Linux Dig command usage

Dig Introduction:

Dig is a tool that queries DNS including NS records, A records, MX records and other related information in Unix-like command line mode. Since there is still a lack of Dig man page documentation, this article will serve as a guide to using dig.

Dig's source code is part of the ISC BIND package, but most documentation on compiling and installing Bind does not include it. However, on Linux systems, it is usually part of a package, such as bind-tools in Gentoo, bind-utils in Redhat/Fedora, or dnsutils in Debian.

If you are looking for information on how to configure Bind, you can refer to my article: Bind for the mall LAN (http://www.madboa.com/geek/soho-bind/). Understand the default output: The simplest and most common query is to query a single host, but by default, Dig's output is very detailed. You may not need all of the output, but it's certainly worth knowing

Here is an annotated query:

$ dig www.isc.org

Above is the command line I used to call dig.

; <<>> DiG 9.2.3 <<>> www.isc.org
;; global options: printcmd

Part of the dig output tells us some information about its version (version 9.2.3) and global settings. If +nocmd is the first parameter in the command line, then this part of the output can be queried by adding +nocmd.

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43071
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

Here, Dig tells us some technical information returned from DNS. This information can be controlled by the option +[no]comments, but be careful, disabling comments may also turn off some other options.

;; QUESTION SECTION:
;www.isc.org. IN A

In this query section, Dig displays the output of our query. The default query is to query A records. You can display or disable these with the +[no]question option.

;; ANSWER SECTION:
www.isc.org. 600 IN A 204.152.184.88

Finally, we get the results of our query. The address of www.isc.org is 204.152.184.8. I don't know why you prefer to filter out this output, but you can keep these options with +[no]answer.

;; AUTHORITY SECTION:
isc.org. 2351 IN NS ns-int.isc.org.
isc.org. 2351 IN NS ns1.gnac.com.
isc.org. 2351 IN NS ns-ext.isc.org.

This authoritative statement tells us which DNS server provides us with the authoritative answer. In this example, isc.org has 3 Name Servers. You can use the +[no]authority option to keep this output.

;; ADDITIONAL SECTION:
ns1.gnac.com. 171551 IN A 209.182.216.75
ns-int.isc.org. 2351 IN A 204.152.184.65
ns-int.isc.org. 2351 IN AAAA 2001:4f8:0:2::15

These additional options typically include the IP addresses of the authoritative DNS servers listed, and this output can be preserved using the +[no]additional option.

;; Query time: 2046 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Aug 27 08:22:26 2004
;; MSG SIZE rcvd: 173

The last section of the default output contains query statistics, which can be retained with +[no]stats.

What can we query?

Dig allows you to efficiently query DNS. The most commonly used queries are A records, TXT (text comments), MX records, NS records, or any comprehensive query.

Find the A record of yahoo.com: (This must be the domain, not the host, such as my company is xinpindao.com) dig yahoo.com A +noall +answer

Find a list of yahoo.com MX records: dig yahoo.com MX +noall +answer

Find the authoritative DNS for yahoo.com: dig yahoo.com NS +noall +answer

Query all the above records: dig yahoo.com ANY +noall +answer

In the current situation where IPv4 and IPV6 are mixed, you can also use the AAAA option to query the host's IPv6 AAAA record:

dig www.isc.org AAAA +short

If the domain you want to query allows forwarding, you can also query related information, such as the lifetime of the DNS record on the Internet, but now only a few DNS allow unlimited forwarding.

How do we check? Want a concise answer?

When we need a quick answer, the +short option is your best friend:

dig www.isc.org +short
204.152.184.88

Got a not-so-succinct answer?

There is a difference between having a concise answer and having only one answer.

The way to get a detailed answer without the additional information is to use the +noall option, which keeps only the output you want.
Below is a condensed query with only one answer, and finally contains all the configuration information, including TTL data, formatted BIND configuration information.

$ dig fsf.org mx +short
20 mx20.gnu.org.
30 mx30.gnu.org.
10 mx10.gnu.org.
$ dig +nocmd fsf.org mx +noall +answer
fsf.org. 3583 IN MX 30 mx30.gnu.org.
fsf.org. 3583 IN MX 10 mx10.gnu.org.
fsf.org. 3583 IN MX 20 mx20.gnu.org.

Want a detailed answer?

