DIG (Domain Information Groper)
DIG is a Linux command line utility that is used to perform DNS lookups. It queries the DNS resolver and provides the necessary details.
By default, DIG uses the DNS resolver listed in /etc/resolv.conf
In most cases, the Dynamic Host Configuration Protocol (DHCP) automatically configures your system to use the IP addresses of your ISP's domain name servers.
Syntax
dig [@global-server] [domain] [q-type]
domain - The name of the resource record that is to be looked up.
q-type - The type of query. One of (A, ANY, MX, NS, SOA, TXT etc) Defaults A record
global-server - Hostname or IP of the DNS resolver to use. If Hostname is provided first it resolves this name before querying with the DNS resolver. Defaults to the resolver provided in /etc/resolv.conf
DNS Lookup And Understanding Output
dig www.google.com
; <<>> DiG 9.10.6 <<>> www.google.com
The first line shows the version of the DIG
;; ANSWER SECTION:
www.google.com. 197 IN A 142.250.193.100
This is the important section, it contains the answer to our query
google.com - Name of the server that was queried
197 - TTL in seconds, this is the time after which the record will be refreshed from the cache
IN - class of query, IN stands for internet
A - Type of record queried, defaults to A unless explicitly asked for another type
142.250.193.100 - IP address associated with the domain name
;; QUESTION SECTION:
;www.google.com. IN A
This section contains the details of the query that we issued to the domain nameserver for the DNS lookup
google.com - Name of the server to query
IN - class of query
A - The type of record, defaults to A unless mentioned
Statistics section
;; Query time: 100 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Thu Apr 13 22:29:05 IST 2023
;; MSG SIZE rcvd: 59
The statistics section holds information about the metadata, it gives details about the amount of time it took to query, the IP address and port of the responding DNS resolver, the timestamp when the command was run and the size of the msg received
Using Custom DNS resolver
The default resolver can be changed by providing the custom nameserver's hostname or IP preceded by @ symbol
dig @8.8.8.8 www.google.com
The following dig command sends a query to Google's DNS resolver
Querying For Specific Record Type
To query for a specific record we need to specify the type of record to the command.
dig MX gmail.com - Query only Mail exchange record
dig A www.google.com - Query Alias record
dig ANY www.google.com - Queries all available records
Tracing complete lookup
dig www.google.com +trace
The +trace option lists each different server through which the request passes to its ultimate destination.
Reverse Lookup
dig -x 142.250.193.100
The reverse lookup is used to lookup a domain name by its IP address
Short And Detailed Answer
dig www.google.com +short
To display only the IP address associated with the domain name, use +short
dig www.google.com +noall +answer
To access detailed information about the answer section use +noall +answer
Manage DIG Behaviour Globally
By configuring options in the ~/.digrc
file that will run automatically with the command, it is possible to permanently alter the output of the command.
For example, if you want to have only the IP address as part of the DNS lookup, you can configure ~/.digrc
like below
echo "+short" > ~/.digrc
DIG is such a great tool for DNS lookup, I hope this will help you to get started with using DIG for DNS lookup. To explore more you can refer to the DIG manual using the Linux man command.