DIG - Linux Utility For DNS LookUp

·

3 min read

DIG (Domain Information Groper)

DIG is a Linux command line utility that is used to perform DNS lookups. It queries the DNS resolver and provides the necessary details.

By default, DIG uses the DNS resolver listed in /etc/resolv.conf In most cases, the Dynamic Host Configuration Protocol (DHCP) automatically configures your system to use the IP addresses of your ISP's domain name servers.

Syntax

dig [@global-server] [domain] [q-type]

domain - The name of the resource record that is to be looked up.

q-type - The type of query. One of (A, ANY, MX, NS, SOA, TXT etc) Defaults A record

global-server - Hostname or IP of the DNS resolver to use. If Hostname is provided first it resolves this name before querying with the DNS resolver. Defaults to the resolver provided in /etc/resolv.conf

DNS Lookup And Understanding Output

dig www.google.com

; <<>> DiG 9.10.6 <<>> www.google.com

The first line shows the version of the DIG

;; ANSWER SECTION:

www.google.com. 197 IN A 142.250.193.100

This is the important section, it contains the answer to our query

  • google.com - Name of the server that was queried

  • 197 - TTL in seconds, this is the time after which the record will be refreshed from the cache

  • IN - class of query, IN stands for internet

  • A - Type of record queried, defaults to A unless explicitly asked for another type

  • 142.250.193.100 - IP address associated with the domain name

;; QUESTION SECTION:

;www.google.com. IN A

This section contains the details of the query that we issued to the domain nameserver for the DNS lookup

  • google.com - Name of the server to query

  • IN - class of query

  • A - The type of record, defaults to A unless mentioned

Statistics section

;; Query time: 100 msec

;; SERVER: 192.168.0.1#53(192.168.0.1)

;; WHEN: Thu Apr 13 22:29:05 IST 2023

;; MSG SIZE rcvd: 59

The statistics section holds information about the metadata, it gives details about the amount of time it took to query, the IP address and port of the responding DNS resolver, the timestamp when the command was run and the size of the msg received

Using Custom DNS resolver

The default resolver can be changed by providing the custom nameserver's hostname or IP preceded by @ symbol

dig @8.8.8.8 www.google.com

The following dig command sends a query to Google's DNS resolver

Querying For Specific Record Type

To query for a specific record we need to specify the type of record to the command.

dig MX gmail.com - Query only Mail exchange record
dig A www.google.com - Query Alias record
dig ANY www.google.com - Queries all available records

Tracing complete lookup

dig www.google.com +trace

The +trace option lists each different server through which the request passes to its ultimate destination.

Reverse Lookup

dig -x 142.250.193.100

The reverse lookup is used to lookup a domain name by its IP address

Short And Detailed Answer

dig www.google.com +short

To display only the IP address associated with the domain name, use +short

dig www.google.com +noall +answer

To access detailed information about the answer section use +noall +answer

Manage DIG Behaviour Globally

By configuring options in the ~/.digrc file that will run automatically with the command, it is possible to permanently alter the output of the command.

For example, if you want to have only the IP address as part of the DNS lookup, you can configure ~/.digrc like below

echo "+short" > ~/.digrc

DIG is such a great tool for DNS lookup, I hope this will help you to get started with using DIG for DNS lookup. To explore more you can refer to the DIG manual using the Linux man command.