Dig

From Christoph's Personal Wiki
Jump to: navigation, search

dig (aka "Domain Information Groper") is a network administration command-line tool for querying the Domain Name System (DNS).

Examples

  • Basic:
$ dig example.com

; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47191
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;example.com.			IN	A

;; ANSWER SECTION:
example.com.		8965	IN	A	93.184.216.34

;; Query time: 26 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Sep 20 16:15:28 PDT 2021
;; MSG SIZE  rcvd: 56

Specific DNS server

Queries may be directed to designated DNS servers for specific records; in this example, MX records:

$ dig wikimedia.org MX @ns0.wikimedia.org

; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> wikimedia.org MX @ns0.wikimedia.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28041
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1024
; COOKIE: f1dc16b8ff5eb444399d5455c80f3c90 (good)
;; QUESTION SECTION:
;wikimedia.org.			IN	MX

;; ANSWER SECTION:
wikimedia.org.		3600	IN	MX	10 mx2001.wikimedia.org.
wikimedia.org.		3600	IN	MX	50 mx1001.wikimedia.org.

;; Query time: 98 msec
;; SERVER: 208.80.154.238#53(208.80.154.238)
;; WHEN: Mon Sep 20 16:17:42 PDT 2021
;; MSG SIZE  rcvd: 108

With output formatting

There are many output formatting options available. A common selection to make the output more terse is:

$ dig +noall +answer +multiline wikimedia.org MX
wikimedia.org.		3600 IN	MX 10 mx2001.wikimedia.org.
wikimedia.org.		3600 IN	MX 50 mx1001.wikimedia.org.

Where +noall +answer +multiline are simply output formatting flags.

Miscellaneous

  • Check DNS records:
$ dig TXT _acme-challenge.tfe.example.com +short
# Should return something that looks like this:
"GungAThu5sg63DuvJ1U3egVgRIyhzLDQ7MQylzEW1Z4"
  • Lookup CNAMEs:
$ dig @8.8.8.8 rancher-poc.redapt.com C
  • Name servers (NS):
$ nslookup -type=ns redhat.com
$ dig ns redhat.com +noall +short
a10-65.akam.net.
a28-64.akam.net.
a9-65.akam.net.
a1-68.akam.net.
a16-67.akam.net.
a13-66.akam.net.
  • Use a local resolver (with cache):
$ dig +noall +stats www.google.com | grep ";; Query time"
#;; Query time: 3 msec
  • Use openDNS:
$ dig +noall +stats google.com @208.67.222.222 | grep ";; Query time" 
#;; Query time: 28 msec
  • Use your local ISP's DNS:
$ dig +noall +stats google.com @212.27.40.240 | grep ";; Query time" 
#;; Query time: 20 msec
  • Reverse DNS lookup:
$ host -t mx marcxtof.com
$ dig +short -x 67.207.152.20 # => marcxtof.com (reverse DNS lookup)

Star Wars

$ ( seq 1 8 200 ; seq 6 8 200 )|sort -n|xargs -I{} -n 1 dig +short -x 206.214.251.{}
$ traceroute 216.81.59.173
$ ( seq 206 8 250 ; seq 209 8 250 )|sort -n|xargs -I{} -n 1 dig +short -x 206.214.251.{}

Extended examples

When you pass a domain name to the dig command, by default it displays the A record (the IP address of the site that is queried) as shown below.

  • Display the A record of redhat.com in the ANSWER SECTION of the dig command output.
$ dig redhat.com

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62863
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3

;; QUESTION SECTION:
;redhat.com.                    IN      A

;; ANSWER SECTION:
redhat.com.             37      IN      A       209.132.183.81

;; AUTHORITY SECTION:
redhat.com.             73      IN      NS      ns4.redhat.com.
redhat.com.             73      IN      NS      ns3.redhat.com.
redhat.com.             73      IN      NS      ns2.redhat.com.
redhat.com.             73      IN      NS      ns1.redhat.com.

;; ADDITIONAL SECTION:
ns1.redhat.com.         73      IN      A       209.132.186.218
ns2.redhat.com.         73      IN      A       209.132.183.2
ns3.redhat.com.         73      IN      A       209.132.176.100

;; Query time: 13 msec
;; SERVER: 209.144.50.138#53(209.144.50.138)
;; WHEN: Thu Jan 12 10:09:49 2012
;; MSG SIZE  rcvd: 164

The dig command output has the following sections:

