May 28, 2007

The nslookup Manual Page

   原来nslookup的功能非常强大,我以前以为之可以nslookup host/ip 进行域名的正向/反向查询,下面是以外国人写的nslookup在unix中的manual page
This page contains the manual page for the UNIX shell comand "nslookup"
for your reference. Note that this is taken straight from the man page
on my system, your system might be running a different version or not
have this command enabled at all.

NSLOOKUP(8)                                           NSLOOKUP(8)

nslookup - query Internet name servers interactively

nslookup [ -option ... ] [ host-to-find | - [ server ]]

Nslookup is a program to query Internet domain name
servers. Nslookup has two modes: interactive and non-
interactive. Interactive mode allows the user to query
name servers for information about various hosts and
domains or to print a list of hosts in a domain. Non-
interactive mode is used to print just the name and
requested information for a host or domain.

Interactive mode is entered in the following cases:

a) when no arguments are given (the default name server
will be used),

b) when the first argument is a hyphen (-) and the second
argument is the host name or Internet address of a
name server.

Non-interactive mode is used when the name or Internet
address of the host to be looked up is given as the first
argument. The optional second argument specifies the host
name or address of a name server.

The options listed under the ``set'' command below can be
specified in the .nslookuprc file in the user's home
directory if they are listed one per line. Options can
also be specified on the command line if they precede the
arguments and are prefixed with a hyphen. For example, to
change the default query type to host information, and the
initial timeout to 10 seconds, type:
nslookup -query=hinfo -timeout=10

Commands may be interrupted at any time by typing a con-
trol-C. To exit, type a control-D (EOF) or type exit.
The command line length must be less than 256 characters.
To treat a built-in command as a host name, precede it
with an escape character (). N.B. an unrecognized com-
mand will be interpreted as a host name.

host [server]
Look up information for host using the current
default server or using server if specified. If
host is an Internet address and the query type is A
or PTR, the name of the host is returned. If host
is a name and does not have a trailing period, the
default domain name is appended to the name. (This
behavior depends on the state of the set options
domain, srchlist, defname, and search). To look up
a host not in the current domain, append a period
to the name.

server domain
lserver domain
Change the default server to domain. Lserver uses
the initial server to look up information about
domain while server uses the current default
server. If an authoritative answer can't be found,
the names of servers that might have the answer are

root Changes the default server to the server for the
root of the domain name space. Currently, the host is used. (This command is a syn-
onym for lserver The name of the
root server can be changed with the set root com-

finger [name] [> filename]
finger [name] [>> filename]
Connects with the finger server on the current
host. The current host is defined when a previous
lookup for a host was successful and returned
address information (see the set querytype=A com-
mand). Name is optional. > and >> can be used to
redirect output in the usual manner.

ls [option] domain [> filename]
ls [option] domain [>> filename]
List the information available for domain, option-
ally creating or appending to filename. The
default output contains host names and their Inter-
net addresses. Option can be one of the following:

-t querytype
lists all records of the specified type (see
querytype below).

-a lists aliases of hosts in the domain. synonym
for -t CNAME.

-d lists all records for the domain. synonym for
-t ANY.

-h lists CPU and operating system information for
the domain. synonym for -t HINFO.

-s lists well-known services of hosts in the
domain. synonym for -t WKS.

When output is directed to a file, hash marks are
printed for every 50 records received from the

view filename
Sorts and lists the output of previous ls com-
mand(s) with more(1).


? Prints a brief summary of commands.

exit Exits the program.

set keyword[=value]
This command is used to change state information
that affects the lookups. Valid keywords are:

all Prints the current values of the frequently-
used options to set. Information about the
current default server and host is also

Change the query class to one of:

IN the Internet class.

CHAOS the Chaos class.

HESIOD the MIT Athena Hesiod class.

ANY wildcard (any of the above).

