dig

networkingLinux/Unix
The dig command is one of the most frequently used commands in Linux/Unix-like operating systems. dig Query DNS servers for various DNS records and perform DNS lookups

Quick Reference

Command Name:

dig

Category:

networking

Platform:

Linux/Unix

Basic Usage:

dig [options] [arguments]

Common Use Cases

  • 1

    DNS troubleshooting

    Diagnose and resolve DNS-related networking issues

  • 2

    Domain verification

    Verify DNS records for domains you own or manage

  • 3

    DNS propagation checking

    Check if DNS changes have propagated across the internet

  • 4

    Security analysis

    Examine DNS security configurations like DNSSEC

Syntax

dig [@server] [name] [type] [options]

Options

Option Description
@server Specify the DNS server to query (IP address or hostname)
-4 Use IPv4 only for query transport
-6 Use IPv6 only for query transport
-b address Set the source IP address of the query
-p port Set the port to query (default is 53)
-t type Set the query type (A, MX, NS, etc.)
+[no]tcp Use TCP instead of UDP
+[no]dnssec Request DNSSEC records
+[no]short Display terse answer
+[no]identify Show IP address and port of responder
+[no]trace Trace delegation from root down to name

Examples

How to Use These Examples

The examples below show common ways to use the dig command. Try them in your terminal to see the results. You can copy any example by clicking on the code block.

# Basic Examples Basic
dig example.com
Look up the A record for example.com using default DNS server.
dig example.com MX
Look up MX (mail exchange) records for example.com.
dig @8.8.8.8 example.com
Query Google's DNS server (8.8.8.8) for example.com. # Advanced Examples Advanced dig +short example.com Display only the IP address(es) in the answer section. dig -x 192.0.2.1 Perform a reverse DNS lookup to find the hostname for an IP address. dig example.com ANY +noall +answer Look up all record types for example.com, showing only the answer section. dig +trace example.com Trace the delegation path from the root name servers. dig example.com AAAA +dnssec Look up IPv6 address with DNSSEC validation information.

Try It Yourself

Practice makes perfect! The best way to learn is by trying these examples on your own system with real files.

Understanding Syntax

Pay attention to the syntax coloring: commands, options, and file paths are highlighted differently.

Notes

Dig Command Overview: Dig (Domain Information Groper) is a flexible DNS lookup utility used to query DNS servers for resource records. It is the most commonly used tool among system administrators for troubleshooting DNS problems due to its flexibility, ease of use, and clarity of output. Key Features: - Performs DNS lookups and displays answers from name servers - Supports all DNS record types (A, AAAA, MX, NS, SOA, TXT, etc.) - Ability to query specific DNS servers - Can perform reverse DNS lookups - Support for IPv4 and IPv6 - DNSSEC validation capability - Tracing option to follow the DNS resolution process Output Sections: - HEADER: Contains response codes and flags - QUESTION: Shows the query that was sent - ANSWER: The actual response data from the DNS server - AUTHORITY: Lists the authoritative name servers for the domain - ADDITIONAL: Contains supplementary information When to Use Dig: - Troubleshooting DNS resolution issues - Verifying DNS record changes - Checking DNS propagation - Investigating DNS security concerns - Testing DNS server functionality - Tracing DNS delegation paths Dig vs. nslookup and host: While nslookup and host provide similar functionality, dig offers more detailed output and greater control over DNS queries, making it the preferred choice for DNS troubleshooting and debugging.

Tips & Tricks

1

Use the +short option to display only the answer section in a terse format

2

Use the +noall +answer option to display only the answer section

3

Use the -x option to perform a reverse DNS lookup for an IP address

4

Use +trace to follow the DNS resolution process from the root servers

5

Use @server to query a specific DNS server instead of the default

Common Use Cases

DNS troubleshooting

Diagnose and resolve DNS-related networking issues

Domain verification

Verify DNS records for domains you own or manage

DNS propagation checking

Check if DNS changes have propagated across the internet

Security analysis

Examine DNS security configurations like DNSSEC

Server testing

Test specific DNS servers for proper configuration and response

Related Commands

These commands are frequently used alongside dig or serve similar purposes:

Use Cases

1

DNS troubleshooting

Diagnose and resolve DNS-related networking issues

2

Domain verification

Verify DNS records for domains you own or manage

3

DNS propagation checking

Check if DNS changes have propagated across the internet

4

Security analysis

Examine DNS security configurations like DNSSEC

5

Server testing

Test specific DNS servers for proper configuration and response

Learn By Doing

The best way to learn Linux commands is by practicing. Try out these examples in your terminal to build muscle memory and understand how the dig command works in different scenarios.

$ dig
View All Commands