# Nslookup
`nslookup` — Query Internet domain name servers for information.
**Synopsis**
```bash
nslookup [options] [domain_name]
```
**Description**\
The `nslookup` command is a network administration tool used for querying Domain Name System (DNS) servers to obtain domain name or IP address mapping, and other DNS records. It is widely used to troubleshoot DNS-related issues and to gather information about domain names and IP addresses.
**Basic Usage**
```bash
nslookup [domain_name]
```
This basic usage queries the default DNS server for information about the specified domain (e.g., `example.com`) and returns the IP address associated with it.
For example:
```bash
nslookup example.com
```
#### **Options**
* **`[domain_name]`**
* The domain name for which you wish to look up information. If omitted, `nslookup` will query the default DNS server and provide information on its configuration.
* **`server [DNS_server]`**
* Specifies a particular DNS server to query instead of using the default server.
```bash
nslookup example.com 8.8.8.8
```
This will query Google's DNS server (8.8.8.8) for the domain `example.com`.
* **`-type=record_type`**
* Specifies the type of DNS record to query. Common types include:
* **A**: Address record (IPv4 address)
* **AAAA**: Address record (IPv6 address)
* **MX**: Mail Exchange record
* **CNAME**: Canonical Name record
* **NS**: Name Server record
* **PTR**: Pointer record (reverse DNS)
* **TXT:** Additional data used for domain verification purpose
* **SOA:** Statement of Authority records of the target domains.
```bash
nslookup -type=MX example.com
```
This will return the mail server information for `example.com`.
* **`-timeout=seconds`**
* Sets the time to wait for a response from the DNS server before timing out.
```bash
nslookup -timeout=10 example.com
```
* **`-debug`**
* Displays detailed information about the query, including the server response and intermediate steps.
```bash
nslookup -debug example.com
```
* **`-retry=n`**
* Specifies the number of retry attempts if the DNS server fails to respond.
```bash
nslookup -retry=3 example.com
```
* **`-port=port_number`**
* Specifies a custom port for the DNS server to use.
```bash
nslookup -port=53 example.com
```
* **`set [option]`**
* This is used to modify the behavior of `nslookup` for the current session. Some common `set` options include:
* **`set type=record_type`**: Changes the type of record to query (e.g., `set type=MX`).
* **`set querytype=record_type`**: Equivalent to `-type=record_type`.
* **`set debug`**: Enables debugging output.
* **`set port=port_number`**: Sets a custom DNS server port.
* **`set timeout=seconds`**: Adjusts the query timeout.
Example:
```bash
nslookup
> set type=MX
> example.com
```
### DNS ZONE TRANSFER
***
### Perform DNS Enumeration using Zone Transfer
```
## DNS Zone transfer using Dig
dig ns [Target Domain]
dig @[NameServer] [Target Domain] axfr
```
```
## DNS Zone transfer using Nslookup
nslookup
set querytype=soa
ls -d [Name Server]
```
***
{% hint style="info" %}
NSLOOKUP ON WEB :
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://ghoulsec.gitbook.io/Toolbase/information-gathering-and-recon-tools/nslookup.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.