Introduction

 

SYNOPSIS

nslookup [-option] [name | -] [server]

DESCRIPTION

Nslookup is a program to query Internet domain name servers.  Nslookup has two modes: interactive and non-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non-interactive mode is used to print just the name and requested information for a host or domain.

Interactive mode or Non-interactive mode

 

Interactive mode is entered in the following cases:

       1.  when no arguments are given (the default name server will be used)

2.  when the first argument is a hyphen (-) and the second argument is the host name or Internet address of a name server.

Non-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.

Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type:

nslookup -query=hinfo  -timeout=10

Option

In the interactive mode, you use set keyword to set the option

set keyword[=value]

This command is used to change state information that affects the

lookups. Valid keywords are:

all

Prints the current values of the frequently used options to

set. Information about the current default server and host

is also printed.

class=value

Change the query class to one of:

IN

the Internet class

CH

the Chaos class

HS

                           the Hesiod class

ANY

wildcard

The class specifies the protocol group of the

information.

(Default = IN; abbreviation = cl)

[no]debug

Turn on or off the display of the full response packet and

any intermediate response packets when searching.

(Default = nodebug; abbreviation = [no]deb)

[no]d2

Turn debugging mode on or off. This displays more about

what nslookup is doing.

(Default = nod2)

domain=name

                   Sets the search list to name.

[no]search

If the lookup request contains at least one period but

doesn’t end with a trailing period, append the domain names

in the domain search list to the request until an answer is

received.

(Default = search)

port=value

Change the default TCP/UDP name server port to value.

(Default = 53; abbreviation = po)

querytype=value

type=value

Change the type of the information query.  E.g. MX, SOA, for more check here: http://frankfu.click/microsoft/windows-2012/dns-server/

The MX record can reveal if you are using google business mail or self-hosted mail server.

[no]recurse

Tell the name server to query other servers if it does not

have the information.

(Default = recurse; abbreviation = [no]rec)

retry=number

Set the number of retries to number.

timeout=number

Change the initial timeout interval for waiting for a reply

to number seconds.

[no]vc

Always use a virtual circuit when sending requests to the

server.

(Default = novc)

[no]fail

Try the next nameserver if a nameserver responds with

SERVFAIL or a referral (nofail) or terminate query (fail)

:

In the interactive mode, you use set keyword to set the option:

eg. you want to query mx record:

set type=mx

In the non-interactive mode:

nslookup -type=mx google.com >> nslookup_result.txt