How to use Dig command to query DNS on Linux

Dig (Domain Information Groper) is a powerful command line tool for querying the names of DNS servers.

With the dig command, you can query information about various DNS records, including host addresses, mail exchanges, and name servers. It is the most commonly used tool among sysadmins to troubleshoot DNS problems due to its flexibility and ease of use.

In this tutorial, we’ll show you how to use the dig utility with practical examples and detailed explanations of the most common dig options.

To check if the dig command is available for your system type:

dig -v

The result should look something like this:

DiG 9.11.3-1ubuntu1.1-Ubuntu

If there is no dig tool on your system, the output will be as follows dig: command not found, you should be able to install easily using your distribution’s package manager.

sudo apt install dnsutils
sudo yum install bind-utils

In its simplest form, when used to query a single host (domain) without any additional arguments, dig is quite verbose.

In the following example, we will run a query to get domain information linux.org

dig linux.org

The result should look something like this:

Explaining the output of the dig command:

  1. The first line of output prints the installed version of dig and the request that was invoked. The second line displays the global parameters (by default, only cmd).
    ; <<>> DiG 9.13.3 <<>> linux.org
    ;; global options: +cmd
    

    If you do not want these lines to be included in the output, use this option +nocmd… These parameters must be the very first argument after the dig command.

  2. This section contains technical details about the response received from the requested authority (DNS server). The first line of this section is the title, including the opcode (the action taken by dig) and the status of the action. In our case, the status NOERROR means that the requested authority served the request without any problem.
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37159
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 5
    

    This part of the output can be removed using the option +comments… When used, this parameter disables some of the other header sections.

  3. This section appears by default only in newer versions of the dig utility.
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    

    If you don’t want this section to be included in the output, use this option +noedns

  4. This is the section where dig shows our request (question). By default, dig will ask for an A.
    ;; QUESTION SECTION:
    ;linux.org.         IN  A
    

    You can disable this section using this option +noquestion

  5. The ANSWER section gives us the answer to our question. As we mentioned, by default dig will ask for the A record. In this case, we can see that the domain linux.org indicates the IP address 104.18.59.123
    ;; ANSWER SECTION:
    linux.org.      300 IN  A   104.18.59.123
    linux.org.      300 IN  A   104.18.58.123
    

    Usually you don’t want to turn off the answer, but you can remove this section from the output with this option noanswer

  6. The “AUTHORITY” section tells us which server (s) is the authority to respond to DNS queries for the requested domain.
    ;; AUTHORITY SECTION:
    linux.org.      86379   IN  NS  lia.ns.cloudflare.com.
    linux.org.      86379   IN  NS  mark.ns.cloudflare.com.
    

    You can disable this section of output with this option +noauthority

  7. The ADDITIONAL section gives us information about the IP addresses of the authoritative DNS servers listed in the authority section.
    ;; ADDITIONAL SECTION:
    lia.ns.cloudflare.com.  84354   IN  A   173.245.58.185
    lia.ns.cloudflare.com.  170762  IN  AAAA    2400:cb00:2049:1::adf5:3ab9
    mark.ns.cloudflare.com. 170734  IN  A   173.245.59.130
    mark.ns.cloudflare.com. 170734  IN  AAAA    2400:cb00:2049:1::adf5:3b82
    
  8. This is the last section of dig output that includes query statistics.
    ;; Query time: 58 msec
    ;; SERVER: 192.168.1.1#53(192.168.1.1)
    ;; WHEN: Fri Oct 12 11:46:46 CEST 2018
    ;; MSG SIZE  rcvd: 212
    

    You can disable this part with the option +nostats

In most cases, you only want a quick response to your request.

To get a short answer to your request, use the option +short:

dig linux.org +short
104.18.59.123
104.18.58.123

The output will only contain the IP addresses of the A record.

For a more detailed answer, turn off all results using parameters +noalland then only include the answer section with the option +answer

dig linux.org +noall +answer
; <<>> DiG 9.13.3 <<>> linux.org +noall +answer
;; global options: +cmd
linux.org.		67	IN	A	104.18.58.123
linux.org.		67	IN	A	104.18.59.123

By default, if no name server is specified, you can use the servers listed in the file /etc/resolv.conf

To specify the nameserver from which to query, use the symbol @ (at) followed by the nameserver’s IP address or hostname.

