How to Use the Command 'dig' (with examples)
The dig command, short for ‘Domain Information Groper’, is a powerful and flexible DNS lookup utility used primarily to obtain information about a domain name or an IP address. It commonly helps in querying DNS servers for certain DNS records—such as A, MX, CNAME, and others—to troubleshoot DNS issues or verify domain configurations. Each DNS record type provides specific details about a domain, making dig invaluable for network administrators and IT professionals who work with DNS infrastructure and domain management.
Use case 1: Lookup the IP(s) Associated with a Hostname (A records)
Code:
dig +short example.com
Motivation:
Sometimes, you need to quickly find the IP address associated with a domain name for tasks such as verifying your network’s DNS resolution, troubleshooting connectivity issues, or configuring firewalls and security systems. The dig +short command simplifies this by providing a concise and easy-to-read output, presenting only the essential information.
Explanation:
dig: Initiates the DNS query utility.+short: This option modifies the output to be brief, showing only the IP address without additional metadata.example.com: The target domain you are querying to find its associated IP address (A record).
Example output:
93.184.216.34
Use case 2: Get a Detailed Answer for a Given Domain (A records)
Code:
dig +noall +answer example.com
Motivation:
If you need detailed information about a domain, including authoritative DNS responses, TTL (Time to Live), and record classes, the dig +noall +answer command provides a more comprehensive view than the +short option. This is particularly useful for debugging or when deeper insights into DNS responses are necessary.
Explanation:
dig: Starts the DNS interrogation tool.+noall: Disables all output except that explicitly requested.+answer: Requests only the answer section which contains the actual DNS records.example.com: The domain in question for which the detailed DNS response is desired.
Example output:
example.com. 86000 IN A 93.184.216.34
Use case 3: Query a Specific DNS Record Type Associated with a Given Domain Name
Code:
dig +short example.com A|MX|TXT|CNAME|NS
Motivation: Domains often have various DNS records types associated with them—such as MX for mail servers or TXT for text records—and each type serves a different purpose. This command lets you look up such specific record types quickly, aiding in configurations and diagnostics, especially when verifying email setups or DNS security practices like SPF and DKIM entries.
Explanation:
dig: Calls up the DNS query utility.+short: Ensures the output is succinct, listing only the records without excessive information.example.com: The domain you want to inspect.A|MX|TXT|CNAME|NS: The different DNS record types you may query. Use one option as per need to obtain IP addresses (A), mail servers (MX), textual data (TXT), canonical names (CNAME), or name servers (NS) respectively.
Example output for MX record query:
10 mail.example.com.
Use case 4: Specify an Alternate DNS Server to Query and Optionally Use DNS over TLS (DoT)
Code:
dig +tls @1.1.1.1 example.com
Motivation: Using alternate DNS servers can be crucial for accessing faster, more secure, or less censored DNS resolutions. By specifying a DNS over TLS, you can also enhance security by encrypting DNS queries, thereby protecting against eavesdropping and man-in-the-middle attacks.
Explanation:
dig: Executes the DNS lookup.+tls: Activates DNS over TLS, providing encrypted communication with the DNS server described.@1.1.1.1: Identifies the alternate DNS server used for the query, such as Cloudflare’s DNS.example.com: The domain you wish to resolve using this server.
Example output:
example.com. 300 IN A 93.184.216.34
Use case 5: Perform a Reverse DNS Lookup on an IP Address (PTR record)
Code:
dig -x 8.8.8.8
Motivation: Reverse DNS lookups are essential for identifying the domain associated with a particular IP address. This type of query (PTR record) can aid in email configuration, logging, and when tracing spam or other network security purposes.
Explanation:
dig: Invokes the DNS utility to perform the query.-x: Tellsdigto perform a reverse lookup, which queries the PTR (Pointer) record.8.8.8.8: The IP address you’d like to perform the reverse lookup on, such as Google’s public DNS server.
Example output:
8.8.8.8.in-addr.arpa. 300 IN PTR dns.google.
Use case 6: Find Authoritative Name Servers for the Zone and Display SOA Records
Code:
dig +nssearch example.com
Motivation: Determining authoritative name servers is critical when managing DNS zones or troubleshooting DNS propagation issues. This command identifies those servers by performing a name server search, which can also reveal the Start of Authority (SOA) records—essential for setting zone transfer limits or DNS caching parameters.
Explanation:
dig: Calls the DNS lookup feature.+nssearch: Specifies a name server search to locate authoritative servers and display their SOA records for the given domain.example.com: The target domain for which you want authoritative name server information.
Example output:
SOA ns1.example.com. hostmaster.example.com. 2021093001 3600 600 1209600 300
Use case 7: Perform Iterative Queries and Display the Entire Trace Path to Resolve a Domain Name
Code:
dig +trace example.com
Motivation:
When diagnosing complex DNS issues or verifying the resolution path for a domain, it is useful to understand each step taken from the root servers down to endpoint resolution. The +trace command outputs the series of iterative queries employed to resolve a domain name, providing a visual depiction of how DNS propagation occurs through server hierarchies.
Explanation:
dig: Launches the DNS query command.+trace: Initiates a trace of the complete path taken to resolve the domain name, outlining each DNS server’s role in the process.example.com: The domain for which the trace route is charted.
Example output:
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> +trace example.com
...
example.com. 172800 IN NS a.iana-servers.net.
example.com. 172800 IN NS b.iana-servers.net.
...
Use case 8: Query a DNS Server Over a Non-Standard Port Using the TCP Protocol
Code:
dig +tcp -p 5353 @8.8.8.8 example.com
Motivation: In certain networking scenarios, DNS queries may need to be conducted over non-standard ports, such as when navigating around firewalls or when leveraging specific network configurations. Using TCP instead of the default UDP can be advantageous for reliability in these instances, ensuring query responses are delivered correctly, even over less stable connections.
Explanation:
dig: Initiates the DNS query.+tcp: Forces the use of TCP instead of the typical UDP for resolving DNS requests.-p 5353: Defines the non-standard port (5353 in this example) to be used for the DNS query.@8.8.8.8: Specifies which DNS server to connect to, with Google’s 8.8.8.8 used here.example.com: The domain that the DNS lookup is concerned with.
Example output:
example.com. 300 IN A 93.184.216.34
Conclusion:
The dig command is a versatile tool for managing and troubleshooting DNS functionality across various scenarios, from simple IP lookups to complex domain resolution paths. Each use case highlights distinct capabilities of dig to aid network administrators in efficiently diagnosing and resolving DNS-related issues. Knowledge and understanding of each of these functionalities can prove invaluable in maintaining robust DNS performance and ensuring smooth network operations.
