nslookup(1)
NAME
nslookup − query BIND servers interactively
SYNOPSIS
/usr/ucb/nslookup A[ host A[ server A]]
nslookup − A[ server A]
DESCRIPTION
The nslookup command queries the BIND servers. This command has two modes: interactive and non-interactive. Interactive mode allows you to query the BIND server for information about various hosts and domains. With non-interactive mode, you can obtain just the name and Internet address of a host or domain.
You should use interactive mode if you have no arguments to provide. In this case, nslookup queries the default BIND server. To specify a BIND server to query, the first argument should be − and the second should be the name of the server.
You should use non-interactive mode when the name of the host you are looking up is the first argument. The optional second argument specifies a BIND server. If you do not supply a second argument, the current BIND server is queried.
To terminate the nslookup command from within interactive mode, press CTRL/d. To terminate only the current lookup activity, press CTRL/c.
NON-INTERACTIVE OPTIONS
host [server]This is the name of the host for which you are looking up information. If you do not specify a server, the default server is queried. You can specify the server by either name or IP address.
− [server]The − option returns the name and IP address of the default server, or the server you specify. It then places you in interactive mode. If you do not specify a server, the default server is queried. You can specify the server by either name or IP address.
INTERACTIVE OPTIONS
The command line length must be less than 80 characters. Any unrecognized command is interpreted as a host name. Here are the standard options:
host [server]Look up information for host using the current default server or using server if it is specified.
server serverChange the default server to the server specified. This option uses the current default server.
lserver serverChange the default server to the server specified. This option uses the initial default server to look up information about the server specified.
rootChange the default server to the server for the root of the domain name space specified. Currently, the host sri-nic.arpa is used.
finger [ name ] [ > [ > ] file ]
Connect with the finger server on the current host. The current host is defined when a previous lookup for a host was successful and returned address information. See the set querytype=value command. The name field is optional. You can use the > and >> options to redirect output to the file specified.
ls [ −adhms ] domain [ > [ > ] file ]
List the information available for the domain specified. The default output contains host names and their Internet addresses. The −a option lists aliases of hosts in the domain, CNAME entries. The −d option lists all entries in the domain. The −h option lists CPU and operating system information for the domain, HINFO entries. The −m option lists mail exchangers in the domain, MX entries. The −s option lists well known services in the domain, WKS entries. If you redirect the output to a file, hash marks are printed for every 50 records received from the server.
view fileSort and list the output of the ls command with the more command.
helpPrint a brief summary of the nslookupcommands
?Print a brief summary of the nslookup commands.
set keyword[=value]This command changes the state information that affects the lookups. Valid keywords are:
allPrint the current values of the options you can set, as well as information about the current default server.
ALLPrint the current values of the options you can set, as well as information about the current default server. In addition, the ALL option prints the server state information.
[no]debugTurn debugging mode on. Verbose information is printed about the packet sent to the server and the resulting answer. the default is nodebug , which you can abbreviate to [no]deb.
[no]defnameAppend the default domain name to every lookup. The default is nodefname , which you can abbreviate to [no]def.
domain=nameChange the default domain to the domain name specified. The default domain name is appended to all lookup requests if the defname option has been set. The default value is set in the /etc/resolv.conf file, which you can abbreviate to do.
querytype=valueChange the type of information returned from a query to one of the following:
AThe host’s Internet address (the default)
CNAMEThe canonical name for an alias
HINFOThe host CPU and operating system type
MDThe mail destination
MXThe mail exchanger
MGThe mail group member
MINFOThe mailbox or mail list information
MRThe mail rename domain name
The abbreviation for the query option is q .
[no]recurseTell the BIND server to query other servers if it does not have the information. The default is recurse, and the abbreviation is [no]rec.
retry=numberSet the number of retries to the number specified. If a reply to a request is not received within a certain amount of time (changed with set timeout), the request is resent. The retry value controls how many times a request is to be resent before giving up. The default retry number is 2, and the abbreviation for the retry option is ret.
root=hostChange the name of the root server to the host named specified. This affects the root command. The default is sri-nic.arpa, and the abbreviation is ro.
timeout=numberChange the time-out interval for waiting for a reply to the number specified (in seconds). The default is 10 seconds, and the abbreviation for the timeout option is t.
[no]vcUse a TCP connection when sending requests to the server. The default is novc , and the abbreviation is [no]v.
TUTORIAL
The domain name space is tree-structured and has five top-level domains:
•ARPA (for ARPAnet hosts)
•COM (for commercial establishments)
•EDU (for educational institutions)
•GOV (for government agencies)
•ORG (for not for profit organizations)
•MIL (for MILNET hosts)
If you are looking for a specific host, you need to know something about the host’s organization in order to determine the top-level domain it belongs to. For instance, if you want to find the Internet address of a host at UCLA, do the following:
1.Connect with the root server, using the root command. The root server of the name space has knowledge of the top-level domains.
2.Connect with a server for the ucla.edu domain. The domain named for UCLA, which is a university, is ucla.edu. To connect with this server, you can type:
# nslookup
> server ucla.edu
The response is the names of the hosts that act as servers for the domain ucla.edu. Note that the root server does not have information about ucla.edu, but knows the names and addresses of hosts that do. All future queries are sent to the UCLA BIND server.
3.Request information about a particular host in the domain, for example, purple. To do this, type the host name. To request a list of hosts in the UCLA domain, use the ls command. The ls command requires a domain name (in this case, ucla.edu) as an argument.
Note that if you are connected with a BIND server that handles more than one domain, all lookups for host names must be fully specified with its domain. For instance, the domain harvard.edu is served by seismo.css.gov, which also services the css.gov and cornell.edu domains. A lookup request for the host novel in the harvard.edu domain must be specified as novel.harvard.edu. However, you can use the set domain=name and set defname commands to automatically append a domain name to each request.
After a successful lookup of a host, use the finger command to see who is on the system or to get information about a specific person. To get other information about the host, use the set querytype=value command, which allows you to change the type of information obtained and request another lookup. The finger command requires that the information requested be of type A.
DIAGNOSTICS
If the lookup request was not successful, the nslookup command displays one of the following error messages:
Time-outThe server did not respond to a request after a certain amount of time (changed with set timeout=value) and a certain number of retries (changed with set retry=value).
No informationDepending on the query type set with the set querytype command, no information about the host was available, although the host name is valid.
Non-existent domainThe host or domain name does not exist.
Connection refusedThe connection to the BIND server was refused.
Network is unreachableThe connection to the BIND server cannot be made at the current time.
Server failureThe BIND server found an internal inconsistency in its database and could not return a valid answer.
RefusedThe BIND server refused to service the request.
Format error
The name server found that the request packet was not in the proper format. Contact your DIGITAL Field Service representative.
FILES
/etc/named.bootBIND server boot file
/etc/namedbBIND server data file directory
/etc/namedb/named.hostsBIND server hosts file
/etc/namedb/named.revBIND server reverse address hosts file
/etc/namedb/named.localBIND server local host reverse address host file
/etc/namedb/named.caBIND server cache file
/etc/resolv.confBIND client data file
SEE ALSO
finger(1), more(1), nsquery(1), resolver(3), resolver(5), named(8)
The Guide to the BIND Service
Commands