DNS Lookup   «Prev  Next»
Lesson 3 Finding other record types
Objective Use nslookup to read other Types of Resource Records.

Use nslookup to read other Types of Resource Records

In its simplest form, nslookup extracts the A and PTR records from the DNS database. However, it is sometimes interesting (or useful) to use the nslookup command to read the SOA, HINFO, and other record types as well. To ask nslookup to extract other kinds of records, use the set type command.
  1. Address (A) record: An A record is a type of Resource Record that specifies an IP address-to-host name mapping.
  2. Pointer (PTR) record: A PTR record is a type of Resource Record that specifies a host name-to-IP address mapping.
  3. State of Authority (SOA) record: An SOA record is a type of Resource Record that sets basic parameters for a DNS zone of authority and marks the beginning of a zone. Every zone or subzone must have exactly one SOA record and the zone continues until another SOA record is encountered.
  4. Host information (HINFO) record: An HINFO record is a type of Resource Record that gives the operating system and architecture for the specified host.

Output of the set type command 
$ nslookup
Default Server: dns.class.com
Address: 196.241.12.122

> set type=SOA
> acmetraining.com
Server: dns.class.com
Address: 196.241.12.122

acmetraining.com
    origin = ns1.portal.ca.acmetraining.com
    mail addr = hostmaster.portal.ca
    serial = 10
    refresh = 10800 (3 hours)
    retry = 3600 (1 hour)
    expire = 3600000 (41 days 16 hours)
    minimum ttl = 86400 (1 day)

acmetraining.com nameserver = ns1.portal.ca
acmetraining.com nameserver = ns2.portal.ca
acmetraining.com nameserver = ns3.portal.ca
acmetraining.com nameserver = ns4.portal.ca

ns1.portal.ca internet address = 204.174.35.18
ns2.portal.ca internet address = 204.174.95.49
ns3.portal.ca internet address = 204.174.19.17
ns4.portal.ca internet address = 204.174.35.51

  1. The set type command requests nslookup to obtain the full SOA Resource Record.
  2. The authoritative server for the acmetraining.com organization is ns1.portal.ca.acmetraining.com, and the responsible party is hostmaster.portal.ca.
  3. In this example, nslookup has also extracted NS records.
  4. In this example, nslookup has also extracted A records for the name servers.

Output of the set type Command

The output of the set type command depends on the environment in which it is executed. Here are some possible interpretations:
  1. Windows Command Prompt (CMD)
    • The set command is used to display or modify environment variables.
    • Running set type without an assignment will list all environment variables that start with "type."
    • Example: 
      C:\> set type
      If no variable named type exists, no output will be shown.
    • If you set a variable first: 
              C:\> set type=example
        C:\> set type
      Output: 
              type=example
  2. Linux/macOS (Bash, Zsh, etc.)
    • The set command is used to modify shell behavior or display shell variables.
    • If set type is run without proper syntax, it may result in an error or list all environment variables.
    • Example: 
              $ set type
      This will likely produce an error such as: 
              bash: set: type: invalid option
      Because set requires a valid option or argument.
  3. NSLookup (Windows/Linux)
    • If used within nslookup, the set type command specifies the DNS record type for queries.
    • Example: 
              nslookup
        > set type=MX
        > google.com
      Output: 
              google.com mail exchanger = 10 smtp.google.com.
      Here, set type=MX queries Mail Exchange (MX) records.
  4. SQL (Some Database Environments)
    • In certain SQL environments, SET TYPE might be used for setting specific data types, though it is not a standard SQL command.

Resource Record Types
Type Meaning
A Host Address
CNAME Canonical Name (alias)
HINFO CPU and O/S
MINFO Mailbox Info
MX Mail Exchanger
NS Authoritative name server for a domain
PTR Pointer to a domain name (link)
RP Responsible person
SOA Start of zone authority (Which part of naming hierarchy implemented)
TXT Arbitrary Text

This table outlines different DNS Resource Record Types and their meanings.

nslookup Query

Examine the output of this command. This information came in a single nslookup query. In addition to the answer to a particular question, DNS queries contain authority information explaining where the information came from, and additional information which may be helpful. In our example, the authority information is the name server records, and the additional information is their IP addresses. This information saves you from having to do an additional A record query.
  • View Example: an HINFO query using nslookup View the example below, this time with an HINFO query.
    Note the HINFO record describing the machine raphael.math.uic.edu, together with the authority records and additional information.
    System Information Record (HINFO): This record allows definition of the Hardware type and Operating System (OS) in use at a host. For security reasons these records are rarely used on public servers. If a space exists in the field it must be enclosed in quotes. 

