Aug 182012
 

In the past I’ve published articles on how to do a benchmark with namebench to see what’s the fastest DNS server for you and how to crypt your DNS traffic if you use Opendns but I’ve never done a comprehensive guide of the command dig, probably the best command you can have on the command line to query a DNS server, so today I want to show you the basic usage of this command and some trick, using examples that you can re-use for your goals.

But as first thing, probably every reader know what’s a DNS server, but anyway it’s better to take the good definition from Wikipedia:

The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. A Domain Name Service resolves queries for these names into IP addresses for the purpose of locating computer services and devices worldwide.

So let’s see how we can query a DNS server o get all the info we need.


Installation

dig (domain information groper), is a common command that can be installed on any Linux distribution, but usually is not installed by default, so to install it run these commands:

For users of Debian, Ubuntu and other distro that use the .deb packages, use the following command:

sudo apt-get install dnsutils

Users of Red Hat Enterprise, CentOS and Fedora can use the following command:

sudo yum install bind-utils

In Arch Linux, use the following command:

sudo pacman -S dnsutils

And at last in gentoo you can use

sudo emerge  bind-tools

As you can see the hardest thing is to discover the name of the package that the different distributions use to put this utility.

Basic Usage

The most typical, simplest query is for a single host. By default, however, dig is pretty verbose. You probably don’t need all the information in the default output, but it’s probably worth knowing what it is every part of the output:

$ dig linuxaria.com
; < <>> DiG 9.8.1-P1 < <>> linuxaria.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 49569
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;linuxaria.com. IN A

;; ANSWER SECTION:
linuxaria.com. 35 IN A 108.162.197.170
linuxaria.com. 35 IN A 108.162.197.70

;; Query time: 47 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Aug 17 23:39:21 2012
;; MSG SIZE rcvd: 63

In the output we see at the start the version of dig that we're using and the request we made (first line of output) after that some generic technical information and after these 2 lines we start with some useful information :

;; QUESTION SECTION:

Here dig shows what we have asked, the default query is for an Internet address (A).

;; ANSWER SECTION:

In this section we find the answer of our query to the DNS server, so in this example you can see that linuxaria.com is resolved with 2 IP address 108.162.197.170 and 108.162.197.70.

;; Query time:

This is an interesting information, it tell us how much time it took to get an answer from our DNS server.

;; SERVER:

This is the IP address of the DNS server that answered to our query.

So with no options, we get the IP address of a DNS Address.

Selecting a specific nameserver

If not specified, dig uses as a server for every query the one present in the configuration file /etc/resolv.conf , but we can change this behavior without changing the file, just use the parameter @IPADDRESS, so if we have a DNS server installed on our server and we want to be sure it loaded correctly all zones we can use the command:

dig @127.0.0.1 mysite.com

Or if you want to compare the response time of Google DNS and OpenDNS you can give the following two commands:

dig @8.8.8.8 linuxaria.com
dig @208.67.220.220 linuxaria.com

And check out what is the lowest number in the parameter Quey time of the two responses.

Use dig to do an IPV6 query

By default dig use ipv4, but you have 2 ways to use dig with ipv6

1) Use the -6 option to force dig to only use IPv6 query transport.

dig -6 @8.8.8.8 linuxaria.com

;; QUESTION SECTION:
;linuxaria.com. IN A

;; ANSWER SECTION:
linuxaria.com. 168 IN A 108.162.197.170
linuxaria.com. 168 IN A 108.162.197.70

;; Query time: 61 msec
;; SERVER: ::ffff:8.8.8.8#53(::ffff:8.8.8.8)
;; WHEN: Sat Aug 18 00:14:57 2012
;; MSG SIZE rcvd: 63

In this example we have used only the IPV6 protocol and so using the server: ::ffff:8.8.8.8 as DNS server, note that the Answer is still an ipv4 address, you can get the same result using in the @ parameter an ipv6 address and not using the -6 parameter, so I could get the same result with the command:

dig @::ffff:8.8.8.8 linuxaria.com

2) You can use dig to request for a IPV6 address, to do this we have to add at the end the parameter AAAA. A 32 bit IPv4 address is an A record. IPv6 is four times the size – 128 bits – so it ended up being a quad-A record. and so to know the IPV6 address of linuxaria.com you can use the command

dig @8.8.8.8 linuxaria.com AAAA

;; QUESTION SECTION:
;linuxaria.com. IN AAAA

;; ANSWER SECTION:
linuxaria.com. 300 IN AAAA 2600:3c03::f03c:91ff:fe93:b7b3

;; Query time: 51 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)