Through its man page, you can get a lengthy multi-line human-friendly commentary of the DSN's SOA record with the +multiline option. Generally speaking, the information obtained with the +multiline option can display a lot, just like the BIND configuration file.

$ dig +nocmd ogi.edu any +multiline +noall +answer
ogi.edu. 14267 IN A 129.95.59.31
ogi.edu. 14267 IN MX 5 cse.ogi.edu.
ogi.edu. 14267 IN MX 15 hermes.admin.ogi.edu.
ogi.edu. 14267 IN SOA zeal.admin.ogi.edu. hostmaster.admin.ogi.edu. (
     200408230 ; serial
     14400; refresh (4 hours)
     900 ; retry (15 minutes)
     3600000; expire (5 weeks 6 days 16 hours)
     14400; minimum (4 hours)
     )
ogi.edu. 14267 IN NS zeal.admin.ogi.edu.
ogi.edu. 14267 IN NS cse.ogi.edu.
ogi.edu. 14267 IN NS fork.admin.ogi.edu.

Finding PTR records?

You can use the -x option to find the host name of an IP address.

$ dig -x 204.152.184.167 +short
mx-1.isc.org.

In this loop, the script flexibly maps the names in the given subnet.

#!/bin/bash
NET=18.7.22
for n in $(seq 1 254); do
 ADDR=${NET}.${n}
 echo -e "${ADDR}\t$(dig -x ${ADDR} +short)"
done

Query a different naming server?

The query command is as follows:

dig @ns1.google.com www.google.com

Use the records in /etc/resolv.conf to query

The host will automatically query the DNS record from the /etc/resolv.conf file

$ host www
www.madboa.com has address 65.102.49.170

However, by default, dig produces some unexpected output. If you want to search for the local host name instead of the full domain name, use the +search option

dig www +search

Handle most of the queries?

If you want to query a large number of host names, you can store them in a text file (one record per line) and use dig with the -f parameter to query them one by one.

# Query a large number of host names dig -f /path/to/host-list.txt
# Same, more explicit output dig -f /path/to/host-list.txt +noall +answer

But what I want to tell you is that dig 9.2.3 and later versions do not support reverse queries using the -f option.

Verify DNS Mapping

Incorrect DNS configuration can cause you a lot of trouble. You can verify your DNS configuration in the following two ways:

1. Each host name should be resolved to an IP address, and that IP address should also point back to that host name.

2. If an address on your subnet is pointed back to a hostname, then that hostname must also point to this IP. There are some exceptions to these two rules, such as CNAME should first resolve to another host name and can only point to one IP. Sometimes multiple host names point to the same IP address, but that IP can only have one PTR record. Together, these should help you check that your DNS mappings are working as you think they are. You can also write a test script that writes in your known hostnames, as shown below, which is very simple; when it is executed, it will break when it catches a CNAME, and it will report an error if multiple hostnames point to the same IP address. We assume that the file containing your hostnames is called named-hosts.

#!/bin/bash
#
# test DNS forward- and reverse-mapping
#
# edit this variable to reflect local class C subnet(s)
NETS="192.168.1 192.168.2"
# Test name to address to name validity
echo
echo -e "\tname -> address -> name"
echo '----------------------------------'
while read H; do
 ADDR=$(dig $H +short)
 if test -n "$ADDR"; then
 HOST=$(dig -x $ADDR +short)
 if test "$H" = "$HOST"; then
  echo -e "ok\t$H -> $ADDR -> $HOST"
 elif test -n "$HOST"; then
  echo -e "fail\t$H -> $ADDR -> $HOST"
 else
  echo -e "fail\t$H -> $ADDR -> [unassigned]"
 fi
 else
 echo -e "fail\t$H -> [unassigned]"
 fi
done < named-hosts
# Test address to name to address validity
echo
echo -e "\taddress -> name -> address"
echo '-------------------------------------'
for NET in $NETS; do
 for n in $(seq 1 254); do
 A=${NET}.${n}
 HOST=$(dig -x $A +short)
 if test -n "$HOST"; then
  ADDR=$(dig $HOST +short)
  if test "$A" = "$ADDR"; then
  echo -e "ok\t$A -> $HOST -> $ADDR"
  elif test -n "$ADDR"; then
  echo -e "fail\t$A -> $HOST -> $ADDR"
  else
  echo -e "fail\t$A -> $HOST -> [unassigned]"
  fi
 fi
 done
done

Interesting dig

Create your own named.root file

Any DNS server connected to the internet will definitely have a copy of InterNIC's named.root file, which lists all of the internet's root DNS. If you're not afraid of the trouble, you can always download it from InterNIC's ftp server, or you can use the dig command to create your own snazzy named.root.

