nslookup is dead, long live dig and host

Dig DugLadies and gentlemen, the long and prosperous era of nslookup has drawn to a close.  Please familiarize yourself with dig and host, two alternatives that do a better job anyway.

nslookup is deprecated. The organization that maintains the code for nslookup, Internet Systems Consortium, has very clearly stated so. ISC is the organization behind the Berkeley Internet Name Daemon (BIND). BIND is the most widely used DNS server in the world. nslookup is distributed with BIND. So, if the developers of nslookup say it’s going away, that’s proof enough for me. This will be a long, gradual fade into nothingness, but one that is inevitable. If you require further proof, check this out… if you run the most recent version of nslookup (included with BIND 9), the following message appears:

Note: nslookup is deprecated and may be removed from future releases.
Consider using the 'dig' or 'host' programs instead. Run nslookup with
the '-sil[ent]' option to prevent this message from appearing.

The command itself says so.  Do not fret, however, because as I like to say, “The answer is in the error.” Don’t fight the change. Try out the dig and host commands. If you run OS X or any current version of Linux there’s a good chance they’re already installed, and there’s a good chance you’ll really like these two tools.  Let’s take a deeper look at each one, shall we?

dig

The dig command is relatively straightforward.  It queries DNS nameservers, and it returns the IP address(es) and a ton of awesome extraneous information from wherever we point it.  For example, if we enter:

regularuser@smalleycreative:~$ dig www.google.com

…we get something like the following output:

; <<>> DiG 9.6.0-APPLE-P2 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58434
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.			IN	A

;; ANSWER SECTION:
www.google.com.		348803	IN	CNAME	www.l.google.com.
www.l.google.com.	48	IN	A	72.14.204.147
www.l.google.com.	48	IN	A	72.14.204.99
www.l.google.com.	48	IN	A	72.14.204.104
www.l.google.com.	48	IN	A	72.14.204.103

;; Query time: 18 msec
;; SERVER: 172.19.0.1#53(172.19.0.1)
;; WHEN: Tue Jan  4 14:44:56 2011
;; MSG SIZE  rcvd: 116

There is a lot of information in the above output, but we can break each section down to get a better understanding of what we’re looking at. First, we are presented with the version and global options section:

; <<>> DiG 9.6.0-APPLE-P2 <<>> www.google.com
;; global options: +cmd

This is followed by a section that gives us more in-depth technical information about the response, or answer:

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58434
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

Then we have a section that repeats our question back to us. This basically serves as a reminder of exactly what we told dig we want to look up:

;; QUESTION SECTION:
;www.google.com.			IN	A

The answer section is probably the section we’re most interested in. This section is where we find the IP addresses that correspond to where we pointed dig:

;; ANSWER SECTION:
www.google.com.		348803	IN	CNAME	www.l.google.com.
www.l.google.com.	48	IN	A	72.14.204.147
www.l.google.com.	48	IN	A	72.14.204.99
www.l.google.com.	48	IN	A	72.14.204.104
www.l.google.com.	48	IN	A	72.14.204.103

In our test case, we now know can see that www.google.com resolves to 72.14.204.147, 72.14.204.99, 72.14.204.104, or 72.14.204.103.
Finally, the last section shows us some more general statistics about the query. We have the amount of time the query takes, the address the query came from (our router IP), the time the query was placed, and the amount of data that was returned to us:

;; Query time: 18 msec
;; SERVER: 172.19.0.1#53(172.19.0.1)
;; WHEN: Tue Jan  4 14:44:56 2011
;; MSG SIZE  rcvd: 116

This example is a very basic example of a common lookup. More advanced lookups can be performed using dig, and therein lies its power. If we type in:

dig -h

We can see all of the various options that can be passed to dig. Very complex, but nonetheless, very powerful stuff.

host

The host command is much like dig, but more succinct. If we enter:

regularuser@smalleycreative:~$ host www.facebook.com
www.facebook.com has address 66.220.149.32

host basically gives us the ANSWER section from the dig command, which makes it nice for quick and dirty lookups where the extra technical information that dig provides isn’t necessarily required.
If you don’t trust your DNS server you can tell host the specific server you want to query by typing the address of the server after your search string. For example, I know that Google runs their own free public DNS server at 8.8.8.8. Knowing this, we can tell the host command that we want to perform our lookup using 8.8.8.8 as our DNS server by typing:

regularuser@smalleycreative:~$ host www.facebook.com 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases: 

www.facebook.com has address 66.220.149.32

host is also capable of running reverse lookups. You can provide it with an IP address, and it will tell you the name of the specific server associated with that IP. For example:

regularuser@smalleycreative:~$ host 66.220.149.32
32.149.220.66.in-addr.arpa domain name pointer www-13-02-snc5.facebook.com.

Try typing in host -a, followed by a website address, and note the results. Yes, that’s right. If you type in host -a it gives you the same exact output that you would get from a plain-old dig command with no options set. Very interesting!

Final Thoughts

Hopefully I’ve made it pretty clear that nslookup is no longer the best option around. For quick DNS lookups, host is your best bet, and for more advanced, powerful, and even script-worthy lookup functionality, dig is easily the better choice.

Share this with:
  • Print
  • Digg
  • Facebook
  • Twitter
  • Google Bookmarks
  • email
  • HackerNews
  • Reddit
  • Slashdot
Michael is the creator and main author of the Smalley Creative Blog. He is a guy who loves technology (particularly open source), educating people about technology, and working with people who love technology as much as he does. Follow him on Twitter @michaeljsmalley.

Trackbacks for this post

  1. Better Alternatives To Commonly Used Linux Commands | Linux Digest

Got something to say? Go for it!