In this example we have asked at 8.8.8.8 DNS server, via IPV4 protocol, the IPV6 address of linuxaria.com and we’ve got the result: 2600:3c03::f03c:91ff:fe93:b7b3

Use dig discover the MX record of a domain

In the same way we have asked to the DNS server for an AAAA record we can make a query for an MX record (mail exchanger record), that specifies a mail server responsible for accepting email messages on behalf of a recipient’s domain.

dig @8.8.8.8 linuxaria.com MX

;; QUESTION SECTION:
;linuxaria.com. IN MX

;; ANSWER SECTION:
linuxaria.com. 110 IN MX 5 alt2.aspmx.l.google.com.
linuxaria.com. 110 IN MX 1 aspmx.l.google.com.
linuxaria.com. 110 IN MX 10 aspmx3.googlemail.com.
linuxaria.com. 110 IN MX 5 alt1.aspmx.l.google.com.
linuxaria.com. 110 IN MX 10 aspmx2.googlemail.com.

We have in the answer section multiple servers, this is pretty common, before any server name you can see a number that’s the priority of the following MX server, so in my case the first MX is aspmx.l.google.com.

If you want to see all records for a domain you can use the word any as parameter:

dig @8.8.8.8 linuxaria.com any
;; QUESTION SECTION:
;linuxaria.com. IN ANY

;; ANSWER SECTION:
linuxaria.com. 300 IN AAAA 2600:3c03::f03c:91ff:fe93:b7b3
linuxaria.com. 300 IN MX 5 alt2.aspmx.l.google.com.
linuxaria.com. 300 IN MX 1 aspmx.l.google.com.
linuxaria.com. 300 IN MX 5 alt1.aspmx.l.google.com.
linuxaria.com. 43200 IN NS gabe.ns.cloudflare.com.
linuxaria.com. 300 IN MX 10 aspmx3.googlemail.com.
linuxaria.com. 300 IN A 108.162.197.70
linuxaria.com. 300 IN A 108.162.197.170
linuxaria.com. 300 IN MX 10 aspmx2.googlemail.com.
linuxaria.com. 43200 IN NS ruth.ns.cloudflare.com.
linuxaria.com. 43200 IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 2012062111 10000 2400 604800 3600

Remember that the default is to query for A records.

Do a reverse lookup with dig

Sometimes you have an IP address and you want to know the name, for this you can use the option -x

dig -x 8.8.4.4 +short
google-public-dns-b.google.com

In this example I’ve used the parameter +short that makes the output really…short, just the answer, in this case we can see that the name of the address 8.8.4.4 is google-public-dns-b.google.com.
+short can be used with any query to just show the answer.

Conclusions

And this is enough as basic tutorial, here you have the most common uses of the command dig, it can also do multiple query in 1 command line, but i don’t find this so useful in real life, where you can just give 2 or 3 different (and easy) commands instead of 1 long line of commands. Now you have the basis to ask anything to your DNS server, have fun !

Popular Posts:

flattr this!

  3 Responses to “How to query a DNS server from Linux with DIG, by examples”

  1. ;; ANSWER SECTION:
    linuxaria.com. 168 IN A 108.162.197.170
    linuxaria.com. 168 IN A 108.162.197.70

    Excuse me, i’m a noob… i type “108.162.197.170” and “108.162.197.70” in location bar of firefox, but i got a dns error. why?
    many thanks

    Scusatemi, sono un principiante… se scrivo “108.162.197.170” e “108.162.197.70” come indirizzo in firefox ottengo un errore di dns. Perché?
    mille grazie

  2. Pretty cool. Very appreciated. :)

  3. Nice article. Helped me a lot. Thanks!

 Leave a Reply

(required)

(required)


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>