DNS is a core concept in today’s modern age as we would have the concept of domain names without it. Imagine needing to remember an IP address like 198.51.100.215 Instead of a domain name like namehero.com. Better yet a fill IPv6 address like 2001:DB8:d824:d476:d6e6:ad69:446f:e630. You can see what domains are needed. In this post, we will explore the dig command in Linux, an essential command line tool for looking up DNS records.
What Is DNS?
The Domain Name System also known as DNS, is the system a domain name like namehero.com to an IP address that your device then connects to retrieve from.
What Are DNS Record Types?
In DNS there are different record types each has its uses, for example, there are ones specific to email, DNS, etc.
What Does TTL Mean?
TTL stands for time to live, a value configured by the domain administrator that sets the maximum time a record should be cached for. For more on DNS caching on Linux check out this post.
Installing Dig
Some distributions provide a sub-package that allows you to install dig and a few other utilities without needing to install the full version of bind.
For Debian or Ubuntu, the package names you will want to look for are dnsutils or bind9-dnsutils.
For RedHat, Alma, Rocky, or Centos look for the package name bind-utils.
Introduction To Dig
The dig command is included in bind9 provided by the Internet Systems Consortium. This tool is used to make DNS queries to DNS servers from the command line.
The most basic syntax looks like this.
dig example.com
The results of that command are:
; <<>> DiG 9.18.25 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22810
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1432
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 2601 IN A 93.184.216.34
;; Query time: 976 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Wed Apr 17 15:36:32 EDT 2024
;; MSG SIZE rcvd: 56
What we are going to be most concerned about is the “ANSWER SECTION” as this is the result of the lookup.
This tells us an A record lookup for example.com is currently resolving to the IPv4 address of 93.184.216.34.
Syntax
Building on the most basic syntax this is what the typical syntax looks like:
dig [options] name type
name – is the domain or subdomain you want to look up.
type – The list below contains the most common DNS record types.
Note: It should be noted that order isn’t as important compared to other commands.
Common DNS Record Types
- A – An A record is an IPv4 record that is used to point a domain to an IPv4 address.
- AAAA – An AAAA Recoed is the IPv6 equilvant of an A record
- CNAME – A CNAME records point one domain to the results of another domain.
- MX – An MX record determines where email for a domain should be sent.
- PTR – A PTR record returns a domain for an IP.
- TXT – A TXT record is a text record that allows a string of text to be added to DNS.
- NS – An NS record is a Name server record used when working with name servers.
- SOA – The SOA record contains information about the domain such as the admin email address, primary name server, and serial number.
For a full type list refer to this list.
Options
There are quite a few options and flags for the dig command below are the ones I recommend being aware of:
@server – With this option you specify the IP or domain to which DNS servers the DNS query is made.
-4 – This option indicates that only IPv4 should be used.
-6 – This option indicates that only IPv6 should be used.
-r – This option disables the loading of .digrc.
-f file – This option sets batch mode, where dig reads a list of lookup requests from a file. Each line in the file should be organized in the same way it would be presented as a query to dig.
-p port – This option lets you set a non-standard port for the query.
-t type -This option indicates the resource record type to query, which can be any valid query type. The default query type is A.
-x IP – This option sets simplified reverse lookups, for mapping IP addresses to names.
+short – This option will provide a shorter more concise output. For a standard lookup, it will return just the IP.
+trace – This option starts at the root name servers and traces each step till it gets to the domain you want to look up.
+tcp – Instead of UDP (default) use TCP instead.
+https – This option indicates to use of DNS over HTTPS (DoH) when querying name servers. The request is made using a POST request to port 443.
+timeout=T – This option sets the timeout for a query to T seconds. The default timeout is 5 seconds.
+tls – This option tells dig you want to make the DNS lookup over TLS (DoT) when querying name servers. The default port for DoH of 853 is used unless otherwise specified.
+ttlunits -This option will show the TTL in a more friendly way.
+yaml – When enabled, this option prints the responses in a detailed YAML format.
To see a full list of commands and options for the dig command run the following command or check out an online man page.
man dig
Examples
In this section, we have various DNS query examples using the above options.
Using Short
dig +short example.com MX
This command will return the FQDN of any mail servers for the domain example.com.
Trace
dig +trace example.com
This command will trace the domain starting at the root domain name servers.
Lookup at a specific server
dig @1.1.1.1 example.com TXT
This query will look for text records for the example.com domain via 1.1.1.1.
Reverse DNS Lookup
dig -x +short 1.1.1.1
A reverse DNS lookup for 1.1.1.1, for example, will result in one.one.one.one.
DNS over HTTPS
dig +https @cloudflare-dns.com example.com
This example will make the DNS lookup using DNS over HTTPS (AKA DoH).
DNS over TLS
dig example.com +tls @1.1.1.1
This query will use DNS over TLS via 1.1.1.1.
Did You Know?
If you create a file in your home directory called .digrc you can save your defaults for dig so you don’t have to apply them every time.
Here is an example:
+short +https @cloudflare-dns.com
Conclusion
Today’s technology could never be the same with the core concept of domains and DNS. In this blog post, we have walked through how to use the dig command. From understanding related terms to installing the dig command if it isn’t installed, and performing DNS lookups using the command.
Embracing a lifelong passion for technology since childhood, CJ delved into the intricate workings of systems, captivated by the desire to understand the unknown. This innate curiosity led to his discovery of Linux, a revelation that resonated deeply. With more than 7 years of on the job experience, he’s honed his technical skills as a Geek and Senior Linux Systems Administrator.
Leave a Reply