Wednesday, September 18, 2019

Dig Command

Dig Command

Make that DNS talk !

Display only the ANSWER section
dig opensu­se.org +noall +answer
Activate the short output
dig perdu.com +short
Reverse DNS (get name from IP)
dig -x 208.97.17­7.124
Use a specific DNS server
dig @8.8.4.4 redhat.com
Display the name resolution path
dig google.com +trace
Request a zone transfer
dig micros­oft.com AXFR

List specific types of RRs (Resource Records)

List address records
dig -t A tme520.net
List aliases
dig -t CNAME tme520.net
Find who manages a domain
dig -t SOA tme520.net
List mail servers
dig tme520.net MX
List name servers
dig tme520.net NS
List any type of Resource Record

There are about 40 DNS Resources Records types, but you only have to know 5 of them:

A : Address record (IPv4); AAAA for IPv6,
CNAME : Canonical Name. Aliases to A or AAAA records,
SOA : Start Of Authority: primary name server, email of the domain admin, domain serial number, and timers relating to refreshing the zone,
MX : Mail eXchange. Points to a mail server,
NS : Name Server (a DNS).


Dig stands for (Domain Information Groper). Dig is a network administration command-line tool for querying Domain Name System (DNS) name servers. It is useful for verifying and troubleshooting DNS problems and also to perform DNS lookups and displays the answers that are returned from the name server that were queried. dig is part of the BIND domain name server software suite. dig command replaces older tool such as nslookup and the host. dig tool is available in major Linux distributions.

Query Domain “A” Record

# dig yahoo.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2 <<>> yahoo.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<
Above command causes dig to look up the “A” record for the domain name yahoo.com. Dig command reads the /etc/resolv.conf file and querying the DNS servers listed there. The response from the DNS server is what dig displays.
UNDERSTAND THE OUTPUT:
  1. Lines beginning with ; are comments not part of the information.
  2. The first line tell us the version of dig (9.8.2) command.
  3. Next, dig shows the header of the response it received from the DNS server
  4. Next comes the question section, which simply tells us the query, which in this case is a query for the “A” record of yahoo.com. The IN means this is an Internet lookup (in the Internet class).
  5. The answer section tells us that yahoo.com has the IP address 72.30.38.140
  6. Lastly there are some stats about the query. You can turn off these stats using the +nostats option.

Query Domain “A” Record with +short

By default dig is quite verbose. One way to cut down the output is to use the +short option. which will drastically cut the output as shown below.
# dig yahoo.com +short

98.139.183.24
72.30.38.140
98.138.253.109
Note: By default dig looks for the “A” record of the domain specified, but you can specify other records also. The MX or Mail eXchange record tells mail servers how to route the email for the domain. Likewise TTLSOA etc.

Query MX Record

Querying different types of DNS resource records only.
# dig yahoo.com MX

; <> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2 <> yahoo.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31450
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 24

;; QUESTION SECTION:
;yahoo.com.                     IN      MX

;; ANSWER SECTION:
yahoo.com.              33      IN      MX      1 mta6.am0.yahoodns.net.
yahoo.com.              33      IN      MX      1 mta7.am0.yahoodns.net.
yahoo.com.              33      IN      MX      1 mta5.am0.yahoodns.net.

Query SOA Record

# dig yahoo.com SOA

; <> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2 <> yahoo.com SOA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2197
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 7

;; QUESTION SECTION:
;yahoo.com.                     IN      SOA

;; ANSWER SECTION:
yahoo.com.              1800    IN      SOA     ns1.yahoo.com. hostmaster.yahoo-inc.com. 2012081409 3600 300 1814400 600

Query TTL Record

# dig yahoo.com TTL

; <> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2 <> yahoo.com TTL
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56156
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;yahoo.com.                     IN      A

;; ANSWER SECTION:
yahoo.com.              3589    IN      A       98.138.253.109
yahoo.com.              3589    IN      A       98.139.183.24
yahoo.com.              3589    IN      A       72.30.38.140

Query only answer section

# dig yahoo.com +nocomments +noquestion +noauthority +noadditional +nostats

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> yahoo.com +nocomments +noquestion +noauthority +noadditional +nostats
;; global options: +cmd
yahoo.com.              3442    IN      A       72.30.38.140
yahoo.com.              3442    IN      A       98.138.253.109
yahoo.com.              3442    IN      A       98.139.183.24

Query ALL DNS Records

# dig yahoo.com ANY +noall +answer

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> yahoo.com ANY +noall +answer
;; global options: +cmd
yahoo.com.              3509    IN      A       72.30.38.140
yahoo.com.              3509    IN      A       98.138.253.109
yahoo.com.              3509    IN      A       98.139.183.24
yahoo.com.              1709    IN      MX      1 mta5.am0.yahoodns.net.
yahoo.com.              1709    IN      MX      1 mta6.am0.yahoodns.net.
yahoo.com.              1709    IN      MX      1 mta7.am0.yahoodns.net.
yahoo.com.              43109   IN      NS      ns2.yahoo.com.
yahoo.com.              43109   IN      NS      ns8.yahoo.com.
yahoo.com.              43109   IN      NS      ns3.yahoo.com.
yahoo.com.              43109   IN      NS      ns1.yahoo.com.
yahoo.com.              43109   IN      NS      ns4.yahoo.com.
yahoo.com.              43109   IN      NS      ns5.yahoo.com.
yahoo.com.              43109   IN      NS      ns6.yahoo.com.

