Domain Name System and nslookup
Domain Name System (DNS)
DNS is a distributed database containing names and addresses of all reachable hosts on the Internet. While attempting to connect to a domain name (for instance:
www.google.com), a host first checks its
hosts file (for instance:
/etc/hosts) for an entry corresponding to the domain name. If this entry is not in the
hosts file, the host sends a query to its primary DNS name server. If the primary name server does not have the appropriate record, it forwards the query to a server higher in the domain name hierarchy .
The IP address of the primary DNS server (or the ISP’s DNS server) is stored on your machine in the
/etc/resolv.conf file. Here’s how my
nameserver 220.127.116.11 nameserver 18.104.22.168
In case your ISP’s nameserver does no do quick name resolution, then you might want to use an alternate nameserver. OpenDNS is one option. You can put their nameserver’s IP address in the
resolv.conf file like:
nameserver <opendns nameserver IP>
The DNS contains records containing the following values:
- Start of authority: authoritative name server for a given domain.
- A: Address records (IP addresses for domain names)
- CNAME: Canonical Name records provide host name aliases (alternate host names).
- PTR: Pointer records associate a host name with a given IP address (reverse of what A records do).
- MX: Mail Exchange records define the mail system for a domain.
- NS: Name server records define name servers for a given domain.
nslookup is a command line utility that can be used for looking at DNS records. To obtain the utility on Arch Linux, install the package
$ pacman -S dnsutils
nslookup stands for name server lookup. It uses the entry corresponding to the local DNS nameserver present in
nslookup then queries the local DNS nameserver for the IP address of a certain hostname. Whereas the
ping command only looks at A records stored by nameservers, the
nslookup command looks at all the other records such as CNAME, MX etc. For all these records, specific command line options are available. For complete information, try
Here is a simple example use:
[rachee@rachee ~]$ nslookup www.google.com Server: 22.214.171.124 Address: 126.96.36.199#53 Non-authoritative answer: www.google.com canonical name = www.l.google.com. Name: www.l.google.com Address: 188.8.131.52 Name: www.l.google.com Address: 184.108.40.206 Name: www.l.google.com Address: 220.127.116.11 Name: www.l.google.com Address: 18.104.22.168 Name: www.l.google.com Address: 22.214.171.124
The output depicts a couple of things, lets over them piece by piece:
This part of the reply,
means that the DNS nameserver that is handling our query is
126.96.36.199. No surprises here, this was just picked from the
‘Non-authoritative answer’ means that the DNS nameserver that returned the answer to the query ‘Address of www.google.com’ is not authoritative for the www.google.com zone. In effect, my local DNS nameserver issued a series of queries to different nameservers to obtain a response and returned the address to me.
‘canonical name = www.l.google.com’ implies that
www.google.comis just a canonical name (or alias) for
www.l.google.com. In the process of name resolution, the nameserver authoritative for the
google.comzone must have told my local DNS nameserver that
www.google.comis a CNAME record for
www.l.google.com. After receiving this answer, my local nameserver would query the
google.comnameserver for the address of
The rest of the reply contains all A records corresponding to