nslookup

Queries a specified DNS server to resolve domain names to IP addresses. Supports A, NS, PTR, MX, CNAME, and TXT DNS record types, and assigns the response results to output fields.

Command properties

PropertyDescription
Command typeTransforming
Required permissionNone
License usageN/A
Parallel executionSupported
Distributed executionRuns on Data Node (mapper)

Syntax

nslookup ns=IP [type={A|NS|PTR|MX|CNAME|TXT}] [timeout=INT] [cache=INT] FIELD output OUTFIELD [as ALIAS], ...

Options

ns=IP
IP address of the name server to send DNS queries to.
type={A|NS|PTR|MX|CNAME|TXT}
DNS query type. (Default: A)
  • A: IPv4 address of the host
  • NS: Authoritative name server
  • PTR: Reverse DNS lookup
  • MX: Mail exchange server
  • CNAME: Canonical name (alias)
  • TXT: Text record
timeout=INT
DNS response wait time in seconds. Must be an integer between 1 and 60. (Default: 5)
cache=INT
Maximum size of the DNS response cache in bytes. Must be an integer between 1 and 10485760. (Default: 1048576)

Target

FIELD
Input field containing the domain name.
output OUTFIELD [as ALIAS], ...
List of DNS response fields to output. Separate multiple fields with commas (,). Use the as keyword to specify an alias for an output field. Available output fields are as follows:
  • ip: IP address from the first A record
  • status: DNS response status code
  • flags: DNS response flag string
  • answers: List of resource records in the Answer section
  • authorities: List of resource records in the Authority section
  • additionals: List of resource records in the Additional section

Input fields

FieldTypeRequiredDescription
FIELDstringRequiredDomain name to query. If the value is not a string or is an empty string, INVALID_DOMAIN is assigned to the _error field.

Output fields

FieldTypeDescription
ipstringIP address from the first A record. Not assigned if no A record exists.
statusstringDNS response status code. One of: NO_ERROR, FORMAT_ERROR, SERVER_FAILURE, NAME_ERROR, NOT_IMPLEMENTED, REFUSED.
flagsstringDNS response flag string (e.g., standard query response (RD RA)).
answersarrayList of resource records in the Answer section converted to strings.
authoritiesarrayList of resource records in the Authority section converted to strings.
additionalsarrayList of resource records in the Additional section converted to strings.
_errorstringError message when an error occurs. INVALID_DOMAIN if the input value is invalid; TIMEOUT if the DNS response times out.

Error codes

Parse errors
Error codeMessageDescription
22700The output clause is missing from the nslookup command.The output keyword was not specified.
22701Invalid nslookup field syntax. Use the `field as alias` syntax.The field specification syntax is incorrect.
22702The as keyword is expected at position [as] in the nslookup command.The as keyword is missing when specifying an alias.
22703Only IP addresses are allowed for the ns option of the nslookup command.An invalid IP address was specified for the ns option.
22704Only ip, status, flags, answers, additionals, and authorities are allowed for the output fields of the nslookup command.A disallowed field name was specified in the output clause.
22705Set the ns option for the nslookup command.The ns option was not specified.
22706The timeout option for the nslookup command must be a positive integer of 60 or less.The timeout option value is 0 or less, or greater than 60.
22707The cache option for the nslookup command must be a positive integer of 10485760 or less.The cache option value is 0 or less, or greater than 10485760.
22708Unsupported type option for the nslookup command. Specify one of: A, NS, PTR, MX, CNAME, TXT.An unsupported DNS query type was specified for the type option.
Runtime errors

None

Description

The nslookup command reads domain names from the specified field of input records, queries a DNS server, and assigns the response results to output fields. DNS query results are cached internally to prevent repeated queries for the same domain.

If the input field value is not a string or is an empty string, no DNS query is performed and INVALID_DOMAIN is assigned to the _error field. If the DNS server does not respond within the specified time, TIMEOUT is assigned to the _error field.

Only the fields specified in the output clause are assigned to the output record. The ip field returns only the IP address from the first A record, so if multiple A records exist, use the answers field to see all response records.

Examples

  1. Resolve a domain to an IP address

    json "[{'domain': 'example.com'}, {'domain': 'www.example.com'}]"
| nslookup ns=198.51.100.53 domain output ip, status

    Queries the domain names in the domain field against the name server 198.51.100.53 and assigns the results to the ip and status fields.

  2. Specify aliases for output fields

    json "[{'host': 'example.com'}]"
| nslookup ns=198.51.100.53 host output ip as resolved_ip, status as dns_status

    Uses the as keyword in the output clause to rename the output fields.

  3. Query MX records

    json "[{'domain': 'example.com'}]"
| nslookup ns=198.51.100.53 type=MX domain output answers

    Uses the type=MX option to query mail exchange server records and assigns them to the answers field.

  4. Specify timeout and cache size

    json "[{'domain': 'example.com'}]"
| nslookup ns=198.51.100.53 timeout=10 cache=2097152 domain output ip, status, flags, answers, authorities, additionals

    Sets the timeout to 10 seconds and cache size to 2 MB, then queries all output fields.

  5. Reverse DNS lookup with PTR records

    json "[{'addr': '1.100.51.198.in-addr.arpa'}]"
| nslookup ns=198.51.100.53 type=PTR addr output answers

    Uses the type=PTR option to perform a reverse DNS lookup on an IP address.