Nslookup: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(19 intermediate revisions by the same user not shown)
Line 1: Line 1:
=External=
* https://linux.die.net/man/1/nslookup
=Internal=
=Internal=


Line 4: Line 6:


=Overview=
=Overview=
If nslookup is able to resolve the name, exits with 0, otherwise exits with 1.
{{Warn|nslookup was found not work correctly on some busybox versions.}}
=Installation=
==With yum==
yum install bind-utils
==With apt==
apt-get update
apt-get install dnsutils


=Non-Interactive Mode=
=Non-Interactive Mode=
Line 9: Line 26:
Getting the IP address for a name:
Getting the IP address for a name:


<pre>
<syntaxhighlight lang='text>
nslookup www.cnn.com
nslookup www.cnn.com
Server: 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Address: 8.8.8.8#53
Line 24: Line 41:
Name: turner.map.fastly.net
Name: turner.map.fastly.net
Address: 151.101.128.73
Address: 151.101.128.73
</pre>
</syntaxhighlight>
 
==Debug Mode==
 
To display protocol exchanges:
 
<syntaxhighlight lang='bash'>
nslookup -debug google.com
</syntaxhighlight>


Getting more information for a name:
==Query Option==


<pre>
Getting more information for a name <code>-query</code> followed by a qualifier can be used. The qualifiers can be any DNS zone file element names (mx, a, txt, etc).:
 
* <code>a</code>  a computer's IP address.
* <code>any</code>
* <code>cname</code>
* <code>ns</code> authoritative name server.
* <code>hinfo</code> a computer's CPU and type of operating system.
* <code>mx</code> mail exchanger.
* <code>soa</code> Start of Authority, technical information about the domain.
 
<syntaxhighlight lang='text>
nslookup -query=hinfo www.cnn.com
nslookup -query=hinfo www.cnn.com
Server: 8.8.8.8
Server: 8.8.8.8
Line 45: Line 80:
expire = 604800
expire = 604800
minimum = 30
minimum = 30
</pre>
</syntaxhighlight>


Getting the Mail Exhanger (MX) for a domain:
Getting the Mail Exchanger (MX) for a domain:


<pre>
<syntaxhighlight lang='text>
nslookup -query=mx novaordis.com
nslookup -query=mx novaordis.com
Server: 8.8.8.8
Server: 8.8.8.8
Line 60: Line 95:
novaordis.com mail exchanger = 10 aspmx2.googlemail.com.
novaordis.com mail exchanger = 10 aspmx2.googlemail.com.
novaordis.com mail exchanger = 10 aspmx3.googlemail.com.
novaordis.com mail exchanger = 10 aspmx3.googlemail.com.
</pre>
</syntaxhighlight>
 
=Obtain the Authoritative Answer=
 
I was not able to find a way to configure nslookup to not return non-authoritative answers. The most reliable method to drop the non-authoritative answers seems to grep for NXDOMAIN.


In general, -query can be followed by any DNS zone file element names (mx, a, txt, etc).
However, if nslookup cannot resolve the name, it returns 1, otherwise returns 0.

Latest revision as of 05:04, 19 March 2020

External

Internal

Overview

If nslookup is able to resolve the name, exits with 0, otherwise exits with 1.


nslookup was found not work correctly on some busybox versions.

Installation

With yum

yum install bind-utils

With apt

apt-get update
apt-get install dnsutils

Non-Interactive Mode

Getting the IP address for a name:

nslookup www.cnn.com
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
www.cnn.com	canonical name = turner.map.fastly.net.
Name:	turner.map.fastly.net
Address: 151.101.0.73
Name:	turner.map.fastly.net
Address: 151.101.192.73
Name:	turner.map.fastly.net
Address: 151.101.64.73
Name:	turner.map.fastly.net
Address: 151.101.128.73

Debug Mode

To display protocol exchanges:

nslookup -debug google.com

Query Option

Getting more information for a name -query followed by a qualifier can be used. The qualifiers can be any DNS zone file element names (mx, a, txt, etc).:

  • a a computer's IP address.
  • any
  • cname
  • ns authoritative name server.
  • hinfo a computer's CPU and type of operating system.
  • mx mail exchanger.
  • soa Start of Authority, technical information about the domain.
nslookup -query=hinfo www.cnn.com
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
www.cnn.com	canonical name = turner.map.fastly.net.

Authoritative answers can be found from:
fastly.net
	origin = ns1.fastly.net
	mail addr = hostmaster.fastly.com
	serial = 2016110301
	refresh = 3600
	retry = 600
	expire = 604800
	minimum = 30

Getting the Mail Exchanger (MX) for a domain:

nslookup -query=mx novaordis.com
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
novaordis.com	mail exchanger = 5 alt1.aspmx.l.google.com.
novaordis.com	mail exchanger = 5 alt2.aspmx.l.google.com.
novaordis.com	mail exchanger = 0 aspmx.l.google.com.
novaordis.com	mail exchanger = 10 aspmx2.googlemail.com.
novaordis.com	mail exchanger = 10 aspmx3.googlemail.com.

Obtain the Authoritative Answer

I was not able to find a way to configure nslookup to not return non-authoritative answers. The most reliable method to drop the non-authoritative answers seems to grep for NXDOMAIN.

However, if nslookup cannot resolve the name, it returns 1, otherwise returns 0.