My understanding of nslookup is when you tell it what DNS server to use you are bypassing the NIC’s defined DNS server, right?
Here is an example, when I run nslookup from home:
nslookup – 220.127.116.11
It returns a different (and wrong) result from when I run that same nslookup command from another machine on a different network.
Am I wrong in the expectation that it should be asking 18.104.22.168 what it has stored as the IP for that domain and should be consistent from any device anywhere in the world that I run that specific lookup command?
Additionally, when I use the typical tools on the web such as mxtoolbox.com and whatismydns.com, they all show the correct IP. Only my home network does not.
Yes, when you specify the DNS server for
nslookup to use, it’s supposed to address its DNS query packets directly to the DNS server you specified.
Beware that CDNs (Content Distribution Networks, like Akamai, CloudFlare, and many, many others, including in-house CDNs of all the big name websites) often serve different DNS results to different clients in order to point you at the geographically/topologically closest edge node server to your client device.
Then again, DNS is not secure by default, and as such, is easy to “Man-in-the-Middle” (MitM) attack.
I could imagine a home gateway router vendor designing their routers to intercept and reply to DNS queries. A poor design choice in my opinion, but I could imagine it being done.
I could also easily imagine your router being infected by malware or maliciously reconfigured by an attacker (maybe a kind of botnet operator) to MitM your DNS lookups.
It’s also conceivable that an unwise/untrustworthy ISP might do this, especially in countries with restrictive Internet access policies.