DNS Reverse Look-up

Querying DNS Reverse Look-up. Only display answer section with using +short.
# dig -x 72.30.38.140 +short

ir1.fp.vip.sp2.yahoo.com.

Query Multiple DNS Records

Query multiple website’s DNS specific query viz. MXNS etc. records.
# dig yahoo.com mx +noall +answer redhat.com ns +noall +answer

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> yahoo.com mx +noall +answer redhat.com ns +noall +answer
;; global options: +cmd
yahoo.com.              1740    IN      MX      1 mta6.am0.yahoodns.net.
yahoo.com.              1740    IN      MX      1 mta7.am0.yahoodns.net.
yahoo.com.              1740    IN      MX      1 mta5.am0.yahoodns.net.
redhat.com.             132     IN      NS      ns1.redhat.com.
redhat.com.             132     IN      NS      ns4.redhat.com.
redhat.com.             132     IN      NS      ns3.redhat.com.
redhat.com.             132     IN      NS      ns2.redhat.com.

Create .digrc file

Create .digrc file under $HOME/.digrc to store default dig options.
# dig yahoo.com
yahoo.com.              3427    IN      A       72.30.38.140
yahoo.com.              3427    IN      A       98.138.253.109
yahoo.com.              3427    IN      A       98.139.183.24
We have store +noall +answer options permanently in .digrc file under user’s home directory. Now, whenever dig command executes it will show only answer section of dig output. No Need to type every-time options like +noall +answer.


Once installed, check the version, to make sure the setup was completed successfully:
dig -v

Dig Syntax

In its simplest form, the syntax of the dig utility will look like this:
dig [server] [name] [type]
[server] – the IP address or hostname of the name server to query.
If the server argument is the hostname then dig will resolve the hostname before proceeding with querying the name server.
It is optional and if you don’t provide a server argument then dig uses the name server listed in /etc/resolv.conf.
[name] – the name of the resource record that is to be looked up.
[type] – the type of query requested by dig. For example, it can be an A record, MX record, SOA record or any other types. By default dig performs a lookup for an A record if no type argument is specified.

How to Use the Dig Command

Lets get into the basic uses of the command:

Dig a Domain Name

To perform a DNS lookup for a domain name, just pass the name along with the dig command:
dig hostinger.com
By default, the dig command will display the A record when no other options are specified. The output will also contain other information like the installed dig version, technical details about the answers, statistics about the query, a question section along with few other ones.

Short Answers

The above dig command includes a lot of useful information in different sections, but there may be times when you want only the result of the query. You can do that by using the +short option, that will display the IP address (A record) of the domain name only:
dig hostinger.com +short

Detailed Answers

Sometimes you want to view the answers section in details. Therefore, For a detailed information on answers section, you can stop displaying all the section using +noall option and query the answers section only by using +answer option with the dig command.
dig hostinger.com +noall +answer

Specifying Nameservers

By default, dig commands will query the name servers listed in /etc/resolv.conf to perform a DNS lookup for you. You can change this default behavior by using the @ symbol followed by a hostname or IP address of the name server along.
The following dig command sends the DNS query to Google’s name server(8.8.8.8) by using the @8.8.8.8 option.
dig @8.8.8.8 hostinger.com

Query All DNS Record Types

To query all the available DNS record types associated with a domain use the ANY option. The ANY option will include all the available record types in the output:
dig hostinger.com ANY

Search For Record Type

If you want to look up a specific record, just add the type to the end of the command.
For example, to query get only the mail exchange – MX – answer section associated with a domain, you can use the following dig command:
dig hostinger.in MX
Similarly, to view the other records associated with a domain, specify the record type at the end of dig command:
dig hostinger.com txt (Query TXT record)
dig hostinger.com cname (Query CNAME record)
dig hostinger.com ns (Query NS record)
dig hostinger.com A (Query A record)

Trace DNS Path

Dig allows tracing the DNS lookup path by using the +trace option. The option makes iterative queries to resolve the name lookup. It will query the name servers starting from the root and subsequently traverses down the namespace tree using iterative queries following referrals along the way:
dig hostinger.com +trace

Reverse DNS Lookup

Reverse DNS lookup lets you look up the domain and hostname associated with an IP address. To perform a reverse DNS lookup using the dig command use the –x option followed by your chosen IP address. In the following example, dig will perform a reverse DNS lookup for the IP address associated with google.com:
dig +answer -x 172.217.166.46
Remember that If a PTR record is not defined for an IP address, then it is not possible to do a reverse DNS lookup since the PTR record points to the domain or hostname.

Batch Queries

With the dig utility, you can perform a DNS lookup for a list of domains instead of doing the same for each one individually. To do that, you need to provide dig with a list of domain names – one per line in a file. Once the file is ready, specify the name of it with -f option:
vi domain_name.txt
hostinger.com
google.com
ubuntu.com
dig -f domain_name.txt +short

Control Dig Behavior

The output of the command can be customized permanently by setting up options in the ~/.digrc file that will run automatically with the command.
Suppose you want to view the answer section only – specify the required options in the ~/.digrc file, so you don’t have to type them in while executing the query.
echo "+noall +answer" > ~/.digrc
Now perform a DNS server lookup for a domain. The output confirms that dig runs with the options set in the ~/.digrc file.

Conclusion

That’s all the basics you need to start using dig In Linux. Now you can perform DNS lookups for domains using various options. Want to learn more? Check the manual page by using the man dig command to find out all the possible uses and options.