<nslookup [options] $hostOrIp[ /]>
<nslookup PARALLEL[=n] [options] [HOSTS|ADDRS=]$hostsOrIps
nslookup function can resolve a hostname into an IP address
and vice versa. By default (if hostOrIp is unlabelled), it
looks up a hostname by name, returning the decimal/hex IP address
corresponding to the host. If given an IP address, however, it will
perform a reverse lookup and return the host name for the given IP
With the looping syntax
name resolution can occur in parallel, with multiple names resolving
simultaneously. Behavior is similar to
(here), in that n (default all) of the names
are resolved at a time, and the results are looped over inside the
<nslookup> block, as they are completed. Additional variables,
if given after the host names/IP addresses, can be looped over in the
same return sequence.
$next are set inside
the loop as in
Options that can be set are:
BYADDRForces all lookups by address, i.e. IP-to-name translation. If a given value doesn't look like an IP address, it is assumed to be a host name already resolved, and is returned as-is. Overrides the
BYNAMEForces all lookups by name, i.e. name-to-IP translation. If a given value looks like an IP address, it is assumed to be already translated and is returned as-is. Overrides the
MTERRReturn empty string if name or IP address cannot be resolved. By default, a given value is returned as-is if the lookup fails, so that a bulk translation of addresses, e.g. from a web log, doesn't have to be checked individually for errors when printing results.
ADDRS=$ipsSets the list of names to be looked up. Either by-name or by-address translation is forced accordingly; but the
BYADDRflags override this.
If just a list of names is given without
ADDRS= or the
by-name or by-address translation happens on a per-value basis
depending on whether the name looks like an IP address or not.
After each value is resolved (inside the loop, if looping), more
information about the lookup can be obtained with the
function (here), such as the list of aliases (if
any), or additional IP addresses. As with all looping statements,
<BREAK> can be used inside a looping
nslookup to stop
pending lookups and end the loop. The
(here) is used to control various aspects of
nslookup returns the resolved IP address or domain name, as
appropriate. On error, either the original value or an empty string
is returned, depending on the
This example prints the distinct hostnames of the last 100 clients to access the web server. It does this by reading the last 100 lines of the transfer log and pulling out the IP addresses, then using
nslookup to resolve the names. Note that the list is
uniq'd before being passed to
nslookup, to avoid
duplicate lookups of the same name. Also, the names are resolved only
3 at a time to save traffic on the nameserver(s). Because of the
BYADDR flag, any addresses that are already resolved in the log
file (i.e. if name lookups were turned on in the server) are passed
<readln rev "/usr/local/morph3/transfer.log"/>
<rex ">>=[^\space]+" $ret> <!-- get the IPs -->
<uniq $ret ICASE><$ip = $ret> <!-- remove duplicates -->
<nslookup PARALLEL=3 ADDRS=$ip> <!-- look up 3 at a time -->
By turning off reverse name lookup in the web server and using a script such as this to resolve names only as needed, network traffic can be decreased and web server response time increased.
nslookup function was added in version 3.0.951800000 20000228.
PARALLEL, it is easy to overload a
server with too many requests at once. This is even more true with
nslookup, because all those requests are going through the
same local nameserver even for different-domain hosts. Use caution
PARALLEL flag; always given a small number.
Resolved names are not cached (unlike with
fetch), so multiple
lookups of the same name or IP (e.g. from a web log) are discouraged;
uniq or the like to avoid duplicate lookups and save
<urlcp dnsmode sys> is set, lookups are serial even if
PARALLEL is set, due to C lib constraints.