How to Use Linux dig Command (DNS Lookup)

Introduction

The dig command in Linux is used to gather DNS information. It stands for Domain Information Groper, and it collects data about Domain Name Servers. The dig command is helpful for troubleshooting DNS problems, but is also used to display DNS information.

This guide will help you understand and use the Linux dig command.

How to use Linux dig command.

Prerequisites

  • A system running Linux
  • A user account with sudo or root privileges
  • Access to a terminal window / command line

Install dig on Linux (Optional)

Most modern Linux systems include the dig command.

Verify that it’s installed by checking the software version. To do so, open a command line and enter the following:

dig -v

The system should respond with a numeric code. If the system can’t find the command specified, install dig by entering the following:

Debian / Ubuntu:

sudo apt-get install dnsutils

CentOS / RedHat:

sudo yum install bind-utils

Once the installation finishes, verify the installation with the following command:

dig -v
Checking dig version in linux

For more information on CentOS and RHEL, please refer to our article on How to Install dig on CentOS 7 and 8.

dig Syntax

The dig command is used as follows:

dig [server] [name] [type]

[server] – The hostname or IP address the query is directed to
[name] – The DNS (Domain Name Server) of the server to query
[type] – The type of DNS record to retrieve. By default (or if left blank), dig uses the A record type

Common DNS record types:

  • A – Address record which directly maps a hostname to an IP address
  • MX – Mail Exchange which maps message transfer agents for the domain
  • SIG – Signature record which is used in encryption protocols

Learn about other types by referring to our complete list in DNS Record Types Explained.

The dig command resolves the hostname before proceeding with querying the name server.

How to Use the dig Command With Examples

Let’s look at the basic usage of the dig command.

DNS Lookup

The dig command enables searching for a domain name. To perform a DNS lookup, open the terminal and type:

dig google.com

You should see something similar to the following:

Using the basic dig command.

The most important section is the ANSWER section:

  • The first column lists the name of the server that was queried
  • The second column is the Time to Live, a set timeframe after which the record is refreshed
  • The third column shows the class of query – in this case, “IN” stands for Internet
  • The fourth column displays the type of query – in this case, “A” stands for an A (address) record
  •  The final column displays the IP address associated with the domain name
How to interpret Answer section of dig command

Other lines can be translated as follows:

The first line displays the version of the dig command.

Interpreting basic dig command

The HEADER section shows the information it received from the server. Flags refer to the answer format.

Understanding Header section of dig command

The OPT PSEUDOSECTION displays advanced data:

  • EDNS – Extension system for DNS, if used
  • Flags – blank because no flags were specified
  • UDP – UDP packet size
How to read OPT PSEUDOSECTION of dig command

The QUESTION section displays the query data that was sent:

  • First column is the domain name queried
  • Second column is the type (IN = Internet) of query
  • Third column specifies the record (A = Address), unless otherwise specified
Understanding question section of dig command

The STATISTICS section shows metadata about the query:

  • Query time – The amount of time it took for a response
  • SERVER – The IP address and port of the responding DNS server. You may notice a loopback address in this line – this refers to a local setting that translates DNS addresses
  • WHEN – Timestamp when the command was run
  • MSG SIZE rcvd – The size of the reply from the DNS server
How to read query time section of dig command

Specify DNS server

By default, dig uses the local configuration to decide which nameserver to query. Use the following command to specify Google’s domain server:

dig @8.8.8.8 google.com

The terminal prints out the following output:

specifying a name server with dig command

Note: Other domain nameservers can be specified here, such as your server hosting company or the internet service provider’s DNS server.

ANY Option

To return all of the results of the query, use the following:

dig google.com ANY

The system will list all google.com DNS records that it finds, along with the IP addresses.

dig ANY returns a detailed list of DNS records

Note: Any other type of record can be substituted for the ANY option. This includes the MX (mail exchange) type, A (Address) type, SIG (Signature) type, etc. There are many different DNS record types. If you are not sure, leave the type option blank.

Short Answer Option

To display only the IP address associated with the domain name, enter the following:

dig google.com +short

The output displays the content as in the image below:

dig +short displays only IP address.

Detailed Answer Option

Run  +noall +answer with the dig command to access detailed information in the answers section:

dig google.com +noall +answer

The example below displays the expected output.

+noall +answer used with dig command displays detailed information of answers section.

Trace Option

The +trace option lists each different server the query goes through to its final destination. Use this command option to identify the IP address where traffic is dropping.

dig google.com +trace

The output should be similar to the one seen below:

Use the +trace option with dig command to follow path of a server.

Reverse DNS Lookup

To look up a domain name by its IP address, type the following:

dig -x 172.217.14.238

The output displays content as in the image below:

Checking the domain name by using IP address with dig command

The -x option allows you to specify the IP address instead of a domain name. This can be combined with other options:

dig +noall +answer -x 172.217.14.238

The example below displays the expected output.

Access short answer of the reverse DNS lookup

Note: To learn more about how to resolve an IP address back to a domain name, the opposite of a forward DNS query, check out our article about Reverse DNS lookup (rDNS).

Batch Mode for Reading Host Names From a File

To look up multiple entries, start by creating a file to store the domain names:

sudo nano domain_research.txt

See example on the image below:

Creating a .txt file with sudo nano command.

Add several websites of interest as in the image below:

Editing .txt file created by sudo nano command

Save the file and exit. Now, specify the file using the -f option in the dig command:

dig -f domain_research.txt +short

See an example of the output of the command below:

Access to multiple domain lookup using batch mode

Note: The +short option keeps the results manageable. Any other option can be used instead.

Permanently Adjust Default Options

The information displayed by dig can be altered in the ~/.digrc file. Open the file for editing with the following command:

sudo nano ~/.digrc

Add the following lines:

+noall
+answer

See an example in the image below:

Permanently adjusting dig command option by using sudo nano.

Write the file (ctrlo) and exit (ctrlx).

Run the dig command again:

dig google.com

You should only see the answers command, as if you had manually added +noall and +answer.

Adjusted dig command options output.

Note: If you find yourself in need of dig on Windows, refer to our article How to Install Dig on Windows.

Conclusion

You should now be familiar with the dig command in Linux. This command can help you find more information about Domain Nameservers.

Next, we recommend learning more about best DNS practices for security and performance and how to flush DNS to delete all saved DNS lookup information.

原创文章,作者:Maggie-Hunter,如若转载,请注明出处:https://blog.ytso.com/tech/aiops/224222.html

(0)
上一篇 2022年1月7日 09:19
下一篇 2022年1月7日 09:20

相关推荐

发表回复

登录后才能评论