Skip to main content

Nslookup

This section will cover some ways to use Nslookup.

Table of Contents
  • Overview
  • Querying Records
    • A Records
    • PTR Records
    • ANY Existing Records
    • TXT Records
    • MX Records
  • Retrieving Records
    • NS Records

Overview

Nslookup can be used to gather information on a domain.

We can use the -query flag to specify the resource that we want to query. Below are some examples of it.

Querying Records

There are many records that we can query. This section will cover the following:

  • A Records
  • PTR Records
  • ANY Records
  • TXT Records
  • MX Records

A Records

To query A records, we can simply just input the domain name. Optionally, we can use the -query=A switch as well.

nslookup google.com

Using the -query=A switch:

nslookup -query=A google.com

Command breakdown:

  • -query=A - Specify to query for A records.
  • google.com - Specify the domain name to query.

nslookup1.png

PTR Records

We can query pointer (PTR) records to get the domain name if we have a valid IP address. A PTR record is a mapping between an IP address and a hostname.

nslookup -query=PTR 9.9.9.9

Command breakdown:

  • -query=PTR - Specify to query for PTR records.
  • 9.9.9.9 - Specify the IP address to query.

nslookup2.png

ANY Existing Records

Using the ANY query will query all existing records. In RFC8482, it specified that ANY DNS requests be abolished. Therefore, we may not receive a response to our request from the DNS server.

nslookup -query=ANY google.com

Command breakdown:

  • -query=ANY - Specify to query for ANY records.
  • google.com - Specify the domain to query.

nslookup3.png

TXT Records

TXT records are used to store text notes on a DNS server.

nslookup -query=TXT google.com

Command breakdown:

  • -query=TXT - Specify to query TXT records.
  • google.com - Specify the domain to query.

nslookup4.png

MX Records

Mail Exchange (MX) records directs email to a mail server that is responsible for accepting emails on behalf of a domain. There can be multiple records with different priority levels.

nslookup -query=MX google.com

Command breakdown:

  • -query=MX - Specify to query MX records.
  • google.com - Specify the domain to query.

nslookup5.png

AXFR Records

We can perform a zone transfer using AXFR.

nslookup -query=AXFR

Retrieving Records

We can retrieve records using the -type= switch.

NS Records

We can find the name servers of a server by using -type=NS.

nslookup -type=NS google.com