Dig command line tool

Yesterday I was in a meeting discussing DNS and showed a colleague the "dig" - domain information groper - command. It's a fantastic little tool for querying DNS name servers.

For standard use all you need to do is open a terminal and type

  
$dig example.com

This will respond with;

  
; < <>> DiG 9.6-ESV-R4-P3 < <>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 3547
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;example.com.            IN  A

;; ANSWER SECTION:
example.com.        6276    IN  A   192.0.43.10

;; Query time: 0 msec
;; SERVER: 90.207.250.102#53(90.207.250.102)
;; WHEN: Thu Jan 10 10:52:15 2013
;; MSG SIZE  rcvd: 45

You probably don't need all of the response, but so you can understand what they mean;

; 
< <>> DiG 9.6-ESV-R4-P3 < <>> example.com
;; global options: +cmd

Just says a little bit about the version of dig being used (9.6) and the global options that have been set.

  
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 35948
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

This section just provides the DNS header response. It's worth noting the flags, which can be the following;

Flag Description
AA Authoritative Answer
TC Truncated Response
RD Recursion Desired
RA Recursion Allowed
AD Authentic Data
CD Checking Disabled

It's worth noting that if "aa" is missing from the flag, then you have probably received a cached response, thus the TTL will be the remaining time to live, not the actual set TTL.

 
;; QUESTION SECTION: ;example.com. IN A

Here dig is just reminding us of the query we sent, by default it is always requesting the A record (see further down)

  
;; ANSWER SECTION:
example.com.        5800    IN  A   192.0.43.10  

Here we get our answer, showing as the requested address, the current TTL, and record type and the IP address.

  
;; Query time: 0 msec
;; SERVER: 90.207.250.102#53(90.207.250.102)
;; WHEN: Thu Jan 10 11:00:11 2013
;; MSG SIZE  rcvd: 45

The last section is just providing some stats.

What cane be done with it

Typres of requests

You can use dig to get information about most DNS record types, main ones being below;

Flag Description
A Hostname to IPv4 address
AAAA Hostname to IPv6 address
CNAME Canonical name - A more readable name, such as ftp.example.com/mail.example.com
NS DNS Nameservers
MX Mail Servers
SOA Specifies authoritative information about a DNS zone

Short answers

You can add +short to the end of your request to get only the answer;

  
$dig example.com +short

gives you;

  
192.0.43.10  

Reverse Look-Up

You can use dig to find a hostname associated to a an IP address, using -x before your query;

  
$dig -x 66.197.182.77 +short

gives you;

  
ns13.boxsecured.com.  

Trace

You can use dig to follow the trace of a request, starting at the main 13 root servers that make DNS work, followed by thetop level domain name servers for .com or .co.uk, .net, eg. Then it picks one of those top level servers and asks for the servers responsible for the next leve. It does this until it finds the authoritative servers for the hostname or domain name or IP address you entered. To do this just add +trace to the end of your request;

  
$dig richardallen.co.uk +trace
  
; < <>> DiG 9.6-ESV-R4-P3 < <>> richardallen.co.uk +trace
;; global options: +cmd
.            85310   IN  NS  c.root-servers.net.
.            85310   IN  NS  g.root-servers.net.
.            85310   IN  NS  b.root-servers.net.
.            85310   IN  NS  k.root-servers.net.
.            85310   IN  NS  a.root-servers.net.
.            85310   IN  NS  j.root-servers.net.
.            85310   IN  NS  e.root-servers.net.
.            85310   IN  NS  i.root-servers.net.
.            85310   IN  NS  f.root-servers.net.
.            85310   IN  NS  m.root-servers.net.
.            85310   IN  NS  l.root-servers.net.
.            85310   IN  NS  h.root-servers.net.
.            85310   IN  NS  d.root-servers.net.
;; Received 497 bytes from 90.207.250.102#53(90.207.250.102) in 0 ms

uk.            172800  IN  NS  ns5.nic.uk.  
uk.            172800  IN  NS  nsd.nic.uk.  
uk.            172800  IN  NS  ns3.nic.uk.  
uk.            172800  IN  NS  ns1.nic.uk.  
uk.            172800  IN  NS  nsa.nic.uk.  
uk.            172800  IN  NS  ns7.nic.uk.  
uk.            172800  IN  NS  ns4.nic.uk.  
uk.            172800  IN  NS  ns6.nic.uk.  
uk.            172800  IN  NS  nsc.nic.uk.  
uk.            172800  IN  NS  ns2.nic.uk.  
uk.            172800  IN  NS  nsb.nic.uk.  
;; Received 498 bytes from 192.228.79.201#53(b.root-servers.net) in 154 ms

richardallen.co.uk.    172800  IN  NS  ns14.boxsecured.com.  
richardallen.co.uk.    172800  IN  NS  ns13.boxsecured.com.  
;; Received 88 bytes from 195.66.240.130#53(ns1.nic.uk) in 1 ms

richardallen.co.uk.    14400   IN  A   64.120.186.67  
richardallen.co.uk.    86400   IN  NS  ns14.boxsecured.com.  
richardallen.co.uk.    86400   IN  NS  ns13.boxsecured.com.  
;; Received 136 bytes from 64.120.186.94#53(ns14.boxsecured.com) in 82 ms

Public IP

You can use dig to easily get your public IP address to, using;

  
$dig myip.opendns.com @Resolver1.opendns.com +short

Anyway, I'll get round to writing a post about DNS at some point,

Enjoy,

Rich.

Show Comments