Nslookup Command in Linux with Examples

Nslookup Command in Linux

In the realm of network administration and system engineering, the nslookup command in Linux stands as a powerful tool. This command-line utility, used for querying the Domain Name System (DNS), is instrumental in obtaining domain name or IP address mapping, along with other DNS records. The nslookup command is a cornerstone for maintaining network connectivity and troubleshooting network issues, making it an indispensable tool for professionals in the field.

Understanding nslookup

The term nslookup is an abbreviation for “Name Server Lookup”. This command-line tool is primarily used to query the DNS server. Its main function is to fetch the IP address associated with a domain name, a process known as a forward DNS lookup. Conversely, it can also retrieve the domain name associated with an IP address, known as a reverse DNS lookup.

The nslookup command operates in two modes: interactive and non-interactive. The interactive mode allows users to issue different commands to query DNS servers without having to type the entire nslookup command each time. On the other hand, the non-interactive mode requires users to specify all of the options in a single command.

Provide commands to install nslookup on common Linux distributions:

  • Debian/Ubuntu
sudo apt update
sudo apt install dnsutils
  • RHEL/CentOS
sudo yum update 
sudo yum install bind-utils
  • Arch Linux
sudo pacman -Syu
sudo pacman -S dnsutils

The general syntax of the nslookup command is as follows:

nslookup [option] [host]

Options of nslookup

The nslookup command offers a variety of options that allow users to tailor their queries and extract more detailed information. Some of the most commonly used options include:

  • -type=ns: This option is used to fetch an NS (Name Server) record, which maps a domain name to a list of DNS servers.
  • -type=ptr: This option is used for reverse DNS lookups. It retrieves the Pointer (PTR) records, which map IP addresses to domain names.
  • -type=soa: This option is used to fetch an SOA (Start of Authority) record, which provides authoritative information about the domain.
  • -debug: This option enables the display of debugging information, which can be useful for troubleshooting DNS-related problems.

Using nslookup in Practice

Performing a Basic DNS Lookup

To perform a basic DNS lookup, you simply use the nslookup command followed by the domain name. For example:


This command will display the “A Record” (IP Address) of the domain.

Performing a Reverse DNS Lookup

A reverse DNS lookup can be performed by providing the IP address as the argument to the nslookup command. For example:


This command will return the domain name associated with the given IP address.

Querying Specific DNS Record Types

You can query specific types of DNS records using the -type option followed by the type of record you want to query. For example, to query the NS records for a domain, you would use the following command:

nslookup -type=ns

This command will return a list of DNS servers associated with the given domain.

Using nslookup in Interactive Mode

To use nslookup in interactive mode, you simply type nslookup at the command prompt and then enter the names or IP addresses you want to search for. For example:


This will return the same information as the non-interactive mode, but allows you to issue multiple queries without having to type the nslookup command each time.

Advanced nslookup Techniques

Enabling Debugging Mode

If you need more detailed information about the DNS lookup process, you can enable debugging mode using the -debug option. For example:

nslookup -debug

This command will display detailed debugging information for the DNS lookup process, including the queries and responses between the client and the server.

Logging the Output to a File

If you need to save the output of an nslookup command for further analysis, you can redirect the output to a file using the > operator. For example:

nslookup > output.txt

This command will save the output of the nslookup command to a file named output.txt.

Comparison with Other Tools

While nslookup is a powerful tool for querying DNS servers, there are other similar tools available, such as dig and host. These tools can provide the same functions as nslookup and are sometimes preferred by industry professionals.

Troubleshooting with nslookup

Nslookup is a valuable tool for troubleshooting DNS-related problems. For example, if a website is not loading, you can use nslookup to check if the domain name is correctly resolving to the expected IP address. If it’s not, this could indicate a problem with the DNS server.

Here’s an example of how you might use nslookup to troubleshoot a problem:


If the IP address returned by this command is not the expected one, this could indicate a problem with the DNS server.

Security Considerations with nslookup

In addition to its troubleshooting capabilities, nslookup can also be used to improve DNS security. For example, it can be used to detect DNS spoofing, where threat actors create fake DNS entries to redirect users to malicious websites. By comparing the IP address returned by nslookup with the expected IP address, you can detect potential DNS spoofing attacks.

Nslookup can also help prevent DNS cache poisoning, a type of attack where fraudulent data is placed in the DNS cache, causing users to be redirected to malicious websites. By using nslookup to regularly check the DNS records for a domain, you can detect and respond to potential DNS cache poisoning attacks.


The nslookup command in Linux is a versatile and powerful tool for network administration and troubleshooting. Whether you’re diagnosing connectivity issues, testing DNS server performance, or improving DNS security, nslookup provides valuable insights and capabilities. By understanding and practicing with nslookup, you can enhance your skills in network administration and troubleshooting.


r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button