Overview :
DIG stands for domain information groper. DIG is a dns lookup utility in UNIX like operating System. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig command to troubleshoot DNS related problems because of its flexibility, ease of use and clarity of output. Digcommand can operate in interactive command line mode or in batch mode by reading requests from an operating system file. dig by default uses /etc/resolv.conf and queries the name servers listed there.
Example:1 Understand DIG command Output
Synatx : # dig <Domain Name>
# dig nextstep4it.com
When we pass any domain to dig command it simply try to display A record (IP Address) Output of above dig command includes the followings sections:
HEADER : It shows the dig command version number and other header information.
QUESTION SECTION : It displays the what question has been asked , in my case “dig nextstep4it.com” means what is A record(ip address) of nextstep4it.com
ANSWER SECTION : It displays the answer of the questions being asked in question section , so it displays the A Record of nextstep4it.com
AUTHORITY SECTION: It displays which DNS name server that has the authority to respond to this query. Basically this displays available name servers of domain.
Example :2 Query NS records of a Domain
Syntax : # dig <Domain Name> -t <DNS Record>
# dig nextstep4it.com -t NS
In the above command nextstep4it.com is the domain name , -t is option after which we specify which DNS record to Query.
Example:3 Query MX records of a domain
Syntax : # dig <Domain Name> -t MX
# dig google.com -t MX
Above command shows that google.com domain has 5 MX records which has different priorities.
Example:4 Query SPF (Sender Policy Framework) Record of a Domain
SPF Sender Policy Framework (SPF) is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses.
Syntax : # dig <Domain Name> -t txt
# dig google.com -t txt
output will be :
;; ANSWER SECTION:
google.com. 354 IN TXT "v=spf1 include:_spf.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all"
Example:5 Reverse lookups using -x option i.e mapping addresses to names
Dig command by default shows A record (ip address of a domain) but using -x option we can do the reverse lookup.
Synatx : # dig -x <ip-address> +short
# dig -x 173.194.41.182 +short
Output :
lhr08s04-in-f22.1e100.net.
To get the full details of reverse lookup , just remove “+short” option
Example:6 DNS lookup using specific DNS server.
DIG command by default uses DNS servers mentioned in /etc/resolv.conf file, if we want to do DNS lookup using specific DNS server , use below example :
Synatx : # dig @<DNS Server> <Domain Name> -t <Type of DNS Record>
# dig @4.2.2.2 google.com -t MX
Example:7 Display Only ANSWER SECTION in Dig Command Output
Method:1
# dig <Domain Name> +nocomments +noquestion +noauthority +noadditional +nostats
Where :
+nocomments – Turn off the comment lines
+noauthority – Turn off the authority section
+noadditional – Turn off the additional section
+nostats – Turn off the stats section
Method:2
# dig <Domain Name> +noall +answer
Instead of using options "+nocomments +noquestion +noauthority +noadditional +nostats" use +noall (this will turns off answer section also), so add +answer which will show only the answer section.
# dig google.com +noall +answer
Example:8 Multiple DNS Query using 'dig -f' option
Syntax :# dig -f <file name> +noall +answer
create a file “bulkquery.txt” and mentioned the Domain Names , in my case I have used the below :
# cat bulkquery.txt
google.com
yahoo.com
centos.org
Below Command will query MX records for the domains mentioned in “bulkquery.txt” file
# dig -f bulkquery.txt -t MX +noall +answer
