dig Command in Linux

Introduction

This lab will guide you through using the dig command, a powerful tool for DNS (Domain Name System) querying and network troubleshooting. As a systemadmin, mastering dig is essential. This versatile network administration tool lets you retrieve domain name to IP address mappings, along with other DNS records. We'll begin with the command's purpose and basic syntax, then move on to basic DNS lookups and explore advanced options for more in-depth DNS information.

Key steps covered in this lab:

1. Understanding dig: Learn the purpose and fundamental syntax of the dig command. Explore available options that modify the command's behavior for specific DNS queries.

2. Basic DNS Lookups with dig: Practice using dig to perform simple DNS lookups, such as resolving domain names to their associated IP addresses.

3. Advanced dig Options: Discover how to leverage advanced dig options to retrieve detailed DNS information. Learn to trace referral chains and perform non-recursive queries.

Understand the Purpose and Syntax of the dig Command

Here, you'll learn the purpose and basic syntax of the dig command. This command is a powerful tool for DNS (Domain Name System) queries and crucial for any systemadmin for troubleshooting network issues.

The dig command is a network administration tool designed to query the DNS, retrieve domain name to IP address mappings, and access other DNS records. Its versatility makes it valuable for diagnosing DNS-related problems and performing advanced DNS queries.

Let's start with the basic dig command syntax:

dig [options] [domain]

The dig command structure includes:

• dig: The command itself.
• [options]: Optional flags/parameters to modify dig's behavior.
• [domain]: The domain name or IP address to query.

Common dig command options:

• @server: Specifies the DNS server to use. Essential when needing to query a specific server.
• +trace: Executes a recursive query, following the referral chain to the final destination. Useful for tracing DNS resolution paths.
• +norecurse: Performs a non-recursive query, querying only the specified server.
• +short: Displays a concise output.

Let's try a basic dig command to resolve the IP address for example.com:

dig example.com

Example output:

; <<>> DiG 9.16.1-Ubuntu <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57911
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;example.com.                    IN      A

;; ANSWER SECTION:
example.com.             185     IN      A       93.184.216.34

;; Query time: 14 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Apr 14 10:02:47 UTC 2023
;; MSG SIZE  rcvd: 59

The output displays the IP address (93.184.216.34) associated with example.com.

The next section covers advanced DNS queries using the dig command.

Perform Basic DNS Lookups Using dig

This section teaches you how to perform basic DNS lookups using the dig command.

First, let's look up the IP address for google.com:

dig google.com

Example output:

; <<>> DiG 9.16.1-Ubuntu <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14703
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;google.com.                     IN      A

;; ANSWER SECTION:
google.com.              300     IN      A       142.250.179.78

;; Query time: 14 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Apr 14 10:10:12 UTC 2023
;; MSG SIZE  rcvd: 55

The output shows google.com's IP address is 142.250.179.78.

You can also perform a reverse DNS lookup to find the domain name associated with an IP address. Let's resolve the domain name for 8.8.8.8:

dig -x 8.8.8.8

Example output:

; <<>> DiG 9.16.1-Ubuntu <<>> -x 8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4852
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;8.8.8.8.in-addr.arpa.           IN      PTR

;; ANSWER SECTION:
8.8.8.8.in-addr.arpa.    14400   IN      PTR     dns.google.

;; Query time: 14 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Apr 14 10:10:33 UTC 2023
;; MSG SIZE  rcvd: 73

The output indicates the domain name associated with 8.8.8.8 is dns.google..

Next, we'll explore advanced dig options to retrieve detailed DNS information.

Explore Advanced dig Options for Detailed DNS Information

This section covers using advanced dig options to retrieve more detailed DNS information, essential for systemadmin tasks.

Let's start by performing a DNS lookup with the +trace option, which displays the complete chain of DNS servers used to resolve the domain name:

dig +trace google.com

Example output:

; <<>> DiG 9.16.1-Ubuntu <<>> +trace google.com
;; global options: +cmd
.                       518400  IN      NS      a.root-servers.net.
.                       518400  IN      NS      b.root-servers.net.
...
google.com.             300     IN      A       142.250.179.78

The output shows the step-by-step process of resolving google.com, starting from the root DNS servers and following the referrals to the final IP address. This is invaluable for diagnosing DNS resolution issues as a systemadmin.

Use the +norecurse option to perform a non-recursive DNS lookup, querying only the specified DNS server without following referrals:

dig +norecurse @8.8.8.8 google.com

Example output:

; <<>> DiG 9.16.1-Ubuntu <<>> +norecurse @8.8.8.8 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48840
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.                     IN      A

;; ANSWER SECTION:
google.com.              300     IN      A       142.250.179.78

;; Query time: 33 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Apr 14 10:19:14 UTC 2023
;; MSG SIZE  rcvd: 55

This command queries the Google DNS server (8.8.8.8) directly for google.com, without following referrals. This is helpful when you want to verify a specific DNS server's response.

The +short option provides a more concise output:

dig +short google.com

Example output:

142.250.179.78

This displays only the final IP address, omitting additional information.

Next, you'll practice applying the knowledge gained about the dig command.

Summary

This lab covered the purpose and basic syntax of the dig command, a powerful DNS querying and network troubleshooting tool. You practiced basic DNS lookups to obtain domain name to IP address mappings and explored advanced dig options for detailed DNS information. You also learned to use the @server option to specify DNS servers, the +trace option for recursive queries, and the +short option for concise output. Mastering these skills is crucial for any systemadmin working with Linux or other systems that rely on DNS.

Tác giả

Tôi là một chuyên gia System Administrator (SysAdmin) & DevOps Engineer với hơn 10 năm kinh nghiệm trong lĩnh vực quản trị hệ thống, bảo mật mạng, và tối ưu hạ tầng Cloud. Tôi đã từng làm việc tại các tập đoàn công nghệ lớn và tham gia triển khai nhiều hệ thống High Availability (HA), Load Balancing, Database, container và CI/CD giúp doanh nghiệp hoạt động ổn định với hiệu suất cao. Bài này tôi viết với thời gian đọc khoảng 6 phút. I also wrote a Vietnamese version.