Dig (Domain Information Groper) is a powerful command line tool for querying the names of DNS servers.
With the dig command, you can query information about various DNS records, including host addresses, mail exchanges, and name servers. It is the most commonly used tool among sysadmins to troubleshoot DNS problems due to its flexibility and ease of use.
In this tutorial, we’ll show you how to use the dig utility with practical examples and detailed explanations of the most common dig options.
To check if the dig command is available for your system type:
The result should look something like this:
If there is no dig tool on your system, the output will be as follows
dig: command not found, you should be able to install easily using your distribution’s package manager.
Installing Dig on Ubuntu and Debian
sudo apt install dnsutils
Installing Dig on CentOS and Fedora
sudo yum install bind-utils
Understanding Dig Output
In its simplest form, when used to query a single host (domain) without any additional arguments, dig is quite verbose.
In the following example, we will run a query to get domain information
The result should look something like this:
Explaining the output of the dig command:
- The first line of output prints the installed version of dig and the request that was invoked. The second line displays the global parameters (by default, only cmd).
; <<>> DiG 9.13.3 <<>> linux.org ;; global options: +cmd
If you do not want these lines to be included in the output, use this option
+nocmd… These parameters must be the very first argument after the dig command.
- This section contains technical details about the response received from the requested authority (DNS server). The first line of this section is the title, including the opcode (the action taken by dig) and the status of the action. In our case, the status
NOERRORmeans that the requested authority served the request without any problem.
;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37159 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 5
This part of the output can be removed using the option
+comments… When used, this parameter disables some of the other header sections.
- This section appears by default only in newer versions of the dig utility.
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096
If you don’t want this section to be included in the output, use this option
- This is the section where dig shows our request (question). By default, dig will ask for an A.
;; QUESTION SECTION: ;linux.org. IN A
You can disable this section using this option
- The ANSWER section gives us the answer to our question. As we mentioned, by default dig will ask for the A record. In this case, we can see that the domain
linux.orgindicates the IP address
;; ANSWER SECTION: linux.org. 300 IN A 220.127.116.11 linux.org. 300 IN A 18.104.22.168
Usually you don’t want to turn off the answer, but you can remove this section from the output with this option
- The “AUTHORITY” section tells us which server (s) is the authority to respond to DNS queries for the requested domain.
;; AUTHORITY SECTION: linux.org. 86379 IN NS lia.ns.cloudflare.com. linux.org. 86379 IN NS mark.ns.cloudflare.com.
You can disable this section of output with this option
- The ADDITIONAL section gives us information about the IP addresses of the authoritative DNS servers listed in the authority section.
;; ADDITIONAL SECTION: lia.ns.cloudflare.com. 84354 IN A 22.214.171.124 lia.ns.cloudflare.com. 170762 IN AAAA 2400:cb00:2049:1::adf5:3ab9 mark.ns.cloudflare.com. 170734 IN A 126.96.36.199 mark.ns.cloudflare.com. 170734 IN AAAA 2400:cb00:2049:1::adf5:3b82
- This is the last section of dig output that includes query statistics.
;; Query time: 58 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Fri Oct 12 11:46:46 CEST 2018 ;; MSG SIZE rcvd: 212
You can disable this part with the option
Print only response
In most cases, you only want a quick response to your request.
1. Get a short answer
To get a short answer to your request, use the option
dig linux.org +short
The output will only contain the IP addresses of the A record.
2. Get a detailed answer
For a more detailed answer, turn off all results using parameters
+noalland then only include the answer section with the option
dig linux.org +noall +answer
; <<>> DiG 9.13.3 <<>> linux.org +noall +answer ;; global options: +cmd linux.org. 67 IN A 188.8.131.52 linux.org. 67 IN A 184.108.40.206
Specific name request server
By default, if no name server is specified, you can use the servers listed in the file
To specify the nameserver from which to query, use the symbol
@ (at) followed by the nameserver’s IP address or hostname.
