name for a specified IP address.

Uses for nslookup

Network administrators use nslookup to troubleshoot server connections or for security reasons. For example, network pros might use nslookup to guard against phishing attacks, in which attackers alter domain names. An attacker might substitute the numeral 1 for a lowercase l to make an unfriendly site look friendly and familiar, e.g., vs. Network admins use nslookup to troubleshoot such attacks.

DNS, or nslookup, also helps deter cache poisoning, in which attackers distribute data to caching resolvers that pose as authoritative origin servers.

Examples of nslookup commands

Popular nslookup commands include the following:

  • /name -- queries the current name server for the specified name.
  • /server name -- sets the current name server to the server the user specifies.
  • /root -- sets the root server as the current server.
  • /set type=x -- specifies the type of records to be displayed, such as A, CNAME, MX, NS, PTR or SOA. Specify ANY to display all records.
  • /set debug -- turns on debug mode, which displays detailed information about each query.
  • /set recurse -- tells the DNS name server to query other servers if it does not have the information.
  • /exit -- exits nslookup and returns the user to a command prompt.

Nslookup has two modes: interactive and noninteractive. To look up only a single piece of data, use noninteractive mode. To look up more than one piece of data, use interactive mode.

Nslookup sends a domain name query packet to a designated -- or defaulted -- DNS server. Based on the system used, the default could be the local DNS server at the service provider, some intermediate name server or the root server system for the entire DNS hierarchy.

DNS lookup with Linux

Some Unix-based operating systems include nslookup, but Linux and other versions of nslookup can locate other information associated with the host name or IP address, such as associated mail services. For example, the ping command is a more limited alternative to nslookup.

Public vs. private DNS

DNS records can be public or private. In the past, DNS helped users find things on the internet. Websites needed IP addresses and corresponding DNS records in public view for users to locate them.

However, organizations realized that they didn't want users outside the company to know internal processes. Organizations began using private DNS servers to store IP addresses for internal file servers, domain controllers, database servers, mail servers and application servers.

Editor's note: This article was reformatted to improve the reader experience.

This was last updated in April 2023

Continue Reading About nslookup

Dig Deeper on Network security

Unified Communications
Mobile Computing
Data Center