There are several commands you can use to work with DNS.
Here’s a cheat sheet for common DNS (Domain Name System) commands that you can use from the command line, including tools like nslookup, dig, host, and others for querying DNS records and troubleshooting DNS issues.
1. nslookup (Name Server Lookup)
nslookup is a command-line tool for querying DNS to obtain domain name or IP address mapping.
Basic Usage
Query DNS for a domain:
Basic Usage
Query DNS for a domain:
nslookup example.com* Query specific DNS record type (e.g., A, MX, TXT):
nslookup -type=A example.com # Get A (Address) record
nslookup -type=MX example.com # Get MX (Mail Exchange) records
nslookup -type=TXT example.com # Get TXT records* Set DNS server for query:
nslookup example.com 8.8.8.8 # Use Google's public DNS server (8.8.8.8)* Query reverse DNS (resolve IP to domain):
nslookup 192.168.1.1Interactive Mode
* Enter interactive mode:
* Enter interactive mode:
nslookupOnce in interactive mode, you can type queries directly:
> example.com
> set type=MX
> example.comExit interactive mode:
exit 2. dig (Domain Information Groper)
dig is a powerful and flexible DNS lookup utility that provides more detailed information compared to nslookup.
Basic Usage
* Query DNS for a domain:
Basic Usage
* Query DNS for a domain:
dig example.com* Query specific DNS record type:
dig example.com A # Get A (Address) record
dig example.com MX # Get MX (Mail Exchange) records
dig example.com TXT # Get TXT records* Query reverse DNS (resolve IP to domain):
dig -x 192.168.1.1* Query a specific DNS server:
dig @8.8.8.8 example.comAdvanced Usage
* Display additional information (e.g., authoritative nameservers, TTL):
* Display additional information (e.g., authoritative nameservers, TTL):
dig example.com +noall +answer +authority +additional* Query DNS with +short (shortened output):
dig example.com +short* Query for multiple record types:
dig example.com A MX TXT* Trace the DNS resolution path:
dig example.com +trace* Check DNS server’s response time:
dig example.com +stats 3. host
host is another DNS lookup tool that simplifies DNS queries.
Basic Usage
* Query a domain:
Basic Usage
* Query a domain:
host example.com* Query for a specific record type:
host -t A example.com # Get A (Address) record
host -t MX example.com # Get MX (Mail Exchange) records
host -t TXT example.com # Get TXT records* Reverse DNS lookup (resolve IP to domain):
host 192.168.1.1* Query a specific DNS server:
host example.com 8.8.8.8Advanced Usage
* Query multiple DNS record types:
* Query multiple DNS record types:
host -t A -t MX example.com 4. dig vs nslookup vs host
5. ping
While ping is not strictly a DNS tool, it uses DNS to resolve hostnames to IP addresses. You can use ping to test DNS resolution.
* Ping a domain (tests DNS resolution and network):
* Ping a domain (tests DNS resolution and network):
ping example.com* Ping an IP address (skips DNS lookup):
ping 192.168.1.1 6. traceroute / tracert
traceroute (or tracert on Windows) traces the route packets take to reach a host, which can help diagnose DNS and network issues.
* Trace the route to a domain:
* Trace the route to a domain:
traceroute example.com # Linux/macOS
tracert example.com # WindowsTrace with a specific DNS server:
traceroute @8.8.8.8 example.com 7. dig for DNSSEC
You can use dig to check for DNSSEC (DNS Security Extensions) and verify the integrity of DNS records.
* Check DNSSEC information:
* Check DNSSEC information:
dig example.com +dnssec* Verify DNSSEC signature:
dig +dnssec example.com 8. dig for Checking Time-to-Live (TTL)
The TTL value indicates how long a DNS record is cached by a resolver. You can check it using dig.
* Get TTL of a record:
* Get TTL of a record:
dig example.comThe output will show the TTL in the section called ANSWER SECTION.
9. whois
whois is used to query the domain registration database for detailed information about a domain (including DNS servers).
* Check domain registration details:
* Check domain registration details:
whois example.comThis will give you information such as domain owner, registrar, and nameservers.
10. dig for DNS Cache
If you want to check for cached DNS records or refresh them, dig provides some useful flags:
* Check cached DNS record (check local DNS cache):
* Check cached DNS record (check local DNS cache):
dig +short example.com* Flush DNS cache (on Linux/macOS):
sudo systemctl restart nscd # For systems using nscd
sudo systemctl restart systemd-resolved # For systems using systemd-resolvedOn Windows:
ipconfig /flushdns Summary of Useful Commands
nslookup example.com #Query DNS for a domain
dig example.com #Query DNS for a domain
host example.com #Query DNS for a domain
nslookup -type=A example.com #Query A record for a domain
dig @8.8.8.8 example.com #Query DNS server directly (e.g., Google DNS)
dig example.com +trace #Trace DNS resolution path
host -t MX example.com #Query MX (Mail Exchange) record
ping example.com #Test DNS resolution and network connectivity
traceroute example.com #Trace the route to a domain
whois example.com #Get domain registration detailsThis cheat sheet should help you with DNS querying and troubleshooting.
