What Is the Nslookup Command and How Can You Use It to Improve DNS Security?

Livia Gyongyoși

1 year ago

Nslookup is a command-line tool that helps you perform DNS queries. The Name Server Lookup (nslookup) command helps server administrators check DNS records. By using it they can find out data like domain names, IP addresses, the ports in use, and timeout.

Computer OSs like Windows, macOS, and most Linux distributions have it as a built-in tool. So it might be ready to use on yours too.

Online nslookup tools also allow you to see all the DNS records for a website. They might be more comfortable to use since you can do all the checking in a browser. But they might not be as safe as the one you have running on your computer.

What Is Nslookup Used For?

Server admins use the nslookup command to troubleshoot DNS issues and test their networks.

But it can also be used for security reasons. Threat actors frequently use DNS spoofing in their phishing attacks. They purposely misspell a domain name and add or omit a punctuation mark in order to lure the victims to a forged website. A regular user might not notice the difference between, let`s say, instagram.com vs. innstagram.com.

Nslookup can also help avoid DNS cache poisoning. With this attack, criminals place fraudulent data and distribute it to the DNS recursive servers, pointing to a fake authoritative server. In this case, hackers distribute data to caching resolvers pointing to a fake authoritative server.

Common DNS Data You Can Check with Nslookup

Check the domain’s NS records.
View MX Records. MX records are responsible for the email exchange. You can check them to see if all the mail servers are functional.
Make a reverse DNS lookup. This enables you to check whether an IP address is related to a domain or not.
Check the Start of Authority (SOA) Records. Here you can find authoritative information about the domain and the server: the admin`s email, serial number, refresh interval, etc.
View all DNS records. This one shows all the available DNS records. After you see them you`ll be able to do specific lookups for different types of DNS records.
Find information about a certain name server. You can use nslookup to find out if a certain DNS server is active and responds on time.
Check out Pointer Records. This helps you to verify if an IP address belongs to a domain name by launching a reverse DNS query.
Query a non-default port.
View debugging information.

How Do You Use the Nslookup Command?

You can use the nslookup command in two modes: interactive and non-active.

For the interactive mode: type just the command name, nslookup. The displayed prompt will let you launch several server queries. Let`s say you type a domain name, like heimdalsecurity.com. After it displays some information about the server and address, it will put up another prompt. This enables you to add an option in a separate line.

If you want to terminate interactive mode, just type exit.

For the non-interactive mode: type nslookup [options] [domain-name]. This mode only lets you issue single queries.

As I said above, you can also use online tools to check DNS records. See below a top 5 list of nslookup online tools:

8 Commonly Used Nslookup Commands

There is more than just one nslookup command. Admins use them to find out various domain information. Here are some of the most common:

/name: queries the current name server for a certain name
/server name: sets the current name server to the server the user requires
/root: sets the root server as the default
/set type=x: indicates the type of records to be displayed: A, CNAME, SPF, SOA, MX, NS, PTR, ZONEMD, etc. To show all records, specify ANY.
/set debug: puts on debug mode, which shows in-depth data about each request.
/set recurse: the DNS name server will query other servers for the info it doesn`t have.
/help: displays a list of nslookup commands, with functions.
/exit: use it to exit nslookup and return to the command prompt.

How to Improve DNS Security with Heimdal

It is a known fact that more than 90% of malware executions happen at a DNS level these days. But checking DNS records in search for signs of DNS spoofing is not enough to keep your system safe.

Heimdal`s Threat Prevention Network product uses DarkLayer GUARD™, the best DNS traffic filtering solution known worldwide. Hunt, prevent, detect, and block to keep safe from DNS attacks.

DarkLayer GUARD™ offers an amazingly fast response time and a low OS footprint. It successfully spots and stops hidden threats using AI. It works on any Windows device, is compatible with any antivirus, and doesn`t need to scan code or audit system processes to detect and block malware.

Your perimeter network is vulnerable to sophisticated attacks.

Heimdal® Network DNS Security

Is the next-generation network protection and response solution that will keep your systems safe.

No need to deploy it on your endpoints;
Protects any entry point into the organization, including BYODs;
Stops even hidden threats using AI and your network traffic log;
Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;

Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Wrap Up

DNS security best practices are often overlooked, but it`s time that companies change this. In a digital world, you can`t avoid using the DNS, a protocol that was written years ago. Most important, it was created without any care for cybersecurity.

Threat actors have of course learned to leverage this in their favor. The best thing you can do is to join the number of organizations that decided to enforce DNS security and tackle malware and ransomware attacks before they happen.

You can check DNS records with the nslookup tool we talked about, for starters. But besides that, don`t let your DNS security become an issue. Make sure you use the best security product on the market to protect your data.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube for more cybersecurity news and topics.