The nslookup command is used to query internet name servers interactively for information.
nslookup, which stands for “name server lookup”, is a useful tool for finding out information about a named domain.
By default, nslookup will translate a domain name to an IP address (or vice versa). For instance, to find out what the IP address of microsoft.com is, you could run the command:
…and you would receive a response like this:
Server: 18.104.22.168 Address: 22.214.171.124#53 Non-authoritative answer: Name: microsoft.com Address: 126.96.36.199 Name: microsoft.com Address: 188.8.131.52
Here, 184.108.40.206 is the address of our system’s Domain Name Server. This is the server our system is configured to use to translate domain names into IP addresses. “#53” indicates that we are communicating with it on port 53, which is the standard port number domain name servers use to accept queries.
Below this, we have our lookup information for microsoft.com. Our name server returned two entries, 220.127.116.11 and 18.104.22.168. This indicates thatmicrosoft.com uses a round robin setup to distribute server load. When you accessmicrsoft.com, you may be directed to either of these servers and your packets will berouted to the correct destination.
You can see that we have received a “Non-authoritative answer” to our query. An answer is “authoritative” only if our DNS has the complete zone file information for the domain in question. More often, our DNS will have a cache of information representing the last authoritative answer it received when it made a similar query; this information is passed on to you, but the server qualifies it as “non-authoritative”: the information was recently received from an authoritative source, but the DNS server is not itself that authority.
Reverse DNS Lookups
We can also perform the above operation in reverse by providing the IP address rather than the domain name. For instance, the command:
…will return information resembling the following:
Server: 22.214.171.124 Address: 126.96.36.199#53 Non-authoritative answer: 188.8.131.52.in-addr.arpa name = grv.microsoft.com.