Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.
In this post, we explain what the nslookup command does, how to use it, and when you might want to use a different tool for retrieving DNS data.
TL;DR: What You Need to Know About the nslookup Command
The nslookup command is a command-line tool used to query DNS name servers for resource records. It stands for “name server lookup”, and it works on Windows, macOS, and Linux, as well as some other operating systems.
It’s one of the basic tools for anyone working with networks or web development, as it retrieves DNS records such as mapping information between domain names and IP addresses, helping them troubleshoot DNS issues or verify mail servers.
Although it’s often considered deprecated (which is no longer true) or, at the very least, outdated in favor of the dig command, many people still use it for quick and simple checks. It has some notable limitations though, where it may be better to use other tools.
| Limitations | Workaround |
Inconsistent output formatting, which prevents using nslookup for automation | Use the dig command for more consistent and script-friendly output or the specialized DNS lookup API if you need to look up DNS records at scale. |
| Lack of details such as TTL, flags, DNSSEC, etc. (in a non-debug mode), which can be a problem for security purposes | Use dig or DNS Lookup API to access more technical data and detailed DNS record information. |
Somewhat uncertain status (nslookup is no longer deprecated, but is not very actively maintained) | Switch to dig or use the DNS lookup API for more accurate and modern troubleshooting. |
| Rate limiting by DNS servers | Use the DNS lookup API to automate high-volume searches and avoid throttling or errors. |
How the nslookup Command Works
When you type a website address into your browser, your computer needs to translate that name into an IP address so that it knows where to send network requests to. This translation is handled by the Domain Name System (DNS), which serves like a phonebook for the internet.
First, your computer sends a query to a recursive DNS resolver — a server that acts like a local helper for the internet’s global phonebook and looks up the IP address for you. If the resolver already has the answer cached, it returns the IP address immediately. Otherwise, it queries other DNS servers — including root servers, TLD servers, and the domain’s authoritative DNS servers — to obtain the correct IP address. This process happens automatically in the background and usually takes only a few milliseconds.
What the nslookup command does is that it lets you manually query DNS servers to inspect how names resolve.
Common DNS Record Types nslookup Command Can Retrieve
The command returns different data depending on which type of DNS record you want it to return.
| Type of Information | Description | Sample command |
| A Record | Maps a domain to an IPv4 address. | nslookup -type=A example.com |
| AAAA Record | Maps a domain to an IPv6 address. | nslookup -type=AAAA example.com |
| MX (Mail Exchange) | Identifies the mail servers for the domain. | nslookup -type=MX example.com |
| NS (Name Server) | Lists the authoritative DNS name servers for the domain. | nslookup -type=NS example.com |
| CNAME (Canonical Name) | Shows the alias for a domain name. | nslookup -type=CNAME www.example.com |
| PTR (Pointer) | Used for reverse DNS lookups to find the domain name that resolves to a given IP address. | nslookup -type=PTR 8.8.8.8 |
| SOA (Start of Authority) | Provides core technical information about a DNS zone. | nslookup -type=SOA example.com |
| TXT (Text) | Contains arbitrary text that is often used for security verification. | nslookup -type=TXT example.com |
Aside from these different types of data, every nslookup response also includes these two pieces of metadata:
- Server: The name and IP address of the DNS server that responded to the query (usually it’s your recursive resolver).
- Authoritative or non-authoritative answer: A label indicating where the result came from — directly from the domain’s authoritative DNS server or from a cached source.
How to Install the nslookup Command?
The nslookup command comes pre-installed on popular operating systems, but there might be some situations where it’s not working right away.
Installing nslookup on Windows
You don’t need to install nslookup on Windows since it comes pre-installed as part of the operating system since the early days of Windows NT.
If you try to run the command and get an error saying something like “nslookup is not recognized as an internal or external command”, it usually means a core networking feature is turned off, or your system path is corrupted.