For example, to query google nameserver (8.8.8.8) for domain information linux.orgwhich you used:

dig linux.org @8.8.8.8
; <<>> DiG 9.13.3 <<>> linux.org @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39110
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;linux.org.			IN	A

;; ANSWER SECTION:
linux.org.		299	IN	A	104.18.58.123
linux.org.		299	IN	A	104.18.59.123

;; Query time: 54 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Oct 12 14:28:01 CEST 2018
;; MSG SIZE  rcvd: 70

Dig allows any valid DNS query to be made by adding the record type to the end of the query. In the next section, we will show you examples of finding the most common records such as A (IP address), CNAME (canonical name) TXT (text record), MX (mail exchanger), and NS (name servers).

To get a list of all addresses (addresses) for a domain name, use the parameter a:

dig +nocmd google.com a +noall +answer
google.com.		128	IN	A	216.58.206.206

As you already know, if no DNS record type is specified, dig will query the A record. You can also query the A record without specifying the option a

To find the domain name of the alias, use the parameter cname:

dig +nocmd mail.google.com cname +noall +answer
mail.google.com.	553482	IN	CNAME	googlemail.l.google.com.

Use the parameter txt to retrieve all TXT records for a specific domain:

dig +nocmd google.com txt +noall +answer
google.com.		300	IN	TXT	"facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95"
google.com.		300	IN	TXT	"v=spf1 include:_spf.google.com ~all"
google.com.		300	IN	TXT	"docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e"

To get a list of all mail servers for a specific domain, use the option mx:

dig +nocmd google.com mx +noall +answer
google.com.		494	IN	MX	30 alt2.aspmx.l.google.com.
google.com.		494	IN	MX	10 aspmx.l.google.com.
google.com.		494	IN	MX	40 alt3.aspmx.l.google.com.
google.com.		494	IN	MX	50 alt4.aspmx.l.google.com.
google.com.		494	IN	MX	20 alt1.aspmx.l.google.com.

To find the authoritative nameservers for our specific domain, use the parameter ns:

dig +nocmd google.com ns +noall +answer
google.com.		84527	IN	NS	ns1.google.com.
google.com.		84527	IN	NS	ns2.google.com.
google.com.		84527	IN	NS	ns4.google.com.
google.com.		84527	IN	NS	ns3.google.com.

Use this parameter anyto get a list of all DNS records for a specific domain:

dig +nocmd google.com any +noall +answer
google.com.		299	IN	A	216.58.212.14
google.com.		299	IN	AAAA	2a00:1450:4017:804::200e
google.com.		21599	IN	NS	ns2.google.com.
google.com.		21599	IN	NS	ns1.google.com.
google.com.		599	IN	MX	30 alt2.aspmx.l.google.com.
google.com.		21599	IN	NS	ns4.google.com.
google.com.		599	IN	MX	50 alt4.aspmx.l.google.com.
google.com.		599	IN	MX	20 alt1.aspmx.l.google.com.
google.com.		299	IN	TXT	"docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e"
google.com.		21599	IN	CAA	0 issue "pki.goog"
google.com.		599	IN	MX	40 alt3.aspmx.l.google.com.
google.com.		3599	IN	TXT	"facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95"
google.com.		21599	IN	NS	ns3.google.com.
google.com.		599	IN	MX	10 aspmx.l.google.com.
google.com.		3599	IN	TXT	"v=spf1 include:_spf.google.com ~all"
google.com.		59	IN	SOA	ns1.google.com. dns-admin.google.com. 216967258 900 900 1800 60

To query the hostname associated with a specific IP address, use this parameter -x

For example, to perform a reverse search, 208.118.235.148 you have to use:

dig -x 208.118.235.148 +noall +answer

As you can see from the output below, the IP address 208.118.235.148 associated with hostname wildebeest.gnu.org

; <<>> DiG 9.13.3 <<>> -x 208.118.235.148 +noall +answer
;; global options: +cmd
148.235.118.208.in-addr.arpa. 245 IN	PTR	wildebeest.gnu.org.

If you want to query a large number of domains, you can add them to a file (one domain per line) and use the parameter -ffollowed by the file name.

In the following example, we are requesting the domains listed in the file domains.txt

domains.txt

lxer.com
linuxtoday.com
tuxmachines.org
dig -f domains.txt +short
108.166.170.171
70.42.23.121
204.68.122.43

The behavior of the dig command can be controlled by setting for each user parameter in the file ${HOME}/.digrc

If the file .digrc is present in the user’s home directory, options specified in it are applied before command line arguments.

For example, if you only want to display the response section, open a text editor and create the following file ~/.digrc:

~ / .Digrc

+nocmd +noall +answer

By now, you should have a good understanding of how to use the dig command in Linux and should be able to troubleshoot most DNS related issues.

Related Posts