The class specifies the protocol group of
the information.
(Default = IN, abbreviation = cl)

Turn debugging mode on. A lot more informa-
tion is printed about the packet sent to the
server and the resulting answer.
(Default = nodebug, abbreviation = [no]deb)

[no]d2 Turn exhaustive debugging mode on. Essen-
tially all fields of every packet are
(Default = nod2)

Change the default domain name to name. The
default domain name is appended to a lookup
request depending on the state of the def-
name and search options. The domain search
list contains the parents of the default
domain if it has at least two components in
its name. For example, if the default
domain is CC.Berkeley.EDU, the search list
is CC.Berkeley.EDU and Berkeley.EDU. Use
the set srchlist command to specify a dif-
ferent list. Use the set all command to
display the list.
(Default = value from hostname,
/etc/resolv.conf or LOCALDOMAIN, abbrevia-
tion = do)

Change the default domain name to name1 and
the domain search list to name1, name2, etc.
A maximum of 6 names separated by slashes
(/) can be specified. For example,
set srch-
sets the domain to lcs.MIT.EDU and the
search list to the three names. This com-
mand overrides the default domain name and
search list of the set domain command. Use
the set all command to display the list.
(Default = value based on hostname,
/etc/resolv.conf or LOCALDOMAIN, abbrevia-
tion = srchl)

If set, append the default domain name to a
single-component lookup request (i.e., one
that does not contain a period).
(Default = defname, abbreviation = [no]def)

If the lookup request contains at least one
period but doesn't end with a trailing
period, append the domain names in the
domain search list to the request until an
answer is received.
(Default = search, abbreviation = [no]sea)

Change the default TCP/UDP name server port
to value.
(Default = 53, abbreviation = po)

Change the type of information query to one

A the host's Internet address.

CNAME the canonical name for an alias.

HINFO the host CPU and operating system

MINFO the mailbox or mail list informa-

MX the mail exchanger.

NS the name server for the named

PTR the host name if the query is an
Internet address, otherwise the
pointer to other information.

SOA the domain's ``start-of-author-
ity'' information.

TXT the text information.

UINFO the user information.

WKS the supported well-known services.

Other types (ANY, AXFR, MB, MD, MF, NULL)
are described in the RFC-1035 document.
(Default = A, abbreviations = q, ty)

Tell the name server to query other servers
if it does not have the information.
(Default = recurse, abbreviation = [no]rec)

Set the number of retries to number. When a
reply to a request is not received within a
certain amount of time (changed with set
timeout), the timeout period is doubled and
the request is resent. The retry value con-
trols how many times a request is resent
before giving up.
(Default = 4, abbreviation = ret)

Change the name of the root server to host.
This affects the root command.
(Default =, abbreviation =

Change the initial timeout interval for
waiting for a reply to number seconds. Each
retry doubles the timeout period.
(Default = 5 seconds, abbreviation = ti)

[no]vc Always use a virtual circuit when sending
requests to the server.
(Default = novc, abbreviation = [no]v)

Ignore packet truncation errors.
(Default = noignoretc, abbreviation =

If the lookup request was not successful, an error message
is printed. Possible errors are:

Timed out
The server did not respond to a request after a cer-
tain amount of time (changed with set timeout=value)
and a certain number of retries (changed with set

No response from server
No name server is running on the server machine.

No records
The server does not have resource records of the cur-
rent query type for the host, although the host name
is valid. The query type is specified with the set
querytype command.

Non-existent domain
The host or domain name does not exist.

Connection refused
Network is unreachable
The connection to the name or finger server could not
be made at the current time. This error commonly
occurs with ls and finger requests.

Server failure
The name server found an internal inconsistency in
its database and could not return a valid answer.

The name server refused to service the request.

Format error
The name server found that the request packet was not
in the proper format. It may indicate an error in

/etc/resolv.conf initial domain name and
name server addresses.
$HOME/.nslookuprc user's initial options.
/usr/share/misc/ summary of commands.

HOSTALIASES file containing host aliases.
LOCALDOMAIN overrides default domain.

resolver(3), resolver(5), named(8),
RFC-1034 ``Domain Names - Concepts and Facilities''
RFC-1035 ``Domain Names - Implementation and Specifica-

Andrew Cherenson

No comments:

Post a Comment