Blogs

How to Use Linux dig Command (DNS Lookup) {With Examples}

Posted on by admin

Introduction

The dig command on Linux is used to collect DNS information. It stands for Domain Information Groper and collects data about domain name servers. The dig command is useful for troubleshooting DNS, but it is also used to display DNS information.

This guide will help you understand and use the Linux dig command.

Prerequisites

A

  • system running

    • Linux

  • A user account with sudo or root privileges Access
  • to a terminal/command line window

Install dig on Linux (optional)

Most modern Linux systems include the dig command

.

Verify that it is installed by checking the software version. To do so, open a command line and enter the following:

dig -v

The system should respond with a numeric code. If the system cannot find the specified command

, install dig by entering the following:

Debian / Ubuntu

: sudo apt-get install dnsutils CentOS

/ RedHat

: sudo yum install bind-utils After the installation

is complete, verify the installation with the following command:

dig -v

For more information about CentOS and RHEL, see our article on How to install dig on CentOS 7 and 8. dig

Syntax The excavation The command is used as follows:

dig [server] [name] [type] [server] – The host name or IP address to which the query is directed[name] – The DNS

(domain name server) of the server to be queried[type] – The type of DNS record to retrieve. By default (or if left blank), dig uses record type A The dig

command

resolves the host name before proceeding with the name server query

. How to use the dig command

with examples

Let’s look at the basic use of the

dig command.

Search

DNS

The dig command allows you to search for a domain name. To perform a DNS lookup, open the terminal and type

: Dig google.com

You should see something similar to the following

: The most important section is the

ANSWER section:

The first column shows the

  • name of the server that was queried

    • The second column is

  • Time to Live, a set period of time after which the record is updated The
  • third column shows the query class – in this case, “IN

    • ” stands for Internet The fourth column shows the

  • type of query; in this case, “A” means a record A (address)

    • The

  • last column shows the IP address associated with the domain name

Other lines can be translated as follows:

The

first line shows the version of the dig command

.

The HEADER section displays the information you received from the server. Flags refer to the response format.

The

OPT PSEUDOSECTION displays advanced

data:

  • EDNS – Extension system for DNS, if used
  • Flags: blank because no UDP flags were specified
  • – UDP packet size

The

QUESTION section displays the query data that was sent:

The first column is the

  • queried domain name

    • The

  • second column is the query
  • type (IN = Internet) The third column specifies the record (A = Address), Unless otherwise specified

The

STATISTICS section displays metadata about the query: Query

time: The

  • amount of time a response took
  • SERVER: The IP address and port of the DNS server responding. You may notice a loopback address on this line: this refers to a local setting that translates DNS addresses

    • WHEN –

  • Timestamp when the
  • MSG command was executed SIZE rcvd – The size of the

DNS server response

Specify DNS server By

default, dig Use local settings to decide which name server to query. Use the following command to specify the Google domain server

: dig @8.8.8.8 google.com The

terminal prints

the following output: ANY option To return all

query results, use the following:

dig google.com

ANY

The system will list all google.com DNS records it finds, along with IP addresses.

Short

answer option To display only the IP address associated with the domain name, Enter

the following: Dig google.com +short The output shows the content as in the following image: Detailed answer option Run +noall +answer with the dig command

to access detailed information in the answers section: dig google.com +noall +answer

The following

example shows the expected result.

Trace

On option +trace Lists each different server through which the query passes to its final destination. Use this command option to identify the IP address where traffic is falling.

dig google.com +trace The

output should look similar to the one seen below

:

Reverse DNS lookup

To search for a domain name by its IP address, type the following: dig -x 172.217.14.238 The

output shows the contents as in the following image: The

-x option allows you to specify

the IP address

instead of a domain name. This can be combined with other options

: dig +noall +answer -x 172.217.14.238

The following example shows the expected result.

Batch mode for reading

host names from a file

To search for multiple entries, start by creating a file to store the domain names

: sudo nano domain_research.txt See the example in the image below: Add several websites of interest as in the

image

below:

Save the file and exit. Now, specify the file using the -f option in the dig command: dig -f domain_research.txt +short See an example of the command output below: Permanently adjust default options The information displayed by dig can be modified in the

~/.digrc file. Open the file for editing with

the following command: sudo nano ~/.digrc

Add the following lines

: +noall +answer

See an example in the image below: Type the

file (ctrl-o

) and exit (ctrl-x).

Run the dig: dig command again google.com You should

only see the responses command, as if you had manually added +noall and +answer

.

Conclusion

You should now be familiar with

the dig command

on Linux. This command can help you find more information about domain name servers.

Next, we recommend learning more about DNS best practices for security and performance and how to flush DNS to delete all saved DNS lookup information.

admin