About nslookup


The nslookup command is used to query internet name servers interactively for information.

nslookup, which stands for “name server lookup”, is a useful tool for finding out information about a named domain.

By default, nslookup will translate a domain name to an IP address (or vice versa). For instance, to find out what the IP address of microsoft.com is, you could run the command:

nslookup microsoft.com

…and you would receive a response like this:

Server:     8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
Name:    microsoft.com
Address: 134.170.185.46
Name:    microsoft.com
Address: 134.170.188.221

Here, 8.8.8.8 is the address of our system’s Domain Name Server. This is the server our system is configured to use to translate domain names into IP addresses. “#53” indicates that we are communicating with it on port 53, which is the standard port number domain name servers use to accept queries.

Below this, we have our lookup information for microsoft.com. Our name server returned two entries, 134.170.185.46 and 134.170.188.221. This indicates thatmicrosoft.com uses a round robin setup to distribute server load. When you accessmicrsoft.com, you may be directed to either of these servers and your packets will berouted to the correct destination.

You can see that we have received a “Non-authoritative answer” to our query. An answer is “authoritative” only if our DNS has the complete zone file information for the domain in question. More often, our DNS will have a cache of information representing the last authoritative answer it received when it made a similar query; this information is passed on to you, but the server qualifies it as “non-authoritative”: the information was recently received from an authoritative source, but the DNS server is not itself that authority.

Reverse DNS Lookups

We can also perform the above operation in reverse by providing the IP address rather than the domain name. For instance, the command:

nslookup 134.170.185.46

…will return information resembling the following:

Server:     8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
46.185.170.134.in-addr.arpa    name = grv.microsoft.com.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s