howtouselinux

Understanding Linux Dig Command

Table of Contents

 

Dig is a very powerful Linux command to query DNS in Linux. We will dive into the dig command output today.

The dig command is a DNS lookup utility that can be used to troubleshoot DNS issues in Linux. It can also be used to query DNS records. The dig command can be used to perform a number of different tasks, including:

  • Querying a single DNS record
  • Querying multiple DNS records
  • Performing a reverse DNS lookup
  • Tracing the DNS lookup path

dig Commands in Linux

 
Command Description Example
dig [hostname] Returns any A record found within the queried hostname’s zone. dig howtouselinux.com
dig [hostname] [record type] Returns the records of that type found within the queried hostname’s zone. dig howtouselinux.com MX
dig [hostname] +short Provides a brief answer, usually just an IP address. dig howtouselinux.com +short
dig @[nameserver address] [hostname] Queries the nameserver directly instead of your ISP’s resolver. dig @dnsmaster6.oracle.com
dig [hostname] +trace Adding +trace instructs dig to resolve the query from the root nameserver downwards and to report the results from each query step. dig howtouselinux.com +trace
dig -X [IP address] Reverse lookup for IP addresses. dig -X 137.254.16.101
dig [hostname] any Returns all records for a hostname. dig howtouselinux.com any

Example of Linux Dig Command Response

The following is a DNS query to get the A record for google.com. We will dive into every section below.

$ dig google.com
; <<>> DiG 9.11.3-1ubuntu1.5-Ubuntu <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6794
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 299 IN A 216.58.208.110
;; Query time: 7 msec
;; SERVER: 10.248.182.164#53(10.248.182.164)
;; WHEN: Wed Jun 23 13:54:31 UTC 2021
;; MSG SIZE rcvd: 55

  • Section 1 Message header
  • Section 2 The QUESTION SECTION: the DNS query for which a response is being sought
  • Section 3 The ANSWER SECTION: the resource record(s) that answer the question
  • Section 4 The AUTHORITY SECTION: the resource record(s) that point to the domain authority
  • Section 5 The ADDITIONAL SECTION: the resource record(s) that may hold additional information

DNS Header in Linux dig command

MESSAGE FORMAT
+———————+
| Header |
+———————+
| Question | the question for the name server
+———————+
| Answer | RRs answering the question
+———————+
| Authority | RRs pointing toward an authority
+———————+
| Additional | RRs holding additional information
+———————+

The HEADER section in Linux dig command

This is a representation of the DNS response packet. It will contain status codes, flags, and sometimes additional diagnostic output. The flags present may include one or more of the following:

  • qr (Query Response): This bit is set when the packet is a query response.
  • aa (Authoritative Answer): The response is authoritative, which means it came from one of the authoritative nameservers for the domain. It did not come from a resolver or DNS cache. We should only see this flag when We directly query an authoritative nameserver using @nameserver.
  • ra (Recursion Available): The nameserver that responded to this query is available for recursion. Typically ra and aa are mutually exclusive, as authoritative nameservers are generally deliberately configured to not offer recursion.
  • rd (Recursion Desired): The query was sent requesting recursion; this is the default behavior for dig, and most of the time it doesn’t make a difference. If the client (dig) requests recursion and is answered by a server that isn’t offering it, there will be no ra flag. We can override sending rd using the +norecurse flag; this becomes a factor when debugging certain CNAME chains
  • cd (Checking Disabled): Do not check the DNSSEC-signed responses for validity.
  • ad (Authenticated Data): A zone is DNSSEC-signed, and all RRs germane to the query have been validated.
  • tc (Truncated): This signals the client to retry over TCP.

The ANSWER section in Linux dig command

The answer section contains the actual response to the lookup.

The AUTHORITY section in Linux dig command

This section will return the list of nameservers that should be authoritative for the query. It is derived from the list of NS RRs in the published zone, not from the set of nameservers that may be delegated for the zone in the TLDs rootzone.

The ADDITIONAL section in Linux dig command

Finally, the ADDITIONAL section will provide references that have been deemed useful for completing the query.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Liquid Web Managed Word Press