To check the system path for nslookup, press the Windows key, type cmd to open the command prompt, and type where nslookup. The output should look like C:\Windows\System32\nslookup.exe (if your Windows is installed in C:\Windows).
How to Access nslookup on Windows
You can run the tool from a shell environment, whether it’s the command prompt or PowerShell.
- Press the Windows key.
- Type
cmdfor command prompt orpowershellfor PowerShell and press Enter. - In the black or blue window, type the
nslookupcommand with the appropriate parameters (that we will discuss below) and press Enter.
For more Windows-specific details, check Microsoft’s documentation for nslookup.
Installing nslookup on macOS
Like Windows, macOS includes nslookup by default as part of its core networking utilities. You do not need to download or install anything to use it. It is available through the Terminal application.
How to Access nslookup on macOS
- Open Spotlight (usually it’s set to the hotkey combination of Ctrl + Spacebar)
- Type
terminaland press Enter (alternatively, you can find Terminal in the list of applications). - Type the
nslookupcommand with the parameters that you want and press Enter.
Installing nslookup on Linux
On most modern Linux distributions, nslookup is preinstalled. It’s a part of the dnsutils or bind-utils bundle. In some cases, neither of these packages is installed, so you’ll need to install it yourself. Here’s how to do it depending on the version of Linux you are running.
For Ubuntu, Debian, and Linux Mint:
These systems use the apt package manager.
- Open your terminal.
- Update your package list:
sudo apt update- Install the tool:
sudo apt install dnsutilsFor CentOS, RHEL, and Fedora
These systems use dnf or yum.
- Open your terminal.
- Run the installation command:
sudo dnf install bind-utils(Note: Use yum instead of dnf if you are on an older version of CentOS).
Once the process finishes, you can check that the command is active. Type the following:
nslookup -versionIf the installation worked, the terminal will display the version number. You can then try a test query, such as nslookup google.com, to see the tool in action. Note that nslookup -version may not work on Windows.
For more Unix-specific information about nslookup (which applies to both Linux and macOS), check out the unix documentation. Keep in mind that, as mentioned above, implementations differ between different Linux distributions and macOS.
Nslookup Command Modes
There are two modes for running the nslookup command — interactive and non-interactive.
Non-Interactive Mode
This mode is best for quick, one-off lookups. To run nslookup in a non-interactive mode, type the entire command and the domain name into your terminal at once. As soon as you press Enter, the computer gives you the answer and immediately returns you to the regular command prompt.
When to use it: When you just need to check a DNS record.
Example syntax: nslookup google.com
Specifying a server: You can even point to a specific DNS server in one go:
nslookup google.com 8.8.8.8
Interactive Mode
This mode is better for deep troubleshooting. When you type nslookup without a domain name or with a parameter starting with an - and hit Enter, you enter the tool’s interactive mode. The prompt will change (usually to a >) and stay there (until you type exit), waiting for your next instruction.
When to use it: When you need to check multiple different records (like switching from MX to TXT) for the same domain without retyping the main command.
How to use it:
- Type
nslookupand hit Enter.
- Type a
setcommand (e.g.,set type=mx) to start changing configuration settings of the target DNS record. See the table below for some examples ofsetcommand options. You can change only one parameter at a time, but you can type as many consequentsetcommands as you need.