Header
This displays the dig command version number, the global options used by the dig command, and a few additional header information.
QUESTION SECTION
This displays the question it asked the DNS. i.e This is your input. Since we executed dig redhat.com, and the default type dig command uses is A record, it indicates in this section that we asked for the A record of the redhat.com website
ANSWER SECTION
This displays the answer it receives from the DNS. i.e This is your output. This displays the A record of redhat.com
AUTHORITY SECTION
This displays the DNS name server that has the authority to respond to this query. This displays available name servers of redhat.com
ADDITIONAL SECTION
This displays the IP address of the name servers listed in the AUTHORITY SECTION.
The stats section at the bottom displays few dig command statistics including how much time it took to execute this query.
  • Display only the ANSWER SECTION: For the most part, all you need to look at is the ANSWER SECTION of the dig command. So, we can turn off all other sections with:
+nocomments   # turn off the comment lines
+noauthority  # turn off the authority section
+noadditional # turn off the additional section
+nostats      # turn off the stats section
+noanswer     # turn off the answer section (note: you normally would _not_ want to turn off the answer section)
  • Display only the ANSWER SECTION:
$ dig redhat.com +nocomments +noquestion +noauthority +noadditional +nostats

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com +nocomments +noquestion +noauthority +noadditional +nostats
;; global options: +cmd
redhat.com.             9       IN      A       209.132.183.81

Instead of disabling all the sections that we do not want one by one, we can disable all sections using +noall (this also turns off the ANSWER SECTION), and add the +answer, which will show only the answer section.

  • The above command can also be written in a short form, which displays only the ANSWER SECTION:
$ dig redhat.com +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com +noall +answer
;; global options: +cmd
redhat.com.             60      IN      A       209.132.183.81
  • Query MX records:
$ dig redhat.com MX +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com MX +noall +answer
;; global options: +cmd
redhat.com.             513     IN      MX      5 mx1.redhat.com.
redhat.com.             513     IN      MX      10 mx2.redhat.com.
  • You can also use the -t option to pass the query type (e.g.,: MX):
$ dig -t MX redhat.com +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> -t MX redhat.com +noall +answer
;; global options: +cmd
redhat.com.             489     IN      MX      10 mx2.redhat.com.
redhat.com.             489     IN      MX      5 mx1.redhat.com.
  • Query NS records:
$ dig redhat.com NS +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com NS +noall +answer
;; global options: +cmd
redhat.com.             558     IN      NS      ns2.redhat.com.
redhat.com.             558     IN      NS      ns1.redhat.com.
redhat.com.             558     IN      NS      ns3.redhat.com.
redhat.com.             558     IN      NS      ns4.redhat.com.

#~OR~

$ dig -t NS redhat.com +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> -t NS redhat.com +noall +answer
;; global options: +cmd
redhat.com.             543     IN      NS      ns4.redhat.com.
redhat.com.             543     IN      NS      ns1.redhat.com.
redhat.com.             543     IN      NS      ns3.redhat.com.
redhat.com.             543     IN      NS      ns2.redhat.com.
  • View all the record types (A, MX, NS, etc.) with ANY as the record type:
$ dig redhat.com ANY +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com ANY +noall +answer
;; global options: +cmd
redhat.com.             430     IN      MX      5 mx1.redhat.com.
redhat.com.             430     IN      MX      10 mx2.redhat.com.
redhat.com.             521     IN      NS      ns3.redhat.com.
redhat.com.             521     IN      NS      ns1.redhat.com.
redhat.com.             521     IN      NS      ns4.redhat.com.
redhat.com.             521     IN      NS      ns2.redhat.com.

# (or) Use -t ANY

$ dig -t ANY redhat.com  +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> -t ANY redhat.com +noall +answer
;; global options: +cmd
redhat.com.             367     IN      MX      10 mx2.redhat.com.
redhat.com.             367     IN      MX      5 mx1.redhat.com.
redhat.com.             458     IN      NS      ns4.redhat.com.
redhat.com.             458     IN      NS      ns1.redhat.com.
redhat.com.             458     IN      NS      ns2.redhat.com.
redhat.com.             458     IN      NS      ns3.redhat.com.
  • View just the IP address of a website (i.e, the A record), use the short form option:
$ dig redhat.com +short
209.132.183.81
  • Specify a record type that you want to view:
$ dig redhat.com ns +short
ns2.redhat.com.
ns3.redhat.com.
ns1.redhat.com.
ns4.redhat.com.
  • Perform a DNS reverse lookup using the IP address. For example, if you just have an external IP address and would like to know the website that belongs to it, do the following:
$ dig -x 209.132.183.81 +short
www.redhat.com.
  • View the full details of the DNS reverse lookup:
$ dig -x 209.132.183.81

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> -x 209.132.183.81
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62435
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3

;; QUESTION SECTION:
;81.183.132.209.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
81.183.132.209.in-addr.arpa. 600 IN     PTR     www.redhat.com.

;; AUTHORITY SECTION:
183.132.209.in-addr.arpa. 248   IN      NS      ns2.redhat.com.
183.132.209.in-addr.arpa. 248   IN      NS      ns1.redhat.com.
183.132.209.in-addr.arpa. 248   IN      NS      ns3.redhat.com.
183.132.209.in-addr.arpa. 248   IN      NS      ns4.redhat.com.