$ nslookup
Default Server: dns.class.com
Address: 196.241.12.122
> set type=HINFO
> raphael.math.uic.edu
Server: dns.class.com 
Address: 196.241.12.122

raphael.math.uic.edu  CPU = Intel     OS = linux
math.uic.edu  nameserver = newton.math.uic.edu
math.uic.edu  nameserver = dns2.math.uic.edu
math.uic.edu  nameserver = uic-dns1.uic.edu
math.uic.edu  nameserver = uic-dns2.uic.edu
math.uic.edu  nameserver = uic-dns3.uic.edu
newton.math.uic.edu   internet address = 131.193.178.229
uic-dns1.uic.edu      internet address = 128.248.2.50
uic-dns2.uic.edu      internet address = 128.248.7.50
uic-dns3.uic.edu      internet address = 128.248.171.50

The following section contains additional exploration of nslookup.

Using nslookup

If you have use of a UNIX system, try extracting other types of information from the DNS database using nslookup.
  1. Extract the SOA records for your own company’s network, and any other domains you find interesting. Can you tell who provides Internet services for your company?
    (Hint: sometimes, DNS service is supplied by the ISP, whose name appears in the name servers.)
  2. Does your company include HINFO records in DNS?
  3. To obtain NS records, use set type=NS in nslookup. Find the addresses of name servers for your company or any other large corporation.

  • About nslookup
    Query internet name servers interactively.
    Syntax 
    nslookup [-option] [name | -] [server]

Difference between 1) interactive and 2) non-interactive modes of the nslookup program

The nslookup program is a network administration tool used to query the Domain Name System (DNS) to obtain domain name or IP address mapping information. It can operate in two distinct modes: **interactive** and **non-interactive**. Here's the difference between the two:
  1. Interactive Mode
    • How it works: In interactive mode, you launch nslookup without specifying a query. It opens a command-line interface where you can enter multiple commands and queries sequentially.
    • Usage: You start interactive mode by simply typing nslookup in the terminal and pressing Enter.
    • Features:
      • You can perform multiple DNS queries without exiting the program.
      • You can change settings (e.g., DNS server, query type) during the session.
      • Useful for troubleshooting or performing multiple DNS lookups in a single session.
    • Example: 
              $ nslookup
        > google.com
        > set type=MX
        > yahoo.com
        > exit
  2. Non-Interactive Mode
    • How it works: In non-interactive mode, you provide the domain name or IP address directly as an argument when running nslookup. The program performs the query and immediately returns the result, then exits.
    • Usage: You specify the query directly in the command line.
    • Features:
      • Quick and convenient for single queries.
      • No need to interact with the program after the query is executed.
    • Example: 
              $ nslookup google.com

Key Differences:
Feature Interactive Mode Non-Interactive Mode
Command Input Enter commands after launching Provide query directly in command
Session Persistent session Single query, then exits
Use Case Multiple queries or troubleshooting Quick, one-off lookups
Flexibility Can change settings mid-session Settings must be specified upfront

When to Use Each:
  • Use interactive mode if you need to perform multiple queries or troubleshoot DNS issues.
  • Use non-interactive mode for quick, one-time lookups.

Both modes are useful depending on your needs, and understanding the difference helps you use `nslookup` more effectively.

More on the nslookup Program

Description
nslookup is a program used to query Internet domain name servers. nslookup has two modes:
  1. interactive and
  2. non-interactive.

Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non-interactive mode is used to print just the name and requested information for a host or domain.
Arguments for the modes
Interactive mode is entered in the following cases:
  1. when no arguments are given (the default name server will be used)
  2. when the first argument is a hyphen ("-") and the second argument is the host name or Internet address of a name server.

Non-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.
Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type: 
nslookup -query=hinfo -timeout=10

SEMrush Software 3 SEMrush Banner 3