DNS Tools: nslookup vs dig vs whois

View original Gist on GitHub

DNS Tools.md

Quick Reference Table

Tool	Primary Question it Answers	Best For…
ping	“Are you online and can I reach you?”	Basic connectivity checks
nslookup	“What’s the IP address for this domain?”	Quick, simple DNS lookups, especially on Windows
host	“What’s the IP/MX record for this domain?”	Clean, easy-to-read DNS lookups
dig	“Give me all the DNS details for this domain.”	Detailed DNS troubleshooting and scripting
whois	“Who owns this domain?”	Finding domain registration and ownership info
traceroute	“What network path do my packets take to reach you?”	Diagnosing latency and routing problems

nslookup: The Quick & Simple DNS Checker

nslookup (Name Server Lookup) is the classic tool for quick, interactive DNS queries. It’s available by default on both Windows and Unix-like systems.

When to Use nslookup:

• Quickly find an IP address for a domain (A record).
• Find the domain name for an IP address (reverse DNS/PTR record).
• Simple checks where you don’t need extensive detail.
• When you’re on a Windows machine where dig isn’t installed by default.

# Find the IP address for google.com
nslookup google.com

# --- Output ---
# Server:		192.168.1.1
# Address:	192.168.1.1#53
#
# Non-authoritative answer:
# Name:	google.com
# Address: 142.250.178.78

dig: The Detailed DNS Detective 🕵️

dig (Domain Information Groper) is the preferred tool for network administrators and anyone needing detailed DNS information. It provides verbose, easy-to-parse output and offers much more control over your queries. It’s the standard on most Linux/macOS systems.

When to Use dig:

• Troubleshooting complex DNS issues.
• When you need detailed information, such as the record’s Time To Live (TTL), query flags, and the responding server.
• Querying for specific record types like MX (mail exchange), TXT (text), CNAME (canonical name), etc.
• Scripting DNS lookups, as its output is predictable and easy to process.

# Get detailed info for google.com's MX (mail) records
dig google.com MX

# --- Partial Output ---
# ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5968
# ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
#
# ;; QUESTION SECTION:
# ;google.com.			IN	MX
#
# ;; ANSWER SECTION:
# google.com.		600	IN	MX	10 smtp.google.com.
# google.com.		600	IN	MX	20 alt1.smtp.google.com.
# google.com.		600	IN	MX	30 alt2.smtp.google.com.
# google.com.		600	IN	MX	40 alt3.smtp.google.com.
# google.com.		600	IN	MX	50 alt4.smtp.google.com.
#
# ;; Query time: 15 msec
# ;; SERVER: 192.168.1.1#53(192.168.1.1)

whois: The Domain Ownership Investigator

whois queries a public database to retrieve registration information about a domain name or IP address. It tells you who owns the domain, not how to connect to it.

When to Use whois:

• To find the registered owner and contact information for a domain.
• To check a domain’s registration and expiration dates.
• To identify the domain registrar (e.g., GoDaddy, Namecheap).
• To find abuse contacts for reporting spam or malicious activity.

# Find registration info for google.com
whois google.com

# --- Partial Output ---
#    Domain Name: GOOGLE.COM
#    Registry Domain ID: 2138514_DOMAIN_COM-VRSN
#    Registrar WHOIS Server: whois.markmonitor.com
#    Registrar URL: http://www.markmonitor.com
#    Updated Date: 2019-09-09T15:39:04Z
#    Creation Date: 1997-09-15T04:00:00Z
#    Registry Expiry Date: 2028-09-14T04:00:00Z
#    Registrar: MarkMonitor Inc.
#    Registrant Organization: Google LLC
#    Registrant State/Province: CA
#    Registrant Country: US

host

The host command is a simple, user-friendly utility for performing DNS lookups. It’s a great middle-ground between the basic nslookup and the verbose dig.

When to use host:

• For clean, easy-to-read output for common DNS record types. It’s less intimidating than dig.

host google.com
# --- Output ---
# google.com has address 142.250.180.14
# google.com mail is handled by 10 smtp.google.com.

ping

ping is your first stop for checking basic connectivity. It sends a small packet to a host and waits for a reply, measuring the round-trip time.

When to use ping:

• To quickly check if a server is online and reachable over the network. It’s the “are you there?” of networking.

ping google.com
# --- Output ---
# PING google.com (142.250.178.78): 56 data bytes
# 64 bytes from 142.250.178.78: icmp_seq=0 ttl=116 time=14.505 ms
# 64 bytes from 142.250.178.78: icmp_seq=1 ttl=116 time=14.234 ms

traceroute

traceroute maps the network path (the “hops”) your packets take to reach a destination host.

When to use traceroute:

• When you can’t connect to a server or are experiencing high latency. It helps you pinpoint where the connection is failing or slowing down along the path.

traceroute google.com
# --- Partial Output ---
# traceroute to google.com (142.250.178.78), 64 hops max, 52 byte packets
#  1  my-router (192.168.1.1)  2.458 ms  1.321 ms  1.233 ms
#  2  my-isp-gateway (10.0.0.1)  8.125 ms  7.989 ms  8.341 ms
#  3  ...
# 10  some-google-router (108.170.233.107)  15.111 ms  14.887 ms  14.992 ms
# 11  lhr25s33-in-f14.1e100.net (142.250.178.78)  14.654 ms  14.233 ms  14.321 ms