Ladies and gentlemen, the long and prosperous era of
nslookup has drawn to a close. Please familiarize yourself with
host, two alternatives that do a better job anyway.
nslookup is deprecated. The organization that maintains the code for
nslookup, Internet Systems Consortium, has very clearly stated so. ISC is the organization behind the Berkeley Internet Name Daemon (BIND). BIND is the most widely used DNS server in the world.
nslookup is distributed with BIND. So, if the developers of
nslookup say it’s going away, that’s proof enough for me. This will be a long, gradual fade into nothingness, but one that is inevitable. If you require further proof, check this out… if you run the most recent version of
nslookup (included with BIND 9), the following message appears:
Note: nslookup is deprecated and may be removed from future releases. Consider using the 'dig' or 'host' programs instead. Run nslookup with the '-sil[ent]' option to prevent this message from appearing.
The command itself says so. Do not fret, however, because as I like to say, “The answer is in the error.” Don’t fight the change. Try out the
host commands. If you run OS X or any current version of Linux there’s a good chance they’re already installed, and there’s a good chance you’ll really like these two tools. Let’s take a deeper look at each one, shall we?
dig command is relatively straightforward. It queries DNS nameservers, and it returns the IP address(es) and a ton of awesome extraneous information from wherever we point it. For example, if we enter:
regularuser@smalleycreative:~$ dig www.google.com
…we get something like the following output:
; <<>> DiG 9.6.0-APPLE-P2 <<>> www.google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58434 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 348803 IN CNAME www.l.google.com. www.l.google.com. 48 IN A 126.96.36.199 www.l.google.com. 48 IN A 188.8.131.52 www.l.google.com. 48 IN A 184.108.40.206 www.l.google.com. 48 IN A 220.127.116.11 ;; Query time: 18 msec ;; SERVER: 172.19.0.1#53(172.19.0.1) ;; WHEN: Tue Jan 4 14:44:56 2011 ;; MSG SIZE rcvd: 116
There is a lot of information in the above output, but we can break each section down to get a better understanding of what we’re looking at. First, we are presented with the version and global options section:
; <<>> DiG 9.6.0-APPLE-P2 <<>> www.google.com ;; global options: +cmd
This is followed by a section that gives us more in-depth technical information about the response, or answer:
;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58434 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
Then we have a section that repeats our question back to us. This basically serves as a reminder of exactly what we told
dig we want to look up:
;; QUESTION SECTION: ;www.google.com. IN A
The answer section is probably the section we’re most interested in. This section is where we find the IP addresses that correspond to where we pointed
;; ANSWER SECTION: www.google.com. 348803 IN CNAME www.l.google.com. www.l.google.com. 48 IN A 18.104.22.168 www.l.google.com. 48 IN A 22.214.171.124 www.l.google.com. 48 IN A 126.96.36.199 www.l.google.com. 48 IN A 188.8.131.52
In our test case, we now know can see that www.google.com resolves to 184.108.40.206, 220.127.116.11, 18.104.22.168, or 22.214.171.124.
Finally, the last section shows us some more general statistics about the query. We have the amount of time the query takes, the address the query came from (our router IP), the time the query was placed, and the amount of data that was returned to us:
;; Query time: 18 msec ;; SERVER: 172.19.0.1#53(172.19.0.1) ;; WHEN: Tue Jan 4 14:44:56 2011 ;; MSG SIZE rcvd: 116
This example is a very basic example of a common lookup. More advanced lookups can be performed using
dig, and therein lies its power. If we type in:
We can see all of the various options that can be passed to
dig. Very complex, but nonetheless, very powerful stuff.
host command is much like
dig, but more succinct. If we enter:
regularuser@smalleycreative:~$ host www.facebook.com www.facebook.com has address 126.96.36.199
host basically gives us the ANSWER section from the
dig command, which makes it nice for quick and dirty lookups where the extra technical information that
dig provides isn’t necessarily required.
If you don’t trust your DNS server you can tell
host the specific server you want to query by typing the address of the server after your search string. For example, I know that Google runs their own free public DNS server at 188.8.131.52. Knowing this, we can tell the
host command that we want to perform our lookup using 184.108.40.206 as our DNS server by typing:
regularuser@smalleycreative:~$ host www.facebook.com 220.127.116.11 Using domain server: Name: 18.104.22.168 Address: 22.214.171.124#53 Aliases: www.facebook.com has address 126.96.36.199
host is also capable of running reverse lookups. You can provide it with an IP address, and it will tell you the name of the specific server associated with that IP. For example:
regularuser@smalleycreative:~$ host 188.8.131.52 184.108.40.206.in-addr.arpa domain name pointer www-13-02-snc5.facebook.com.
Try typing in
host -a, followed by a website address, and note the results. Yes, that’s right. If you type in
host -a it gives you the same exact output that you would get from a plain-old
dig command with no options set. Very interesting!
Hopefully I’ve made it pretty clear that
nslookup is no longer the best option around. For quick DNS lookups,
host is your best bet, and for more advanced, powerful, and even script-worthy lookup functionality,
dig is easily the better choice.