nslookup is a core DNS troubleshooting utility for translating domain names to IP addresses and back. It also queries mail server records and inspects delegation paths so you can see what DNS servers publish.
This guide shows you how to run forward and reverse lookups, request specific record types, and switch DNS servers. You also enable debug output, chain queries, and compare answers between resolvers. Interactive mode speeds up repeated testing so you can move quickly through troubleshooting. Pair this with grep for filtering DNS output and nmap for network discovery. Add tail to monitor DNS logs. That mix builds comprehensive network diagnostic workflows.
Install or Verify nslookup Availability
Most Linux distributions ship nslookup inside the bind-utils package on RHEL-based systems or dnsutils on Debian-based systems. Minimal server images and containers sometimes omit DNS tools to save space. Arch-based distributions and Void Linux bundle nslookup with the full bind package. Installing it also provides the client utilities. Verify availability first, then add the package your distribution uses.
Verify nslookup Availability
Run this check to confirm nslookup is available:
command -v nslookup || echo "nslookup not found"If you see a path like /usr/bin/nslookup, the tool is ready. Otherwise, proceed with installation for your distribution.
Ubuntu and Debian-Based Distributions
sudo apt install dnsutils -yFedora, RHEL, Rocky Linux, and AlmaLinux
sudo dnf install bind-utils -yArch Linux and Manjaro
sudo pacman -S bindopenSUSE
sudo zypper install bind-utilsAlpine Linux
sudo apk add bind-toolsGentoo
sudo emerge --ask net-dns/bind-toolsVoid Linux
sudo xbps-install -S bindUnderstand the nslookup Command
If you are new to nslookup, think of it as a direct line to DNS servers. You ask a question about a domain, and it returns the answer from the authoritative source or your configured resolver. nslookup runs locally so you control which DNS server answers each query. The tool also reveals low-level record data that web utilities often hide.
Basic Command Structure
The fundamental form of the nslookup command is:
nslookup [option] [hostname] [server]- [option]: Optional flag that refines the query, such as
-type=mxor-debug. - [hostname]: Domain name or IP address you want to query. Examples:
example.com,93.184.216.34,subdomain.example.org. - [server]: Optional DNS server IP that replaces your default resolver. Examples:
8.8.8.8(Google DNS),1.1.1.1(Cloudflare DNS).
Simple Example
Run nslookup linuxcapable.com to query your default DNS server and return the IPv4 address. The output lists the DNS server that answered, typically your system’s configured resolver. It also shows the domain you queried and the resolved IP. That is usually all you need to confirm a domain resolves.
Quick Reference Table
This table organizes nslookup options by task instead of alphabetically. Use it to quickly find the right flag for your scenario:
| Task | Options | What They Do |
|---|---|---|
| Basic Lookups | nslookup domain, nslookup IP | Forward lookup (domain -> IP) or reverse lookup (IP -> domain) |
| Query Specific Records | -type=a, -type=aaaa, -type=mx, -type=ns, -type=txt, -type=soa, -type=cname | Retrieve A (IPv4), AAAA (IPv6), mail servers, name servers, TXT records, SOA details, or CNAME aliases |
| Use Alternate DNS Server | nslookup domain 8.8.8.8 | Query Google DNS, Cloudflare DNS, or any specific resolver instead of your default |
| Debugging & Verbose Output | -debug | Show detailed query/response information, packet details, and resolution process |
| Interactive Mode | nslookup (no arguments) | Enter interactive session for multiple queries without re-typing the command |
| Timeout Control | -timeout=N | Set query timeout in seconds (N) before aborting if no response |
Common and Practical nslookup Command Examples
These 15 examples cover frequent and specialized nslookup tasks. Each entry includes a short description, the command, and what you can expect from the output.
Example 1: Run a Basic Domain Name Query
Use a basic nslookup query whenever you need to confirm a domain resolves and see its IP address. It delivers an answer within seconds, making it the first DNS troubleshooting step. If the domain fails here, the issue lies with DNS records, network connectivity, or the domain itself.
nslookup example.comThis query shows the A record of example.com, which includes its IPv4 address. The output lists the DNS server that answered, usually your configured resolver. It also shows the queried domain and the IP address it resolves to. If the domain has multiple A records (common for load balancing), nslookup returns all of them.
