Dig performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Dig is the short form of ‘Domain Information Groper’.
This tool is an alternative DNS lookup tool, nslookup. Unless it is told to query a specific name server, dig will try each of the servers listed in ‘/etc/resolv.conf’.
In the tutorial, I will explain how to use dig command in Linux with examples.
Run dig without any options (by default)
Without any options, dig will do a NS query for “.” (the root).
Here’s a sample output.
; <> DiG 9.9.2-P1 <> linux.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21655 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;linux.com. IN A ;; ANSWER SECTION: linux.com. 1786 IN A 126.96.36.199 linux.com. 1786 IN A 188.8.131.52 ;; AUTHORITY SECTION: linux.com. 86386 IN NS ns1.linux-foundation.org. linux.com. 86386 IN NS ns2.linux-foundation.org. ;; ADDITIONAL SECTION: ns1.linux-foundation.org. 261 IN A 184.108.40.206 ns2.linux-foundation.org. 262 IN A 220.127.116.11 ;; Query time: 258 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Sat Feb 8 21:35:35 2014 ;; MSG SIZE rcvd: 158
Now we will read the output :
; <> DiG 9.9.2-P1 <> linux.com ;; global options: +cmd
This section tells us about dig itself. We know the dig version that we used is 9.9.2 and the global option we used is +cmd.
;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21655 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3
This section will tell us about the technical answer from the DNS.
;; QUESTION SECTION: ;linux.com. IN A
This section tells us about what query we asked to dig
.;; ANSWER SECTION: linux.com. 1786 IN A 18.104.22.168 linux.com. 1786 IN A 22.214.171.124
This section tells us about the answer of the query that we did. ‘Linux.com’ has two addresses. The IP 126.96.36.199 and 188.8.131.52.
;; AUTHORITY SECTION: linux.com. 86386 IN NS ns1.linux-foundation.org. linux.com. 86386 IN NS ns2.linux-foundation.org.
This section tells us about which DNS (or who) that have the authority to answer the question of “what is the IP Address of Linux.com?”
;; ADDITIONAL SECTION: ns1.linux-foundation.org. 261 IN A 184.108.40.206 ns2.linux-foundation.org. 262 IN A 220.127.116.11
This section tells us about the IP Address of the authority DNS above. We can disable this information by +[no]additional option.
;; Query time: 258 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Sat Feb 8 21:35:35 2014 ;; MSG SIZE rcvd: 158
This section tells us about some statistic information. We can disable this information by using +[‘no]stats option.
Dig command query (Most common)
Dig manual pages will show you many valid queries. But in practical term, there are 5 common queries.
1) Query the NS
NS is short for Name Server. This will show you the name of the server who responsible for linux.com domain
$ dig linux.com NS
2) Query the MX
MX is short from Mail Exchanger. Querying MX will show you the name of SMTP of linux.com
$ dig linux.com MX
3) Query the Address
To show the IP Address of the linux.com, we can use A keyword. A is a short for Address
$ dig linux.com A
4) Query TXT
TXT is a text annotation.
$ dig linux.com TXT
5) Query everything
If you are unsure about what you are looking for, you can ANY keyword.
Options of Dig command query
When running a query, dig provide options to customize the output. Here’s some popular cases in daily basis.
6) Display only the answer of the query
$ dig linux.com +noall +answer
7) Display the answer and the question
$ dig ubuntu.com MX +noall +answer +question
8) Display in short mode
This option will used if you want a quick answer
$ dig linux.com +short
9) Display only the answer and authority
To do this we can combine these options :
$ dig ubuntu.com MX +noall +answer +authority
10) Display multiline queries
This +multiline option will show you records like the SOA records in a verbose multi-line format with human-readable comments. Here’s a sample of it.
$ dig ibm.com +multiline +noall +answer
Do a reverse lookup
Dig is not only for querying a name into an IP Address. Dig can do a reverse lookup which querying the IP Address into a name. To do this, use -x option.
$ dig -x 18.104.22.168 +noall +answer
The output shows us that the IP ‘22.214.171.124’ is belong to ‘load2d.linux-foundation.org’
Use specific DNS to do the query
By default, dig will use DNS servers that defined in your /etc/resolv.conf
If you want to use another DNS server to perform your query, you can use @name_of_DNS_server keyword. Here’s a sample.
$ dig @ns2.google.com gmail.com +nostat
Do bulk lookups
To do this, we can do it in 2 ways. First, is using the command line.
$ dig linux.com +noall +answer ubuntu.com +noall +answer
Second, we can put the hostnames or domains into a text file. Then use -f option to include the file.
$ dig -f hostnames.txt +noall +answer
The hostnames.txt file contains this lines :
If a blank line were exist after ubuntu.com, then dig will query the NS for the “.” (root) also.
Dig is one of the tools available in the Linux operating system for interrogating DNS servers. With dig flexibility, administrators can use it to custom the dig output. As usual, we can always type man dig or dig -h to explore more detail about dig command.