For example, to query google nameserver (220.127.116.11) for domain information
linux.orgwhich you used:
dig linux.org @18.104.22.168
; <<>> DiG 9.13.3 <<>> linux.org @22.214.171.124 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39110 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;linux.org. IN A ;; ANSWER SECTION: linux.org. 299 IN A 126.96.36.199 linux.org. 299 IN A 188.8.131.52 ;; Query time: 54 msec ;; SERVER: 184.108.40.206#53(220.127.116.11) ;; WHEN: Fri Oct 12 14:28:01 CEST 2018 ;; MSG SIZE rcvd: 70
Post type query
Dig allows any valid DNS query to be made by adding the record type to the end of the query. In the next section, we will show you examples of finding the most common records such as A (IP address), CNAME (canonical name) TXT (text record), MX (mail exchanger), and NS (name servers).
1. Query for A records
To get a list of all addresses (addresses) for a domain name, use the parameter
dig +nocmd google.com a +noall +answer
google.com. 128 IN A 18.104.22.168
As you already know, if no DNS record type is specified, dig will query the A record. You can also query the A record without specifying the option
2. Query CNAME records
To find the domain name of the alias, use the parameter
dig +nocmd mail.google.com cname +noall +answer
mail.google.com. 553482 IN CNAME googlemail.l.google.com.
3. Query TXT records
Use the parameter
txt to retrieve all TXT records for a specific domain:
dig +nocmd google.com txt +noall +answer
google.com. 300 IN TXT "facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95" google.com. 300 IN TXT "v=spf1 include:_spf.google.com ~all" google.com. 300 IN TXT "docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e"
4. Query MX records
To get a list of all mail servers for a specific domain, use the option
dig +nocmd google.com mx +noall +answer
google.com. 494 IN MX 30 alt2.aspmx.l.google.com. google.com. 494 IN MX 10 aspmx.l.google.com. google.com. 494 IN MX 40 alt3.aspmx.l.google.com. google.com. 494 IN MX 50 alt4.aspmx.l.google.com. google.com. 494 IN MX 20 alt1.aspmx.l.google.com.
5. Query NS records
To find the authoritative nameservers for our specific domain, use the parameter
dig +nocmd google.com ns +noall +answer
google.com. 84527 IN NS ns1.google.com. google.com. 84527 IN NS ns2.google.com. google.com. 84527 IN NS ns4.google.com. google.com. 84527 IN NS ns3.google.com.
6. Query all records
Use this parameter
anyto get a list of all DNS records for a specific domain:
dig +nocmd google.com any +noall +answer
google.com. 299 IN A 22.214.171.124 google.com. 299 IN AAAA 2a00:1450:4017:804::200e google.com. 21599 IN NS ns2.google.com. google.com. 21599 IN NS ns1.google.com. google.com. 599 IN MX 30 alt2.aspmx.l.google.com. google.com. 21599 IN NS ns4.google.com. google.com. 599 IN MX 50 alt4.aspmx.l.google.com. google.com. 599 IN MX 20 alt1.aspmx.l.google.com. google.com. 299 IN TXT "docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e" google.com. 21599 IN CAA 0 issue "pki.goog" google.com. 599 IN MX 40 alt3.aspmx.l.google.com. google.com. 3599 IN TXT "facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95" google.com. 21599 IN NS ns3.google.com. google.com. 599 IN MX 10 aspmx.l.google.com. google.com. 3599 IN TXT "v=spf1 include:_spf.google.com ~all" google.com. 59 IN SOA ns1.google.com. dns-admin.google.com. 216967258 900 900 1800 60
Reverse DNS lookup
To query the hostname associated with a specific IP address, use this parameter
For example, to perform a reverse search,
126.96.36.199 you have to use:
dig -x 188.8.131.52 +noall +answer
As you can see from the output below, the IP address
184.108.40.206 associated with hostname
; <<>> DiG 9.13.3 <<>> -x 220.127.116.11 +noall +answer ;; global options: +cmd 18.104.22.168.in-addr.arpa. 245 IN PTR wildebeest.gnu.org.
If you want to query a large number of domains, you can add them to a file (one domain per line) and use the parameter
-ffollowed by the file name.
In the following example, we are requesting the domains listed in the file
lxer.com linuxtoday.com tuxmachines.org
dig -f domains.txt +short
22.214.171.124 126.96.36.199 188.8.131.52
The behavior of the dig command can be controlled by setting for each user parameter in the file
If the file
.digrc is present in the user’s home directory, options specified in it are applied before command line arguments.
For example, if you only want to display the response section, open a text editor and create the following file
~ / .Digrc
+nocmd +noall +answer
By now, you should have a good understanding of how to use the dig command in Linux and should be able to troubleshoot most DNS related issues.