| Keyword | Syntax | Description | Example Command (Interactive Mode) |
| Show all settings | set all | Displays the current configuration and default server. | set all |
| Query class | set class=value | Sets DNS class (IN [Internet, the standard class], CH [Chaos, mostly for diagnostic queries], HS [Hesiod, rarely used nowadays], ANY [to request records from any class]). | set class=IN |
| Debug mode | set [no]debug | Shows full DNS response packets. | set debug |
| Extended debug | set [no]d2 | Enables verbose debugging output. | set d2 |
| Domain search list | set domain=name | Sets the default domain appended to unqualified names | set domain=example.com |
| Search domains | set [no]search | Enables/disables search list usage. | set nosearch |
| Port | set port=value | Changes the DNS port. | set port=5353 |
| Query type | set querytype=value or set type=value | Sets DNS record type. | set type=mx |
| Recursion | set [no]recurse | Enables recursive queries. | set norecurse |
| NDots* | set ndots=number | Sets the dot threshold before disabling search. | set ndots=2 |
| Retry attempts | set retry=number | Sets the number of retries. | set retry=3 |
| Timeout | set timeout=number | Sets the timeout in seconds. | set timeout=5 |
| Virtual circuit | set [no]vc | Forces TCP instead of UDP. | set vc |
| Fail behavior | set [no]fail | Controls behavior on SERVFAIL. | set fail |
*Supported in many modern nslookup implementations (including macOS) but not present in all historical versions.
- Type the target domain name (e.g.,
example.com). - Type
exitto leave and go back to your normal terminal.
Nslookup Command Syntax and Parameters
| Basic Command Syntax | Description | Example Command |
| nslookup | Launches interactive mode using the default DNS server. | nslookup |
| nslookup [name] | Performs a non-interactive lookup for a host or domain. | nslookup example.com |
| nslookup [name] [server] | Queries a specific DNS server. | nslookup example.com 8.8.8.8 |
| nslookup -option [name] [server] | Runs nslookup with options. | nslookup -timeout=10 example.com |
| nslookup -query=value [name] | Sets query type before lookup. | nslookup -query=mx example.com |
| nslookup -version | Displays version and exits. | nslookup -version |
| nslookup – | Enters interactive mode with the specified server. | nslookup - 8.8.8.8 |
| Interactive Command Syntax | Description | Example Command |
| host [server] | Host lookup: Looks up a host using the current or specified server. | example.com |
| server domain | Change server: Changes the default DNS server. | server 8.8.8.8 |
| lserver domain | Lookup via initial server: Uses the original server to resolve the new server. | lserver 1.1.1.1 |
| exit | Exit: Exits interactive mode. | exit |
What Does the nslookup Command Do? (with Examples)
1. Find the A Record of a Domain
The A record maps a domain name to an IPv4 address. Use this command to see which IP a website actually resolves to.
Syntax: nslookup [domain]
Example:
nslookup example.com
2. Find All Available DNS Records of a Domain
If you need a complete picture of a domain’s DNS setup, you can query for all available records at once. It’s worth noting that many DNS servers now restrict ANY queries because of the DNS amplification attacks. For example, we failed to get results for this command in one geographic location, but successfully ran it in another one.
Syntax: nslookup -type=any [domain]
Example:
nslookup -type=any example.com3. Query the SOA Record of a Domain
Retrieve administrative details about a DNS zone using this command.
Syntax: nslookup -type=soa [domain]
Example:
nslookup -type=soa example.com
4. Find the MX Records of a Domain
Use this parameter to find mail exchange servers for email routing.
Syntax: nslookup -type=mx [domain]
Example:
nslookup -type=mx example.com
5. Check the NS Records of a Domain
This command shows a domain’s authoritative DNS servers, helping you verify if your DNS hosting is configured correctly.
Syntax: nslookup -type=ns [domain]
Example:
nslookup -type=ns example.com
6. Do a Reverse DNS Lookup
A reverse lookup lets you find domain names associated with an IP address. It is the opposite of a standard A record query.
Syntax: nslookup [IP address]
Example:
nslookup 8.8.8.8
7. Check For a PTR Record
PTR records are used in reverse DNS lookups to map an IP address back to a hostname. Note that this will essentially produce the same result as in the example with the reverse lookup above, except for rare scenarios.
