CyberCheatsheets

nslookup Cheat Sheet

Interactive and non-interactive DNS query tool available on Linux and Windows for basic record lookups.

Reconnaissance & OSINTdnstroubleshootingwindowsUpdated 2026-06-02

Overview

nslookup resolves hostnames to IPs and queries DNS record types. Ubiquitous on Windows domain-joined systems and useful for quick checks when dig is unavailable. Less script-friendly than dig but familiar in enterprise environments.

Authorized testing only. DNS queries may be logged on corporate resolvers—use approved resolvers and scope.

Install

Linux

sudo apt install -y dnsutils   # provides nslookup (bind9)

Windows: built-in

nslookup

Essential commands

Forward lookup

nslookup target.example.com

Specific record type

nslookup -type=MX target.example.com
nslookup -type=TXT target.example.com

Use specific DNS server

nslookup target.example.com 10.10.10.10

Reverse lookup

nslookup 10.10.10.5

Common workflows

Interactive mode —

nslookup
> server 10.10.10.10
> set type=SRV
> _ldap._tcp.dc._msdcs.corp.local
> exit

Windows non-interactive —

nslookup -type=any dc01.corp.local 10.10.10.10

Linux batch (limited) —

for h in $(cat hosts.txt); do nslookup "$h" 2>/dev/null | grep -A1 "Name:"; done

Compare public vs internal —

nslookup www.target.example.com 8.8.8.8
nslookup www.target.example.com 10.10.10.10

Flags reference

-type=

Record type (A, AAAA, MX, TXT, NS, PTR, SRV, CNAME)

-querytype=

Same as -type

-debug

Verbose debugging

-timeout=

Query timeout

(2nd arg)

DNS server IP or hostname

Tips

  • On Windows, prefer Resolve-DnsName in PowerShell for scripting; nslookup ignores OS DNS cache flags inconsistently.
  • Linux nslookup is deprecated in favor of dig/host but still common on minimal images.
  • Non-authoritative answers may differ from dig +trace—verify SOA/NS when troubleshooting zone issues.
  • For AD, query SRV records via nslookup -type=srv _ldap._tcp.dc._msdcs.domain.

References

Aide-mémoires similaires