# compare with ftp://ftp.internic.net/domain/named.root
dig +nocmd . NS +noall +answer +additional

Your TTL value may be very small here, but it is the latest named.root file you find!

Tracking dig's query path

You may be a traceroute enthusiast and often like to check how to connect point B from point A. You can do something similar using the dig +trace option.

dig gentoo.de +trace

You can see the root DNS in the header of the dig output, then find the DNS responsible for resolving all *.de, and finally find the domain IP of gentoo.de.

Get SOA Record

As a DNS administrator, I sometimes make changes and want to know if my DNS resolution is still pushing out old data. The +nssearch option can provide clear statistics for your public servers.

# the unvarnished truth
dig cse.ogi.edu +nssearch
# the same, displaying only serial number and hostname
dig cse.ogi.edu +nssearch | cut -d' ' -f4,11

Interpreting TTL Values

I love google for many reasons, one of which is that it provides precise links in my web logs, making it easy for me to pinpoint what types of queries led people to the pages on this site.

Surprisingly, I’ve seen a lot of requests for TTL values. I never thought TTL would become the most popular thing, but you learn new things every day, so here’s a little introduction to TTL by popular request.

If you query an Internet address from your local DNS, the server figures out where to get the authoritative answer and gets the address. Once the server knows the answer, it saves the answer in a local cache to prevent you from querying the same address again at a later time. This way it will quickly get the answer you want from the cache, much faster than if you query it again from the Internet.

When domain administrators configure DNS records, they can decide how long the record should be kept in the cache. This is the TTL value (usually expressed in seconds).

Typically, remote servers only cache records for as long as the TTL value. After the time expires, the server refreshes its local cache and requeries for an authoritative answer.

When you use dig to query a DNS server for a record, the server tells dig how long the record can be kept in the cache. For example, as written above, the TTL value of the MX record of the gmail.com domain is 300s. The administrator of the gmail.com domain requires that the remote server cache its MX record cannot exceed 5 minutes, so when you query that record (gmail.com's MX record) for the first time, dig will tell you a TTL of 300.

$ dig +nocmd gmail.com MX +noall +answer
gmail.com. 300 IN MX 20 gsmtp57.google.com.
gmail.com. 300 IN MX 10 gsmtp171.google.com.
If you check again after a while, you will find that the TTL value has been reduced to 280 (with a 20s interval).
$ dig +nocmd gmail.com MX +noall +answer
gmail.com. 280 IN MX 10 gsmtp171.google.com.
gmail.com. 280 IN MX 20 gsmtp57.google.com.
If your timings are calculated well enough, you will get the last lifetime of the record.
$ dig +nocmd gmail.com MX +noall +answer
gmail.com. 1 IN MX 10 gsmtp171.google.com.
gmail.com. 1 IN MX 20 gsmtp57.google.com.

After that, the DNS server you query will "forget" the answer to this question, and the next time you query this record, the whole cycle will start again (300s in this example).

In Unix and Linux, it is recommended that you use the dig command instead of nslookup. The dig command is much more powerful than nslookup. It is not like nslookup which requires many settings to be done, which is quite troublesome.

Here are some of the more commonly used dig commands:

# The most basic usage of dig: dig @server qianlong.com
# Use dig to view zone data transmission dig @server qianlong.com AXFR
# Use dig to view the incremental transmission of zone data dig @server qianlong.com IXFR=N
# Use dig to view reverse resolution dig -x 124.42.102.203 @server
# Find the authoritative DNS server for a domain dig qianlong.com +nssearch
# Trace the resolution process of a domain name from the root server dig qianlong.com +trace
# Check which F root dns server you are using 
dig +norec @F.ROOT-SERVERS.NET HOSTNAME.BIND CHAOS TXT
# Check the version number of bind dig @bind_dns_server CHAOS TXT version.bind

********************************
You can go to www.isc.org to download a version of bind for windows and install it. After installation, you can use the dig command on windows. ^O^
ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.3.0/BIND9.3.0.zip
*********************************

use

DNS query utility.

