The “dig” command is a powerful tool for performing DNS queries in Linux. It is part of the dnsutils package and is used to look up the DNS records for a specific domain or host.
Using “dig,” you can retrieve information such as the IP address of a domain, the mail exchange (MX) records for a domain, or the name servers for a domain. You can also use “dig” to perform reverse DNS lookups, which can be useful for troubleshooting network issues or determining the hostname of a particular IP address.
Want to learn more about DNS and its records visit our article.
DNS Records & Mapping – An Easy Guide For Beginners.
Let’s get started !!!
Understanding the dig command output.
Before getting started we must learn the various sections of the output of the dig command.
Here is an example of the output of the dig command.
This is the default output of the dig command we are going to describe all the sections briefly.
HEADER: This displays the dig command version number, the global options used by the dig command, and a few additional header information.
QUESTION SECTION: The question section displays the question asked to dig command. We have asked dig to give us the details of linuxlearninghub.com
ANSWER SECTION: This section displays the answer it receives from the DNS. In this example, this returns the A record of linuxlearninghub.com in the answer section.
The stats section at the bottom displays a few dig command statistics including how much time it took to execute this query.
As in most cases, we didn’t want these much of data from dig so we can filter the output to only the required fields.
If we pass the +noall command it will exclude all the output sections we need only the answer section in the dig command in order to get the proper result to pass the +noall command with +answer.
dig linuxlearninghub.com +noall +answer
Use cases of dig command.
Query A record of a domain
A record is a record which points to the IP address of a domain name. dig command queries the A record of the domain name and returns the result.
dig linuxlearninghub.com +short
217.21.84.95
Find the nameserver of a domain.
nameserver which determines which DNS server is authoritative for the domain. The nameserver is a server which stores all the records of a domain as zone files.
Using the below command we can query ns of any domain
dig ns linuxlearninghub.com +short
ns2.dns-parking.com.
ns1.dns-parking.com
Specifying nameservers to query
By default, dig uses the local configuration to decide which nameserver to query. we can change it to any of the nameservers to query records within that specified nameserver
root@ubundu:~# dig @ns1.nameserver.com linuxlearninghub.com +short
217.21.84.95
Query the mx record of a domain
MX record point the domain’s email to the mail server. This DNS record identifies an email server. You must configure the MX record in order to receive emails for the domain.
To query mx record of a domain using dig use the below command
dig mx google.com +short
10 smtp.google.com.
Query all the DNS records of a domain
Dig command queries all the DNS records associated with that domain and gives you the result using the ANY flag
dig google.com ANY
Trace the dns resolution process
This command helps us to show the entire DNS resolution process. The +trace option lists each different server the query goes through to its final destination. This command is really helpful to figure out DNS related issues by identifying where the traffic is getting dropped.
root@ubundu:~# dig +trace google.com
Reverse dns lookup
Reverse DNS lookups are used to find the domain name from the IP address here using the -x flag we can check the reverse DNS lookup also I am filtering the output to only the answer section using +noall and +answer flags.
dig -x 8.8.8.8 +noall +answer
8.8.8.8.in-addr.arpa. 7198 IN PTR dns.google
The first column lists the reverse Ptr of the ip address
The second column is the Time to Live, a set timeframe after which the record is refreshed
The third column shows the class of query – in this case, “IN” stands for Internet
The fourth column displays the domain name associated with that IP address.
Here are the most commonly use cases of dig to query dns information.
Next we are going to look how dig helps to query a batch of records
Query a batch of records using dig command
Sometimes we need to find out the IP address of 50+100 domains in a server at a time.
We can either use the dig command to query all 100 domains one by one. or else we can do bulk DNS query from a datafile
Create a file using the vi editor say mydatafile.txt.This file contains the list of all domains that needed to be queried.
$ vi datafile.txt
google.com
facebook.com
linuxlearninghub.com
twitter.com
…….
…………..
Then run this command to get the IP address of all the domains listed in the data.txt file.
root@ubundut:~# dig -f datafile.txt +noall +answer
Summary:
In this article, we have covered the practical use cases of the Dig command. Dig command Is more powerful than other commands in order to query DNS as it has many other options. You can go to the man page and try out various other options in the Dig command.
Related articles:
How to use the Nslookup command?
