- Unix Commands Reference
- Unix Commands - Home
dig Command in Linux
The dig command in Linux interrogates the DNS and prints the answers returned from the queried server. The dig stands for Domain Information Groper and is primarily used by system administrators to monitor DNS or troubleshoot DNS-related problems.
Table of Contents
- Syntax for the dig Command
- Options for the dig Command
- Query Options for the dig Command
- Using dig Command in Linux
Syntax for the dig Command
The general syntax of the Linux dig command is as follows −
dig [options] [domain] [type] [query_options]
In the above syntax −
- [options] − It is used to mention flags or options to modify the behavior of the command
- [domain] − It is the domain name of the server to query
- [type] − It is an optional parameter to mention the specific DNS record type
- [query_options] − It is used to mention query options to modify the format of the output
The syntax for multiple DNS server queries is given below −
dig [options] [domain1] [query_options] [options] [domain2] [query_options]
In the above syntax, the [domain1] and [domain2] signify two different domain names. You can mention as many domains as you want, however, using a file of domain names and options is recommended.
Options for the dig Command
The commonly used dig command options are listed below −
| Options | Description |
|---|---|
| -b | It is used to mention the source IP |
| -c class |
It is used to specify the query class (default is IN) IN, HS, CH |
| -f file | To query multiple domains from a file |
| -p port | To specify the port number (default is 53) |
| -t type |
To specify the query types (default is A) AAAA, MX, NS, SOA .. |
| -x | For reverse lookup |
| -4 | It forces dig to use IPV4 as query transport |
| -6 | It forces dig to use IPV6 as query transport |
Query Options for the dig Command
The query options display the specific part of the response −
| Query Options | Description |
|---|---|
| +[no]tcp | Use [do not use] TCP for querying (default is UDP) |
| +[no]short | Provide short response (default is verbose) |
| +[no]comments | Toggles the comments of the response |
| +[no]stat | To print [or not print] the statistics (default: stats are printed) |
| +[no]qr | To print [or not print] the query (default: query does not print) |
| +[no]question | To print [or not print] the question section (default: section is printed) |
| +[no]answer | To print [or not print] the answer section (default: section printed) |
| +[no]authority | To print [or not print] the authority section (default: section is printed) |
| +[no]additional | To print [or not print] the additional section (default: section is printed) |
| +[no]all | Toggle to print specific section of the response (default is all) |
| +time=T | To enable the timeout of the query in seconds (default is 5 seconds) |
| +tries=T | To enable the number of tries of the UDP query (default is 3) |
Using the dig Command in Linux
This section demonstrates the dig command usage to lookup the DNS with various, examples in Linux −
Querying a DNS Server
Let’s begin with getting a basic response from querying a domain −
dig google.com
As mentioned earlier, by default, the dig command displays the type A record −
1 − The output's first line displays the dig command version while the second shows the global options. By default, the global command is set to cmd, to suppress it +nocmd can be specified with the command.
2 − This HEADER section shows the operational query type, status, and id. Moreover, it also gives information on response flags such as qr (Query Response), which indicates that this is the response of a query, rd (Recursion Desired) indicates that the source requires a recursive query, and ra (Recursion Available) indicates that the server supports these recursive queries.
QUERY indicates the number of questions the query contains. ANSWER shows the number of answers received. AUTHORITY represents the number of authoritative records, and ADDITIONAL signifies the number of additional records.
3 − The OPT PSEUDOSECTION shows the extended DNS or EDNS version if used. Moreover, it shows the UDP packet size.
4 − The QUESTION SECTION indicates the query details. It displays the domain name (google.com), query class (IN), and record type (A).
5 − The ANSWER SECTION shows the response to the query. It prints the domain name (google.com), time to live TTL (19), query class (IN), record type (A), and IP address associated with the domain name.
6 − The last section is called the statistics section. It shows QUERY TIME which is the time it takes to get a response. The SERVER shows the IP address of the responding server and port. The WHEN displays the time when the command was run. The MSG SIZE rcvd tells the message size that is received from the server.
Displaying Various DNS Records
To query the AAAA record of a domain, specify the record type with the command −
dig google.com AAAA
The AAAA record displays the IPv6 response of the domain.
Similarly, to query the Mail Exchange (MX) record, use −
dig google.com MX
Similarly, the SOA, CNAME, CAA, and other DNS record types can be queried with the dig command.
Modifying the Query Response
The default response of the dig command is verbose. But, it can be made concise using query options.
Let’s modify the response using various query options −
To print the short response use +short −
dig google.com +short
To remove the comment lines from the response, use +nocomments −
dig google.com +nocomments
To display the specific section of the response +noall option is used along with the type of response required in the output. For instance, to display the answer section only −
dig google.com +noall +answer
In this way, any response section, such as the QUESTION section or stats, can be displayed. To display multiple sections, use +noall with the section query options.
dig google.com +noall +answer +stat
Querying Multiple DNS Servers
To display the responses from multiple domain names, simply mention the domain names with the desired options. For example, the following command queries two domains.
The answer section of the first domain and the answer and stat sections of the second domain will be printed −
dig google.com +noall +answer facebook.com +noall +answer +stat
Querying Multiple DNS Servers from a File
To get responses from multiple domains, a file containing domain names can be passed to the dig command using the -f flag −
dig -f file.txt
The cat command shows the file contents. The responses can be shortened using the +short query option.
Reverse Querying the DNS
Reverse querying, or reverse lookup, is a technique used to display the hostname associated with the domain IP. The example is as follows −
dig -x 142.250.201.142
The answer section shows the hostname associated with the given IP address.
Conclusion
The dig command on Linux queries the domain name and displays the IP address associated with it along with other stats. System administrators use this tool to test and troubleshoot DNS issues.
This tutorial covered the basic syntax of using the dig command on Linux, its options, query options, and usage through different examples.