grammar

dig [@server] [-b address] [-c class] [-f filename] [-k filename] [ -n ][-p port#] [-t type] [-x addr] [-y name:key] [name] [type] [class] [queryopt...]
dig [-h]
dig [global-queryopt...] [query...]

describe

The dig (Domain Information Searcher) command is a flexible tool for interrogating DNS name servers. It performs a DNS search and displays the responses returned from the requested name servers. Most DNS administrators use dig for troubleshooting DNS problems because of its flexibility, ease of use, and clear output. Although dig is typically used with command-line arguments, it can also read search requests from a file in batch mode. Unlike earlier versions, the BIND9 implementation of dig allows multiple queries to be issued from the command line. Unless told to ask for specific name servers, dig will try all servers listed in /etc/resolv.conf. When no command-line arguments or options are specified, dig performs an NS query for "." (root).

Logo

-b address Set the source IP address of the address to be queried. This must be a valid address on the host's network interface.
-c class The default query class (IN for internet) is overridden by option -c. class can be any valid class, such as HS for Hesiod records or CH for CHAOSNET records.
-f filename Causes dig to run in batch mode, processing a series of search requests read from the file filename. The file contains many queries; one per line. Each entry in the file should be organized in the same way as a query to dig using the command line interface.
-h When option -h is used, a short summary of command line arguments and options is displayed.
-k filename To sign the DNS queries sent by dig and their responses using transaction signatures (TSIG), specify the TSIG key file with option -k.
-n By default, IPv6 addresses are searched using the IP6.ARPA domain and binary notation as defined by RFC2874. To use the earlier RFC1886 method of using the IP6.INT domain and nibble tags, specify option -n (nibble).
-p port# If you need to query a non-standard port number, use option -p. port# is the port number that dig will send its queries to, not the standard DNS port number 53. This option can be used to test a name server that has been configured to listen for queries on a non-standard port number.
-t type Set the query type to type. Can be any valid query type supported by BIND9. The default query type is A unless the -x option is provided to indicate a reverse query. A zone transfer can be requested by specifying the type AXFR. When an incremental zone transfer (IXFR) is required, type is set to ixfr=N. An incremental zone transfer will contain changes made to the zone since the serial number in the zone's SOA record was changed to N.
-x addr Reverse lookups (mapping addresses to names) can be simplified with the -x option. addr is a dot-delimited IPv4 address or a colon-delimited IPv6 address. When using this option, it is not necessary to provide the name, class, and type arguments. dig automatically runs a query for a domain name like 11.12.13.10.in-addr.arpa and sets the query type and class to PTR and IN respectively.
-y name:key You can specify a TSIG key with the -y option on the command line; name is the name of the TSIG cipher and key is the actual cipher. The password is a base64 encrypted string, typically generated by dnssec-keygen(8). The -y option should be used with caution on multi-user systems, since the password may be visible in the output of ps(1) or in the shell's history file. When using dig and TSCG authentication together, the name server being queried needs to know both the password and the decoding rules. In BIND, this is accomplished by providing the correct password and server declarations in named.conf.

parameter

global-queryopt... Global query options (see Multiple Queries).

Query query options (see Query options).