Syntax: nslookup -type=ptr [IP address]
Example:
nslookup -type=ptr 192.168.1.1
8. Check a Specific DNS Server
Sometimes you need to see how a specific server, like Google (8.8.8.8) or Cloudflare (1.1.1.1), resolves a domain to help you rule out local ISP issues. To do this, you can use the following command:
Syntax: nslookup [domain] [server]
Example:
nslookup example.com 8.8.8.89. Change the Timeout Interval For a Reply
If a server is slow to respond, you can increase the timeout interval. This tells the tool to wait longer before giving up on a reply.
Syntax: nslookup -timeout=10 [domain]
Example:
nslookup -timeout=10 example.com
10. Enable Debug Mode
Debug mode provides technical details about the packets sent and received during a query. It’s great for deep network troubleshooting.
Syntax: nslookup -debug [domain]
Example:
nslookup -debug example.com
Limitations of the nslookup Command
Although nslookup is a widely used standard tool for network diagnostics, it has several drawbacks that affect its reliability across different environments.
Inconsistent Formatting
There are different implementations of the nslookup command, and both some of the parameters and the output you see when running the command varies significantly depending on which implementation (or rather, operating system) you use. Because there’s no standard output format, it’s difficult to use nslookup in automation workflows, as you’ll need to account for the changes that occur when switching platforms.
The solution is either using another command, dig (which stands for Domain Information Groper), which generates more structured output, or specialized APIs that are designed primarily for automation.
Lack of Technical Details
In addition to formatting issues, nslookup lacks details compared to more modern networking tools. By default, it doesn’t display some of the technical data, such as TTL, flags, response codes, DNSSEC data, etc. Take, for example, the nslookup command with the TXT parameter. The lookup result is just a list of TXT records for the domain.
Meanwhile, the TXT lookup results using the online TXT Record Lookup include the time to live (TTL) values for each record.
Again, dig delivers the missing details, and so do other tools like the DNS Lookup API or the visual TXT lookup tool used in the screenshot above.
Limited Number of Queries
The nslookup command is intended for interactive troubleshooting with manual queries, and its output is formatted for human eyes. But it was never intended for automation. Therefore, it doesn’t integrate easily into scripts, making it less efficient for automation or large-scale network management.
If you’re trying to automate a network health check, you’ll find that extracting data from nslookup is difficult, and it’s better to use a tool designed for scripting.
Another part of the same problem is rate limiting from the DNS servers. No matter whether you’re using nslookup or dig, you’re querying the DNS servers directly, and if they have rate limiting (which they usually do), they start to throttle responses or return errors.
Neither of these tools is suited for large-scale automations. If your use case requires running many DNS lookups, to avoid throttling you’ll need to use tools such as DNS Lookup API in your automation workflows.
Somewhat Uncertain Status
When you run nslookup on some systems, you may see an output that states that nslookup is deprecated and it’s advised to use other tools instead. That actually isn’t true anymore and is a relic of the times from before 2004, when BIND considered deprecating it and recommended to use dig and host instead. However, after 2004, the decision was reversed, and nslookup is still maintained.
Nonetheless, many network administrators and developers have moved away from nslookup in favor of more modern alternatives, such as dig. So, while nslookup is still included in most operating systems, it’s considered a legacy tool by many.
nslookup vs. dig: What Are The Differences?
While nslookup is suitable for quick lookups, many professionals switch to dig when they need to do a deep technical analysis because in many aspects dig is more flexible.
| Feature | nslookup | dig |
| Best For | Simple, quick lookups | Deep technical analysis |
| Ease of Use | Very easy | Moderate |
| Scripting | Hard to automate | Built for automation |
| Platform | Windows, Linux, macOS | Primarily Linux/macOS |
Conclusion
Despite its shortcomings, nslookup remains a useful tool for manual DNS checks, and many people actively use it for troubleshooting and other technical tasks. Those that need more details and output consistency can use dig instead.
For those who need to automate their workflow and run a large number of DNS lookups, it’s best to use specialized tools such as DNS Lookup API. These APIs handle high volumes of requests where both nslookup and dig start being throttled. They also provide the results in a structured JSON or XML format that’s easy to integrate into software applications.