Dig is a very powerful Linux command to query DNS in Linux. We will dive into the dig command output today.
The dig command is a DNS lookup utility that can be used to troubleshoot DNS issues in Linux. It can also be used to query DNS records. The dig command can be used to perform a number of different tasks, including:
- Querying a single DNS record
- Querying multiple DNS records
- Performing a reverse DNS lookup
- Tracing the DNS lookup path
dig Commands in Linux
||Returns any A record found within the queried hostname’s zone.||
||Returns the records of that type found within the queried hostname’s zone.||
||Provides a brief answer, usually just an IP address.||
||Queries the nameserver directly instead of your ISP’s resolver.||
||Reverse lookup for IP addresses.||
||Returns all records for a hostname.||
Example of Linux Dig Command Response
The following is a DNS query to get the A record for google.com. We will dive into every section below.
$ dig google.com
; <<>> DiG 9.11.3-1ubuntu1.5-Ubuntu <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6794
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 299 IN A 18.104.22.168
;; Query time: 7 msec
;; SERVER: 10.248.182.164#53(10.248.182.164)
;; WHEN: Wed Jun 23 13:54:31 UTC 2021
;; MSG SIZE rcvd: 55
- Section 1 Message header
- Section 2 The QUESTION SECTION: the DNS query for which a response is being sought
- Section 3 The ANSWER SECTION: the resource record(s) that answer the question
- Section 4 The AUTHORITY SECTION: the resource record(s) that point to the domain authority
- Section 5 The ADDITIONAL SECTION: the resource record(s) that may hold additional information
DNS Header in Linux dig command
| Header |
| Question | the question for the name server
| Answer | RRs answering the question
| Authority | RRs pointing toward an authority
| Additional | RRs holding additional information
The HEADER section in Linux dig command
This is a representation of the DNS response packet. It will contain status codes, flags, and sometimes additional diagnostic output. The flags present may include one or more of the following:
- qr (Query Response): This bit is set when the packet is a query response.
- aa (Authoritative Answer): The response is authoritative, which means it came from one of the authoritative nameservers for the domain. It did not come from a resolver or DNS cache. We should only see this flag when We directly query an authoritative nameserver using @nameserver.
- ra (Recursion Available): The nameserver that responded to this query is available for recursion. Typically ra and aa are mutually exclusive, as authoritative nameservers are generally deliberately configured to not offer recursion.
- rd (Recursion Desired): The query was sent requesting recursion; this is the default behavior for dig, and most of the time it doesn’t make a difference. If the client (dig) requests recursion and is answered by a server that isn’t offering it, there will be no ra flag. We can override sending rd using the +norecurse flag; this becomes a factor when debugging certain CNAME chains
- cd (Checking Disabled): Do not check the DNSSEC-signed responses for validity.
- ad (Authenticated Data): A zone is DNSSEC-signed, and all RRs germane to the query have been validated.
- tc (Truncated): This signals the client to retry over TCP.
The ANSWER section in Linux dig command
The answer section contains the actual response to the lookup.
The AUTHORITY section in Linux dig command
This section will return the list of nameservers that should be authoritative for the query. It is derived from the list of NS RRs in the published zone, not from the set of nameservers that may be delegated for the zone in the TLDs rootzone.
The ADDITIONAL section in Linux dig command
Finally, the ADDITIONAL section will provide references that have been deemed useful for completing the query.