I am trying to get all IP Addresses for: earth.all.vpn.airdns.org
ip_list = 
for hostname in hostnames:
ais = socket.getaddrinfo(hostname, None)
for result in ais:
eprint("Unable to get IP for hostname: " + hostname)
nslookup query the default DNS server directly using UDP/TCP and their own implementation of DNS queries, whereas Python's
socket module uses the DNS lookup interface of the operating system, which usually uses a more sophisticates lookup mechanism involving e.g. a dns cache, a host file, domain suffixes, link-local name resolution etc.
strace shows that Python's
socket.getaddrinfo ends up using a netlink (AF_NETLINK) socket, to query the system for the DNS lookup (Python 2.7 on Ubuntu 12.04).
nslookup however, reads the default DNS server from
/etc/resolv.conf and opens a UDP socket on port 53.
I think there are two reason why you are getting a different entry count:
nslookupalways retrieves "fresh" results.
nslookup might produce slightly different DNS queries than the system resolver (producing another answer). That could be checked with Wireshark, but I will leave that for now.
Another issue could be the truncation of DNS responses when UPD is used. If there is a large number of entries, they won't fit in a single UDP package, so the answer contains a truncation flag. It depends on the client to re-send the DNS query over a TCP socket in order to retrieve all results. (Truncated answers are actually empty).
Edit: A note on caching / volatile
Even if the mismatch is not due to your local DNS cache, it may be due to server-side caching. I tried several DNS servers and all gave different results for that particular name. That means that they are not in sync due to DNS changes within the time-to-live (TTL).