The Domain Whisperer: My Introduction to `nslookup`

Goose GustinGoose Gustin
2 min read

Table of contents

The first time I used nslookup was when I was taking one of Cisco's networking courses. There wasn't a loud introduction to the tool, just "This is a DNS server, this is how it works, now try this command using nslookup." I didn't even know it was a hacking tool.

That’s the thing about tools like nslookup. They’re not loud. They’re not flashy. But they quietly hold the keys to understanding how the internet actually works — not the polished, app-filled version we see every day, but the messy, DNS-powered underbelly that holds it all together.

What Even is nslookup?

Short answer: it asks questions about domain names, and the internet answers back.

Slightly longer answer: `nslookup` (short for “name server lookup”) is a tool that lets you query the Domain Name System (DNS) to find out the IP address behind a domain, or what servers are handling email for a domain, or what other nameservers are in charge.

Basically, if the internet is a city, `nslookup` is like asking the local council, “Hey, who owns that building? What’s their number? Where do they get their mail?”

The Moment That Clicked

I typed:

nslookup google.com

And just like that, I had an IP address; the unique identifier for google's server.

Then I tried:

nslookup -type=mx gmail.com

Boom. Mail servers. It was like I’d gone from looking at a house to seeing the pipes underneath, the wiring, the delivery routes. Suddenly, domains weren’t just names — they were complex, living systems with layers.

Why Nslookup is Important

This tool is useful for various purposes like:

  • Verifying DNS resolution: Is the domain pointing to the correct IP? You can lookup the actual IP of a domain and even the reverse - get the domain from the IP

  • Detecting misconfigurations: Are there missing mail server (MX) records? Any failures or irregularities encountered may indicate a problem with the DNS server.

  • Uncovering threats: Odd-looking DNS records could be phishing domains. You could test and see, for example, whether the IP address of paypal.com and paypa1.com are the same.

Closing Thoughts

This is the second of the recon tools I've explored. Whois queries whois servers, while nslookup queries DNS servers. If you were looking for extensive information about a certain domain name, you'd use whois. If you wanted brief immediate information about a domain and to check the state of a DNS server on a network, nslookup is the tool for you.

0
Subscribe to my newsletter

Read articles from Goose Gustin directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#cybersecurityreconnaissance nslookupLinux

Written by

Goose Gustin
Goose Gustin