;; ADDITIONAL SECTION:
ns1.redhat.com.         363     IN      A       209.132.186.218
ns2.redhat.com.         363     IN      A       209.132.183.2
ns3.redhat.com.         363     IN      A       209.132.176.100

;; Query time: 35 msec
;; SERVER: 209.144.50.138#53(209.144.50.138)
;; WHEN: Thu Jan 12 10:15:00 2012
;; MSG SIZE  rcvd: 193

By default, dig uses the DNS servers defined in your /etc/resolv.conf file. If you would like to use a different DNS server to perform the query, specify it with @dnsserver.

  • Use ns1.redhat.com as the DNS server to get the answer (instead of using the DNS servers from the /etc/resolv.conf file):
$ dig @ns1.redhat.com redhat.com

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> @ns1.redhat.com redhat.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20963
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;redhat.com.                    IN      A

;; ANSWER SECTION:
redhat.com.             60      IN      A       209.132.183.81

;; AUTHORITY SECTION:
redhat.com.             600     IN      NS      ns1.redhat.com.
redhat.com.             600     IN      NS      ns4.redhat.com.
redhat.com.             600     IN      NS      ns3.redhat.com.
redhat.com.             600     IN      NS      ns2.redhat.com.

;; ADDITIONAL SECTION:
ns1.redhat.com.         600     IN      A       209.132.186.218
ns2.redhat.com.         600     IN      A       209.132.183.2
ns3.redhat.com.         600     IN      A       209.132.176.100
ns4.redhat.com.         600     IN      A       209.132.188.218

;; Query time: 160 msec
;; SERVER: 209.132.186.218#53(209.132.186.218)
;; WHEN: Thu Jan 12 10:22:11 2012
;; MSG SIZE  rcvd: 180
  • Perform a bulk DNS query based on the data from a file. First, create a sample domains.txt file that contains the websites that you want to query:
$ cat << EOF > domains.txt
redhat.com
centos.org
EOF

Next, perform a bulk DNS query for the websites listed in the domains.txt file and display the output:

$ dig -f domains.txt +noall +answer
redhat.com.             60      IN      A       209.132.183.81
centos.org.             60      IN      A       72.232.194.162
  • You can also combine the record type with the -f option. The following example displays the MX records of multiple websites that are located in the domains.txt file.
$ dig -f domains.txt MX +noall +answer
redhat.com.             600     IN      MX      10 mx2.redhat.com.
redhat.com.             600     IN      MX      5 mx1.redhat.com.
centos.org.             3600    IN      MX      10 mail.centos.org.
  • Query multiple websites. The following example queries MX record for redhat.com, and NS record for centos.org:
$ dig redhat.com mx +noall +answer centos.org ns +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com mx +noall +answer centos.org ns +noall +answer
;; global options: +cmd
redhat.com.             332     IN      MX      10 mx2.redhat.com.
redhat.com.             332     IN      MX      5 mx1.redhat.com.
centos.org.             3778    IN      NS      ns3.centos.org.
centos.org.             3778    IN      NS      ns4.centos.org.
centos.org.             3778    IN      NS      ns1.centos.org.
  • If you are continually wishing to only view the ANSWER SECTION of the dig output, add your dig options to the .digrc file:
$ cat $HOME/.digrc
+noall +answer

Now anytime you execute the dig command, it will always use +noall and +answer options by default:

$ dig redhat.com
redhat.com.             60      IN      A       209.132.183.81

$ dig redhat.com MX
redhat.com.             52      IN      MX      5 mx1.redhat.com.
redhat.com.             52      IN      MX      10 mx2.redhat.com.

Start of Authority (SOA)

Find out the Start of Authority (SOA) record using dig or host. SOA specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.

  • Display a SOA record using host:
$ host -t soa redhat.com
redhat.com has SOA record a1-68.akam.net. noc.redhat.com. 2021092000 300 180 604800 14400
  • Display a SOA record using dig:
$ dig SOA redhat.com

; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> SOA redhat.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28645
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;redhat.com.			IN	SOA

;; ANSWER SECTION:
redhat.com.		3547	IN	SOA	a1-68.akam.net. noc.redhat.com. 2021092000 300 180 604800 14400

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Sep 20 16:43:24 PDT 2021
;; MSG SIZE  rcvd: 93

Record types

  • A — IPv4 IP address
  • AAAA — IPv6 IP address
  • CNAME — Canonical name record (Alias)
  • NS — Name Servers
  • MX — Mail eXchanges
  • PTR — PoinTeR record. Pointer to a canonical name
  • SOA — Start Of Authority. Authoritative information about a DNS zone
  • TXT — text record

External links