Using nslookup
If you have use of a UNIX system, try extracting other types of information from the DNS database using
nslookup
.
- Extract the SOA records for your own company’s network, and any other domains you find interesting.
Can you tell who provides Internet services for your company?
(Hint: sometimes, DNS service is supplied by the ISP, whose name appears in the name servers.)
- Does your company include HINFO records in DNS?
- To obtain NS records, use
set type=NS
in nslookup
. Find the addresses of name servers for your company or any other large corporation.
About nslookup
Query internet name servers interactively.
Syntax
nslookup [-option] [name | -] [server]
Difference between interactive and non-interactive modes of the nslookup Program
The nslookup command-line utility offers two distinct modes of operation:
non-interactive mode and interactive mode. Each mode is utilized differently and serves particular scenarios.
Non-interactive Mode
Non-interactive mode is the default way of using nslookup. In this mode, the utility executes a single command and then returns to the operating system's command prompt. This mode is best suited for performing a single DNS lookup. The syntax is straightforward:
nslookup [option] [hostname] [server]
In this command:
- [option] is an optional parameter you can use to specify the type of DNS record you are looking for. For example, you can use -query=mx to search for mail servers.
- [hostname] is the domain name or IP address you want to look up.
- [server] is an optional parameter representing the DNS server to use for the lookup. If it's not specified, nslookup uses the default DNS server configured for your system.
For example, to find the IP address for www.example.com, you would use:
nslookup www.example.com
Interactive Mode
In interactive mode, nslookup stays open for multiple queries until you manually exit the utility. This mode is particularly useful when you need to perform several related DNS lookups in a session. You initiate interactive mode by simply typing nslookup without any parameters and pressing enter:
nslookup
Once in interactive mode, you can issue multiple commands, one per line. Each command can be for a different hostname, DNS record type, or even a different DNS server. Here are some examples:
- To look up an IP address, just type the hostname:
> www.example.com
- To change the DNS server for your queries, use the server command:
> server 8.8.8.8
- To change the type of DNS record to query, use the set command:
> set type=mx
- To exit interactive mode and return to your operating system's command prompt, type exit:
> exit
In summary, non-interactive mode is suited for single, quick DNS lookups while interactive mode is designed for multiple or complex queries, where you might need to adjust the type of DNS record or the DNS server being queried.
Description
nslookup is a program used to query Internet domain name servers. nslookup has two modes:
- interactive and
- non-interactive.
Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain.
Non-interactive mode is used to print just the name and requested information for a host or domain.
Arguments
Interactive mode is entered in the following cases:
- when no arguments are given (the default name server will be used)
- when the first argument is a hyphen ("-") and the second argument is the host name or Internet address of a name server.
Non-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.
Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type:
nslookup -query=hinfo -timeout=10