Introduction The dig command in Linux is used to gather DNS information. It stands for Domain Information Groper, and it collects data about Domain Name Servers. The dig command is helpful for troubleshooting DNS problems, but is also used to display DNS information. This guide will help you understand and use the Linux dig command. Prerequisites
Most modern Linux systems include the dig command. Verify that it’s installed by checking the software version. To do so, open a command line and enter the following: dig -vThe system should respond with a numeric code. If the system can’t find the command specified, install dig by entering the following: Debian / Ubuntu: sudo apt-get install dnsutilsCentOS / RedHat: sudo yum install bind-utilsOnce the installation finishes, verify the installation with the following command: dig -vFor more information on CentOS and RHEL, please refer to our article on How to Install dig on CentOS 7 and 8. The dig command is used as follows: dig [server] [name] [type][server] – The hostname or IP address the query is directed to
Common DNS record types:
Learn about other types by referring to our complete list in DNS Record Types Explained. The dig command resolves the hostname before proceeding with querying the name server. Let's look at the basic usage of the dig command. The dig command enables searching for a domain name. To perform a DNS lookup, open the terminal and type: dig google.comYou should see something similar to the following: The most important section is the ANSWER section:
Other lines can be translated as follows: The first line displays the version of the dig command. The HEADER section shows the information it received from the server. Flags refer to the answer format. The OPT PSEUDOSECTION displays advanced data:
The QUESTION section displays the query data that was sent:
The STATISTICS section shows metadata about the query:
By default, dig uses the local configuration to decide which nameserver to query. Use the following command to specify Google’s domain server: dig @8.8.8.8 google.comThe terminal prints out the following output:
Note: Other domain nameservers can be specified here, such as your server hosting company or the internet service provider’s DNS server. To return all of the results of the query, use the following: dig google.com ANYThe system will list all google.com DNS records that it finds, along with the IP addresses.
Note: Any other type of record can be substituted for the ANY option. This includes the MX (mail exchange) type, A (Address) type, SIG (Signature) type, etc. There are many different DNS record types. If you are not sure, leave the type option blank. To display only the IP address associated with the domain name, enter the following: dig google.com +shortThe output displays the content as in the image below: Run +noall +answer with the dig command to access detailed information in the answers section: dig google.com +noall +answerThe example below displays the expected output. The +trace option lists each different server the query goes through to its final destination. Use this command option to identify the IP address where traffic is dropping. dig google.com +traceThe output should be similar to the one seen below: To look up a domain name by its IP address, type the following: dig -x 172.217.14.238The output displays content as in the image below:
The example below displays the expected output.
Note: To learn more about how to resolve an IP address back to a domain name, the opposite of a forward DNS query, check out our article about Reverse DNS lookup (rDNS). To look up multiple entries, start by creating a file to store the domain names: sudo nano domain_research.txtSee example on the image below: Add several websites of interest as in the image below: Save the file and exit. Now, specify the file using the -f option in the dig command: dig -f domain_research.txt +shortSee an example of the output of the command below:
Note: The +short option keeps the results manageable. Any other option can be used instead. The information displayed by dig can be altered in the ~/.digrc file. Open the file for editing with the following command: sudo nano ~/.digrcAdd the following lines: +noall +answerSee an example in the image below: Write the file (ctrl–o) and exit (ctrl–x). Run the dig command again: dig google.comYou should only see the answers command, as if you had manually added +noall and +answer. Conclusion You should now be familiar with the dig command in Linux. This command can help you find more information about Domain Nameservers. Next, we recommend learning more about best DNS practices for security and performance and how to flush DNS to delete all saved DNS lookup information. |