Example 2: Query a Specific DNS Server
When you troubleshoot DNS propagation or compare resolvers, bypass your default DNS server and query a specific one directly. This approach helps when you suspect cached ISP data or want to compare authoritative answers with public resolvers.
nslookup example.com 8.8.8.8This command queries example.com using Google’s DNS server at 8.8.8.8. Compare that answer with your local resolver to see if caches differ. Different answers highlight propagation delays or stale caches. Common alternate DNS servers include 1.1.1.1 (Cloudflare), 9.9.9.9 (Quad9), and 8.8.4.4 (Google’s secondary).
Example 3: Query Mail Exchange (MX) Records
Before configuring a mail server or troubleshooting delivery, identify which hosts accept mail for the domain. MX records list those servers with priority values that control delivery order when multiple hosts exist.
nslookup -type=mx example.comThe command lists the mail exchangers for example.com sorted by priority. Lower numbers indicate preferred servers, and mail delivery falls back to higher numbers when needed. Review this output to verify routing changes, diagnose delivery failures, or confirm DNS updates.
Example 4: Perform a Reverse DNS Lookup
Reverse DNS reveals the domain name tied to an IP address. Use it when reading server logs that show only IP addresses or when tracking spam sources. Mail servers often require forward and reverse DNS to match, so check both directions. It also helps identify the IP owner during security investigations.
nslookup 93.184.216.34This command returns the PTR record for 93.184.216.34 and shows the linked domain. If no PTR record exists, nslookup reports the failure. Many residential or cloud IP ranges lack reverse entries, which leads some mail servers to reject outgoing mail.
Example 5: Query Name Server (NS) Records
Query NS records to learn which DNS servers are authoritative for a domain. Do this when migrating DNS hosting, troubleshooting delegation, or verifying that nameserver changes propagated. It is also the first step when a domain will not resolve because unreachable name servers block responses.
nslookup -type=ns example.comThis command displays the NS records for example.com and shows each authoritative server. Domains usually publish multiple name servers for redundancy. Review the list to confirm registrar changes propagated and delegation works globally.
Example 6: Query Specific DNS Record Types
DNS stores many record types beyond simple A records, and each one reveals different data. Use TXT lookups to read SPF and DKIM data. Run AAAA lookups to confirm IPv6 readiness. SOA lookups show zone administration details, CNAME lookups trace aliases, and MX lookups list mail routes. Matching each record type to the task saves time when troubleshooting email authentication, CDN settings, or IPv6 connectivity.
| Record Type | Command | When to Use It |
|---|---|---|
| CNAME | nslookup -type=cname subdomain.example.com | Reveal whether a hostname is an alias that points to another canonical name |
| TXT | nslookup -type=txt example.com | Read SPF/DKIM policies, ownership verification strings, and API validation tokens |
| AAAA | nslookup -type=aaaa example.com | Verify IPv6 addresses for dual-stack services |
| SOA | nslookup -type=soa example.com | Inspect zone serial numbers, refresh timers, and authoritative contacts |
| MX | nslookup -type=mx example.com | List mail exchangers and confirm delivery priorities |
Paste any of these commands into your terminal and swap in real hostnames. If a record type does not exist, nslookup reports no answer. Move to the next relevant type until you capture the information you need.
Example 7: Run an Advanced Query with Debug Information
Use debug mode when a DNS query fails or returns unexpected data. It shows the query sent, the response received, packet details, and intermediate steps. That deeper view helps diagnose DNSSEC validation failures, incorrect TTL values, and mismatched resolver behavior.
nslookup -debug example.comThis provides verbose output, including the query sent, the response received, and additional details about the DNS resolution process. Debug mode shows packet sizes, flags, authoritative vs. non-authoritative answers, and TTL values, which helps identify caching issues or misconfigurations that basic queries hide.
Example 8: Query IPv6 Address (AAAA Record)
As IPv6 adoption grows, many services publish both A and AAAA records. Query AAAA records when troubleshooting IPv6 connectivity, verifying dual-stack deployments, or confirming that new IPv6 DNS entries exist. This shows whether the domain actually supports IPv6.
nslookup -type=aaaa example.comThe command displays any IPv6 addresses linked to example.com, which is vital wherever IPv6 runs. If no AAAA record exists, nslookup reports the absence, meaning the domain is IPv4-only. Some domains publish both A and AAAA records, and most clients prefer IPv6 when it exists.
