Ladies and gentlemen, the long and prosperous era of
nslookup
has drawn to a close. Please familiarize yourself with dig
and host
, two alternatives that do a better job anyway.
nslookup
is deprecated. The organization that maintains the code for nslookup
, Internet Systems Consortium, has very clearly stated so. ISC is the organization behind the Berkeley Internet Name Daemon (BIND). BIND is the most widely used DNS server in the world. nslookup
is distributed with BIND. So, if the developers of nslookup
say it’s going away, that’s proof enough for me. This will be a long, gradual fade into nothingness, but one that is inevitable. If you require further proof, check this out… if you run the most recent version of nslookup
(included with BIND 9), the following message appears:
Note: nslookup is deprecated and may be removed from future releases. Consider using the 'dig' or 'host' programs instead. Run nslookup with the '-sil[ent]' option to prevent this message from appearing.
The command itself says so. Do not fret, however, because as I like to say, “The answer is in the error.” Don’t fight the change. Try out the dig
and host
commands. If you run OS X or any current version of Linux there’s a good chance they’re already installed, and there’s a good chance you’ll really like these two tools. Let’s take a deeper look at each one, shall we?
dig
The dig
command is relatively straightforward. It queries DNS nameservers, and it returns the IP address(es) and a ton of awesome extraneous information from wherever we point it. For example, if we enter:
regularuser@smalleycreative:~$ dig www.google.com
…we get something like the following output:
; <<>> DiG 9.6.0-APPLE-P2 <<>> www.google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58434 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 348803 IN CNAME www.l.google.com. www.l.google.com. 48 IN A 72.14.204.147 www.l.google.com. 48 IN A 72.14.204.99 www.l.google.com. 48 IN A 72.14.204.104 www.l.google.com. 48 IN A 72.14.204.103 ;; Query time: 18 msec ;; SERVER: 172.19.0.1#53(172.19.0.1) ;; WHEN: Tue Jan 4 14:44:56 2011 ;; MSG SIZE rcvd: 116
There is a lot of information in the above output, but we can break each section down to get a better understanding of what we’re looking at. First, we are presented with the version and global options section:
; <<>> DiG 9.6.0-APPLE-P2 <<>> www.google.com ;; global options: +cmd
This is followed by a section that gives us more in-depth technical information about the response, or answer:
;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58434 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
Then we have a section that repeats our question back to us. This basically serves as a reminder of exactly what we told dig
we want to look up:
;; QUESTION SECTION: ;www.google.com. IN A
The answer section is probably the section we’re most interested in. This section is where we find the IP addresses that correspond to where we pointed dig
:
;; ANSWER SECTION: www.google.com. 348803 IN CNAME www.l.google.com. www.l.google.com. 48 IN A 72.14.204.147 www.l.google.com. 48 IN A 72.14.204.99 www.l.google.com. 48 IN A 72.14.204.104 www.l.google.com. 48 IN A 72.14.204.103
In our test case, we now know can see that www.google.com resolves to 72.14.204.147, 72.14.204.99, 72.14.204.104, or 72.14.204.103.
Finally, the last section shows us some more general statistics about the query. We have the amount of time the query takes, the address the query came from (our router IP), the time the query was placed, and the amount of data that was returned to us:
;; Query time: 18 msec ;; SERVER: 172.19.0.1#53(172.19.0.1) ;; WHEN: Tue Jan 4 14:44:56 2011 ;; MSG SIZE rcvd: 116
This example is a very basic example of a common lookup. More advanced lookups can be performed using dig
, and therein lies its power. If we type in:
dig -h
We can see all of the various options that can be passed to dig
. Very complex, but nonetheless, very powerful stuff.
host
The host
command is much like dig
, but more succinct. If we enter:
regularuser@smalleycreative:~$ host www.facebook.com www.facebook.com has address 66.220.149.32
host
basically gives us the ANSWER section from the dig
command, which makes it nice for quick and dirty lookups where the extra technical information that dig
provides isn’t necessarily required.
If you don’t trust your DNS server you can tell host
the specific server you want to query by typing the address of the server after your search string. For example, I know that Google runs their own free public DNS server at 8.8.8.8. Knowing this, we can tell the host
command that we want to perform our lookup using 8.8.8.8 as our DNS server by typing:
regularuser@smalleycreative:~$ host www.facebook.com 8.8.8.8 Using domain server: Name: 8.8.8.8 Address: 8.8.8.8#53 Aliases: www.facebook.com has address 66.220.149.32
host
is also capable of running reverse lookups. You can provide it with an IP address, and it will tell you the name of the specific server associated with that IP. For example:
regularuser@smalleycreative:~$ host 66.220.149.32 32.149.220.66.in-addr.arpa domain name pointer www-13-02-snc5.facebook.com.
Try typing in host -a
, followed by a website address, and note the results. Yes, that’s right. If you type in host -a
it gives you the same exact output that you would get from a plain-old dig
command with no options set. Very interesting!
Final Thoughts
Hopefully I’ve made it pretty clear that nslookup
is no longer the best option around. For quick DNS lookups, host
is your best bet, and for more advanced, powerful, and even script-worthy lookup functionality, dig
is easily the better choice.
2 comments: On nslookup is dead, long live dig and host
Pingback: Better Alternatives To Commonly Used Linux Commands | Linux Digest ()
Pingback: Troubleshooting DNS Mayhem with nslookup | petes-brain ()