Dig performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Dig is the short form of ‘Domain Information Groper’.

This tool is an alternative DNS lookup tool, nslookup. Unless it is told to query a specific name server, dig will try each of the servers listed in ‘/etc/resolv.conf’.

In the tutorial, I will explain how to use dig command in Linux with examples.

dig command#

Run dig without any options (by default)

Without any options, dig will do a NS query for “.” (the root).
Here’s a sample output.

$ dig

; <> DiG 9.9.2-P1 <> linux.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21655
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;linux.com. IN A
;; ANSWER SECTION:
linux.com. 1786 IN A 140.211.167.51
linux.com. 1786 IN A 140.211.167.50
;; AUTHORITY SECTION:
linux.com. 86386 IN NS ns1.linux-foundation.org.
linux.com. 86386 IN NS ns2.linux-foundation.org.
;; ADDITIONAL SECTION:
ns1.linux-foundation.org. 261 IN A 140.211.169.10
ns2.linux-foundation.org. 262 IN A 140.211.169.11
;; Query time: 258 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sat Feb 8 21:35:35 2014
;; MSG SIZE rcvd: 158

Now we will read the output :

; <> DiG 9.9.2-P1 <> linux.com
;; global options: +cmd

This section tells us about dig itself. We know the dig version that we used is 9.9.2 and the global option we used is +cmd.

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21655
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3

This section will tell us about the technical answer from the DNS.

;; QUESTION SECTION:
;linux.com. IN A

This section tells us about what query we asked to dig

.;; ANSWER SECTION:
linux.com. 1786 IN A 140.211.167.51
linux.com. 1786 IN A 140.211.167.50

This section tells us about the answer of the query that we did. ‘Linux.com’ has two addresses. The IP 140.211.167.51 and 140.211.167.50.

;; AUTHORITY SECTION:
linux.com. 86386 IN NS ns1.linux-foundation.org.
linux.com. 86386 IN NS ns2.linux-foundation.org.

This section tells us about which DNS (or who) that have the authority to answer the question of “what is the IP Address of Linux.com?”

;; ADDITIONAL SECTION:
ns1.linux-foundation.org. 261 IN A 140.211.169.10
ns2.linux-foundation.org. 262 IN A 140.211.169.11

This section tells us about the IP Address of the authority DNS above. We can disable this information by +[no]additional option.

;; Query time: 258 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sat Feb 8 21:35:35 2014
;; MSG SIZE rcvd: 158

This section tells us about some statistic information. We can disable this information by using +[‘no]stats option.

Dig command query (Most common)#

Dig manual pages will show you many valid queries. But in practical term, there are 5 common queries.

1) Query the NS#

NS is short for Name Server. This will show you the name of the server who responsible for linux.com domain

$ dig linux.com NS

2) Query the MX#

MX is short from Mail Exchanger. Querying MX will show you the name of SMTP of linux.com

$ dig linux.com MX

3) Query the Address#

To show the IP Address of the linux.com, we can use A keyword. A is a short for Address

$ dig linux.com A

4) Query TXT#

TXT is a text annotation.

$ dig linux.com TXT

5) Query everything#

If you are unsure about what you are looking for, you can ANY keyword.

Options of Dig command query#

When running a query, dig provide options to customize the output. Here’s some popular cases in daily basis.

6) Display only the answer of the query#

$ dig linux.com +noall +answer

7) Display the answer and the question#

$ dig ubuntu.com MX +noall +answer +question

8) Display in short mode#

This option will used if you want a quick answer

$ dig linux.com +short

9) Display only the answer and authority#

To do this we can combine these options :

$ dig ubuntu.com MX +noall +answer +authority

10) Display multiline queries#

This +multiline option will show you records like the SOA records in a verbose multi-line format with human-readable comments. Here’s a sample of it.

$ dig ibm.com +multiline +noall +answer

Do a reverse lookup#

Dig is not only for querying a name into an IP Address. Dig can do a reverse lookup which querying the IP Address into a name. To do this, use -x option.

$ dig -x 140.211.167.51 +noall +answer

The output shows us that the IP ‘140.211.167.51’ is belong to ‘load2d.linux-foundation.org’

Use specific DNS to do the query#

By default, dig will use DNS servers that defined in your /etc/resolv.conf
If you want to use another DNS server to perform your query, you can use @name_of_DNS_server keyword. Here’s a sample.

$ dig @ns2.google.com gmail.com +nostat

Do bulk lookups#

To do this, we can do it in 2 ways. First, is using the command line.

$ dig linux.com +noall +answer ubuntu.com +noall +answer

Second, we can put the hostnames or domains into a text file. Then use -f option to include the file.

$ dig -f hostnames.txt +noall +answer

The hostnames.txt file contains this lines :

linux.com
ubuntu.com

If a blank line were exist after ubuntu.com, then dig will query the NS for the “.” (root) also.

Conclusion#

Dig is one of the tools available in the Linux operating system for interrogating DNS servers. With dig flexibility, administrators can use it to custom the dig output. As usual, we can always type man dig or dig -h to explore more detail about dig command.

source: https://linoxide.com/useful-options-dig/