Query Options

dig provides query option numbers that affect the way searches are performed and the display of results. Some set or reset flags in the query request header, some determine which reply messages are displayed, and others determine timeout and retry strategies. Each query option is identified by a keyword prefixed with a (+). Some keywords set or reset an option. Usually the prefix is ​​the string no which negates the meaning of the keyword. Other keywords assign values ​​to options, such as the timeout interval. Their format is +keyword=value. The query options are:
+[no]tcp
Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an AXFR or IXFR request is made, in which case a TCP connection is used.
+[no]vc
Use [do not use] TCP when querying name servers. +[no]tcp's alternate syntax is provided for backward compatibility. vc stands for virtual circuit.
+[no]ignore
Ignore interruptions in UDP responses instead of retrying with TCP. TCP retry is enabled by default.
+domain=somename
Sets the search list to contain the single domain somename, as if specified by a domain directive in /etc/resolv.conf, and enables search list processing as if the +search option had been given.
+[no]search
Use [do not use] the search list or the search list defined by the domain directive in resolv.conf (if any). By default, no search list is used.
+[no]defname
Not recommended as a synonym for +[no]search.
+[no]aaonly
This option does nothing. It is provided to provide compatibility with older versions of dig that set the unimplemented resolver flag.
+[no]adflag
Set [unset] the AD (actual data) bit in the query. Currently the AD bit has a standard meaning only in responses, not in queries, but for completeness this feature MAY be set in queries.
+[no]cdflag
Set [do not set] the CD (check disable) bit in the query. It requests that the server not perform DNSSEC validation on the response information.
+[no]recursive
Toggles the RD (require recursion) bit setting in the query. This bit is set by default, which means that dig normally sends recursive queries. When the query options +nssearch or +trace are used, recursion is automatically disabled.
+[no]nssearch
When this option is set, dig attempts to find the authoritative name servers for the network segment containing the name being searched, and displays the SOA record for each name server in the network segment.
+[no]trace
Switches to proxy path tracing starting from the root name servers for the name being queried. By default, tracing is not used. Once tracing is enabled, dig uses iterative queries to resolve queried names. It will display the answers from each server using the resolution query, following referrals from the root servers.
+[no]cmd
Enables the display of initial comments in the output indicating the version of dig and the query options used. Comments are displayed by default.
+[no]short
Provide brief responses. The default is to display reply messages in verbose format.
+[no]identify
When the +short option is enabled, displays [or does not display] the IP address and port number that provided the reply. If short-form replies are requested, the source address and port number of the server providing the reply are not displayed by default.
+[no]comments
Toggle display of comment lines in the output. The default is to show comments.
+[no]stats
The query options set the statistics displayed: when the query is running, the size of the reply, etc. By default, query statistics are displayed.
+[no]qr
Show [Do not show] the query request sent. Not displayed by default.
+[no]question
When a response is returned, display [do not display] the question portion of the query request. By default, the question section is displayed as a comment.
+[no]answer
Display [Hide] the answer portion of the response. Displayed by default.
+[no]authority
Show [do not show] the authority portion of the response. Displayed by default.
+[no]additional
Show [do not show] the additional part of the response. Displayed by default.
+[no]all
Set or clear all display flags.
+time=T
Set a timeout of T seconds for the query. The default is 5 seconds. If T is set to a number less than 1, the query timeout is 1 second.
+tries=A
Set the number of retries for sending UDP query requests to the server to A, instead of the default 3. If A is less than or equal to 0, 1 is used as the number of retries.
+ndots=D
For completeness, the setting must appear at the point in the name D. The default value is that defined using the ndots statement in /etc/resolv.conf, or 1 if there is no ndots statement. Names with fewer dots are interpreted as relative names and are searched for using the domains in the search list or the domain directive in the file /etc/resolv.conf.
+bufsize=B
Set the UDP message buffer size to B bytes using EDNS0. The maximum and minimum values ​​of the buffer are 65535 and 0 respectively. Values ​​outside this range are automatically rounded to the nearest valid value.
+[no]multiline
Displays SOA-like records in a detailed, multi-line format with human-readable comments. The default is to display one record per line, to make it easier for computers to parse dig's output.

Multiple queries

BIND9 of dig supports specifying multiple queries on the command line (with the added functionality of supporting the -f batch file option). Each query can use its own flags, options, and query options.

In this case, in the command-line syntax described above, each query argument represents an individual query. Each entry consists of any standard options and flags, the name of the query to be queried, an optional query type and class, and any query options applicable to the query.

You can also use a global set of query options that apply to all queries. Global query options must precede the first tuple of name, class, type, options, flags, and query options on the command line. Any of the global query options (except the +[no]cmd option) can be overridden by the query-specific options below. For example:

dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr shows how dig can perform three queries from the command line: an any query for www.isc.org, a reverse query for 127.0.0.1, and a query for the NS records of isc.org. The global query option of +qr is applied so that dig displays the initial query for each query. The last query has a local query option of +noqr, which tells dig not to display the initial query when searching for isc.org's NS records.

Example

A typical dig call looks like:

dig @server name type where:

server

The name or IP address of the name server to be queried. This can be dot-separated IPv4 addresses or colon-separated IPv6 addresses. When the server argument is provided by the host, dig resolves that name before querying the name servers. If no server arguments are given, dig consults /etc/resolv.conf and queries the name servers listed there. Displays the reply from the name server.

name
The name of the resource record to be queried.

type
Displays the desired query type - ANY, A, MX, SIG, any valid query type, etc. If no type parameter is provided, dig will perform a query on record A.

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.