Dig is a powerful command-line tool for querying DNS name servers.
It allows you to query information about various DNS records, including host addresses, mail exchanges, and name servers. It is the most commonly used tool among system administrators for troubleshooting DNS problems because of its flexibility and ease of use.
Install dig on Mac and Ubuntu
Mac - brew install bindUbuntu - sudo apt update && sudo apt install dnsutils
To check if the dig command is available on your system type:
The output should look something like this:
<<>> DiG 9.10.6 <<>>global options: +cmd
If dig is not present on your system, the command above will print "dig: command not found". The tool can be installed using the distro's package manager.
1. Get a Short Answer
To get a short answer to your query, use the +short option:
dig mac.org +short104.18.59.123 104.18.58.123
The output will include only the IP addresses of the A record.
2. Get a Detailed Answer
For more a detailed answer, turn off all the results using the +noall options and then turn on only the answer section with the +answer option.
dig mac.org +noall +answer; <<>> DiG 9.13.3 <<>> mac.org +noall +answer ;; global options: +cmd mac.org. 67 IN A 104.18.58.123 mac.org. 67 IN A 104.18.59.123
Query Specific Name Server
By default, if no name server is specified, dig uses the servers listed in /etc/resolv.conf file.
To specify a name server against which the query will be executed, use the @ (at) symbol followed by the name server IP address or hostname.
For example, to query the Google name server (8.8.8.8) for information about the mac.org the domain you would use:
dig mac.org @8.8.8.8; <<>> DiG 9.13.3 <<>> mac.org @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39110 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;mac.org. IN A ;; ANSWER SECTION: mac.org. 299 IN A 104.18.58.123 mac.org. 299 IN A 104.18.59.123 ;; Query time: 54 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Fri Oct 12 14:28:01 CEST 2018 ;; MSG SIZE rcvd: 70
Query a Record Type
Dig allows you to perform any valid DNS query by appending the record type to the end of the query. In the following section, we will show you examples of how to search for the most common records, such as A (the IP address), CNAME (canonical name), TXT (text record), MX (mail exchanger), and NS (name servers).
1. Querying A records
To get a list of all the address(es) for a domain name, use the a option:
dig +nocmd google.com a +noall +answergoogle.com. 128 IN A 216.58.206.206
As you already know, if no DNS record type is specified, dig will request the A record. You can also query the A record without specifying the a option.
2. Querying CNAME records
To find the alias domain name use the cname option:
dig +nocmd mail.google.com cname +noall +answermail.google.com. 553482 IN CNAME googlemail.l.google.com.
3. Querying TXT records
Use the txt option to retrieve all the TXT records for a specific domain:
dig +nocmd google.com txt +noall +answergoogle.com. 300 IN TXT "facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95" google.com. 300 IN TXT "v=spf1 include:_spf.google.com ~all" google.com. 300 IN TXT "docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e"
4. Querying MX records
To get a list of all the mail servers for a specific domain using the mx option:
dig +nocmd google.com mx +noall +answergoogle.com. 494 IN MX 30 alt2.aspmx.l.google.com. google.com. 494 IN MX 10 aspmx.l.google.com. google.com. 494 IN MX 40 alt3.aspmx.l.google.com. google.com. 494 IN MX 50 alt4.aspmx.l.google.com. google.com. 494 IN MX 20 alt1.aspmx.l.google.com.
5. Querying NS records
To find the authoritative name servers for our specific domain use the ns option:
dig +nocmd google.com ns +noall +answergoogle.com. 84527 IN NS ns1.google.com. google.com. 84527 IN NS ns2.google.com. google.com. 84527 IN NS ns4.google.com. google.com. 84527 IN NS ns3.google.com.
6. Querying All Records
Use the any option to get a list of all DNS records for a specific domain:
dig +nocmd google.com any +noall +answergoogle.com. 299 IN A 216.58.212.14 google.com. 299 IN AAAA 2a00:1450:4017:804::200e google.com. 21599 IN NS ns2.google.com. google.com. 21599 IN NS ns1.google.com. google.com. 599 IN MX 30 alt2.aspmx.l.google.com. google.com. 21599 IN NS ns4.google.com. google.com. 599 IN MX 50 alt4.aspmx.l.google.com. google.com. 599 IN MX 20 alt1.aspmx.l.google.com. google.com. 299 IN TXT "docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e" google.com. 21599 IN CAA 0 issue "pki.goog" google.com. 599 IN MX 40 alt3.aspmx.l.google.com. google.com. 3599 IN TXT "facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95" google.com. 21599 IN NS ns3.google.com. google.com. 599 IN MX 10 aspmx.l.google.com. google.com. 3599 IN TXT "v=spf1 include:_spf.google.com ~all" google.com. 59 IN SOA ns1.google.com. dns-admin.google.com. 216967258 900 900 1800 60
Conclusion
dig is a command-line tool for querying DNS information and troubleshooting DNS related issues.