Example 9: Set Query Timeout
When you query slow or unreliable DNS servers, set a timeout so nslookup does not hang indefinitely. Timeouts help when testing distant servers, dealing with latency, or scripting predictable behavior. Automation benefits from shorter timeouts because the default can be lengthy.
nslookup -timeout=10 example.comThis example sets a 10-second timeout, after which nslookup aborts without a response. Use 5-15 seconds for manual work or 1-3 seconds for automation that needs fast failure detection. Responses that arrive after the timeout are discarded, so adjust the value carefully.
Example 10: Use nslookup in Interactive Mode
Interactive mode speeds up repetitive DNS testing. Use it to run several queries, compare record types, or test multiple DNS servers without retyping commands. Once inside interactive mode, you can change settings or switch servers with minimal keystrokes.
nslookupThis command launches interactive mode and presents a prompt for repeated queries. Type example.com to query A records, then use set type=mx before running the domain again for MX data. Switch resolvers with server 8.8.8.8 or other addresses as needed. Enter exit to leave interactive mode when finished.
Example 11: Check SOA Records
The Start of Authority (SOA) record lists the primary nameserver, admin contact, zone serial, and timing values. Check it when troubleshooting why secondary nameservers have not picked up zone changes or when verifying zone transfers.
nslookup -type=soa example.comThe command outputs the SOA record for example.com with the primary server, contact email, serial, and timers. Pay special attention to the serial number because it increments with each zone update. If the serial stays static after a change, the zone file did not reload correctly.
Example 12: Query TXT Records
TXT records store far more than simple text notes. They hold SPF entries that authorize mail servers and DKIM keys for email authentication. You also find verification strings for services like Google Workspace or Microsoft 365. DMARC and DKIM data often live on dedicated subdomains such as _dmarc.example.com or selector._domainkey.example.com, so query those hostnames directly. TXT lookups are usually the first step when troubleshooting email deliverability or setting up third-party services.
nslookup -type=txt example.comThis command returns TXT records stored at the apex of example.com. They typically include SPF entries (starting with v=spf1) and verification strings. TXT values can span multiple quoted strings, so you may need to combine them manually.
Query DMARC or DKIM entries directly when you need those values:
nslookup -type=txt _dmarc.example.comnslookup -type=txt selector._domainkey.example.comExample 13: Find All Records Associated with a Domain
Query all record types when you need a complete snapshot of a domain’s DNS configuration. It helps during initial setups, migration planning, or security audits. Capturing everything in a single query is especially useful before moving DNS hosting.
nslookup -type=any example.comThe command returns A, AAAA, MX, NS, TXT, SOA, and any other record types configured for example.com. Some DNS servers limit -type=any responses, so you may not see every record. Query specific record types when you need guaranteed results.
Example 14: Run Non-Interactive Multiple Queries
Chain nslookup commands with semicolons when you need to run multiple DNS queries inside a script or automation workflow. This keeps everything non-interactive yet sequential, so you avoid launching interactive mode. It is faster than writing loops and produces predictable output that scripts can parse.
nslookup -type=mx example.com; nslookup -type=ns example.comThis command first fetches MX records and then immediately queries NS records for example.com. Each query runs independently and prints its own results. Use this pattern for simple automation or quick manual comparisons without interactive mode.
Example 15: Inspect Certificate Authority Authorization (CAA) Records
CAA records control which certificate authorities may issue TLS certificates for your domain. Checking them blocks rogue issuances, validates automation platforms such as Let’s Encrypt, and confirms security policies after transfers.
nslookup -type=caa example.comThe command lists each authorized CA plus options such as issuewild or contact email fields. If no records exist, any CA may issue certificates, so add explicit entries to tighten control.
Conclusion
nslookup provides essential DNS troubleshooting capabilities ranging from domain-to-IP resolution to reverse lookups and targeted record queries. You can request MX, NS, TXT, SOA, CNAME, and other records with clear syntax. Combine -type=, alternate DNS servers, debug mode, and interactive sessions to compare results quickly. These features help you diagnose email delivery failures, verify propagation, inspect zone details, and validate IPv6 configurations without external tools.