<nslookup [options] $host|$ip[ /]>
<nslookup PARALLEL[=n] [opts] [HOSTS|ADDRS=]$hosts|$ips [$loopvar ...]>
nslookup function can resolve a hostname into an IP
address and vice versa. By default, it looks up a hostname by name,
returning the dotted-decimal IP address corresponding to the host. If
given an IP address, however, it will perform a reverse lookup and
return the host name for the given IP address.
With the second syntax (the
PARALLEL flag), name resolution
can occur in parallel, with multiple names resolving simultaneously.
Behavior is similar to
<fetch PARALLEL> (here),
n (default all) of the names are resolved at a time,
and the results are looped over inside the
<nslookup> block, as
they are completed. Additional variables, if given after the host
names/IP addresses, can be looped over in the same return sequence.
$next are set inside the loop as in
Options that can be set are:
BYADDRForces all lookups by address, i.e. IP-to-name translation. If a given value doesn't look like an IP address, it is assumed to be a host name already resolved, and is returned as-is. Overrides the
BYNAMEForces all lookups by name, i.e. name-to-IP translation. If a given value looks like an IP address, it is assumed to be already translated and is returned as-is. Overrides the
MTERRReturn empty string if name or IP address cannot be resolved. By default, a given value is returned as-is if the lookup fails, so that a bulk translation of addresses, e.g. from a web log, doesn't have to be checked individually for errors when printing results.
ADDRS=$ipsSets the list of names to be looked up in parallel. Either by-name or by-address translation is forced accordingly; but the
BYADDRflags override this. If just a list of names is given without
BYADDRflags, by-name or by-address translation happens on a per-value basis depending on whether the name looks like an IP address or not.
After each value is resolved, more information about the lookup can
be obtained with the
nsinfo function (here),
such as the list of aliases (if any), or additional IP addresses. As
with all looping statements,
<BREAK> can be used inside a
nslookup to stop pending lookups and end the loop. The
urlcp function (here) is used to control
various aspects of
nslookup returns the resolved IP address or domain name, as
appropriate. On error, either the original value or an empty string
is returned, depending on the
This example prints the distinct hostnames of the last 100 clients to access the web server. It does this by reading the last 100 lines of the transfer log and pulling out the IP addresses, then using
nslookup to resolve the names. Note that the list is
uniq'd before being passed to
nslookup, to avoid duplicate
lookups of the same name. Also, the names are resolved only 3 at a
time to save traffic on the nameserver(s). Because of the
flag, any addresses that are already resolved in the log file (i.e. if
name lookups were turned on in the server) are passed through as-is:
<READLN REV /usr/local/morph3/transfer.log></READLN>
<rex ">>=[^\space]+" $ret> <!-- get the IPs -->
<uniq $ret ICASE><$ip = $ret> <!-- remove duplicates -->
<nslookup PARALLEL=3 BYADDR $ip> <!-- look up 3 at a time -->
By turning off reverse name lookup in the web server and using a script such as this to resolve names only as needed, network traffic can be decreased and web server response time increased.
nslookup function was added in version 3.0.951800000 20000228.
PARALLEL, it is easy to overload a
server with too many requests at once. This is even more true with
nslookup, because all those requests are going through the
same local nameserver even for different-domain hosts. Use caution
PARALLEL flag; always given a small number.
Resolved names are not cached, so multiple lookups of the same name
or IP (e.g. from a web log) are discouraged; use
uniq or the
like to avoid duplicate lookups and save traffic.
<urlcp dnsmode sys> is set, lookups are serial even if
PARALLEL is set, due to C lib constraints.