Posted on by Michael St. John

How to use “dig” to query name servers

Hello my fellow Linux Yogi’s,

in today’s illustration I am going to show you in easy examples how to use “dig” to query name server. Dig is a very powerful tool and can be very useful.

By default without any filtering option “dig” provides a lot of information which can be at times too much. Let’s query google.com and have a look at the result.

dig www.google.com

this is what you will get back

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13583
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 282 IN A 216.58.216.4

;; Query time: 1 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Mar 09 08:20:21 MST 2017
;; MSG SIZE rcvd: 59

this is a lot of gibberish just for getting back the information of the IP address of www.google.com. Well we can apply filters to our query request. The following are common filtering option.

+noall          = Turns off all sections in the result
+nocomments     = Turns off the comment section in the result
+comments       = Turns on the comment section in the result
+noauthority    = Turns off Authority section in the result
+authority      = Turns on the authority section in the result
+noadditional   = Turns off the additional section in the result
+additional     = Turns on the additional section in the result
+nostats        = Turns off the stats in the result
+stats          = Turns on the stats in the result
+noanswer       = Turns off the Answer section in the result (which would not make any sense to do so)
+answer         = Turns on the Answer section in the result.

Ok let’s go through all those options and see how it presents the results.

dig www.google.com +noall

Result:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com +noall
;; global options: +cmd

Well that’s not very useful isn’t it? How about the next one:

dig www.google.com +nocomment

Result:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com +nocomment
;; global options: +cmd
;www.google.com. IN A
www.google.com. 140 IN A 216.58.216.4
;; Query time: 0 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Mar 09 08:34:36 MST 2017
;; MSG SIZE rcvd: 59

This is better but still lots of gibberish.  How about the next no filter:

dig www.google.com +noauthority

Result:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com +noauthority
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40248
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 300 IN A 216.58.216.4

;; Query time: 38 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Mar 09 08:37:01 MST 2017
;; MSG SIZE rcvd: 59

How about the next no filter:

dig www.google.com +noadditional

Result:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com +noadditional
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65017
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 69 IN A 172.217.3.164

;; Query time: 69 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Mar 09 08:38:26 MST 2017
;; MSG SIZE rcvd: 59

How about the next no filter:

dig www.google.com +nostats

Result:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com +nostats
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58579
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 298 IN A 172.217.3.164

How about the last no filter on our list:

dig www.google.com +noanswer

Result:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com +noanswer
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47284
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;www.google.com. IN A

;; Query time: 63 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Mar 09 08:41:16 MST 2017
;; MSG SIZE rcvd: 59

Well nothing really fits what we are looking for. Let’s start combining filters. Try this:

dig www.google.com +nocomments +noquestion +noauthority +noadditional +nostats

Result:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com +nocomments +noquestion +noauthority +noadditional +nostats
;; global options: +cmd
www.google.com. 272 IN A 216.58.216.4

Well that looks good but it seems like overkill to enter all those filters each time. There is an easier solution. Let’s try this:

dig www.google.com +noall +answer

In the example above we turned everything off and turned on only the answer.

Result:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com +noall +answer
;; global options: +cmd
www.google.com. 133 IN A 216.58.216.4

That looks way better. So with the example above it should give you the idea how to turn on/off filters and present you the results you are looking for. Now lets just query only MX Records and then NS, TXT, SRV & SOA

dig google.com MX

Result:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> google.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51525
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 11

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;google.com. IN MX

;; ANSWER SECTION:
google.com. 600 IN MX 20 alt1.aspmx.l.google.com.
google.com. 600 IN MX 10 aspmx.l.google.com.
google.com. 600 IN MX 50 alt4.aspmx.l.google.com.
google.com. 600 IN MX 40 alt3.aspmx.l.google.com.
google.com. 600 IN MX 30 alt2.aspmx.l.google.com.

;; ADDITIONAL SECTION:
alt1.aspmx.l.google.com. 293 IN A 74.125.22.26
alt1.aspmx.l.google.com. 293 IN AAAA 2607:f8b0:400d:c06::1a
aspmx.l.google.com. 293 IN A 74.125.129.26
aspmx.l.google.com. 293 IN AAAA 2607:f8b0:4001:c17::1a
alt4.aspmx.l.google.com. 293 IN A 108.177.15.26
alt4.aspmx.l.google.com. 293 IN AAAA 2a00:1450:400c:c0c::1a
alt3.aspmx.l.google.com. 293 IN A 64.233.186.26
alt3.aspmx.l.google.com. 293 IN AAAA 2800:3f0:4003:c00::1b
alt2.aspmx.l.google.com. 293 IN A 173.194.213.26
alt2.aspmx.l.google.com. 293 IN AAAA 2607:f8b0:400c:c0a::1b

;; Query time: 43 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Mar 09 08:49:34 MST 2017
;; MSG SIZE rcvd: 367

If that is too much make some adjustments like the following:

dig google.com MX +noall +answer

Result:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> google.com MX +noall +answer
;; global options: +cmd
google.com. 458 IN MX 10 aspmx.l.google.com.
google.com. 458 IN MX 50 alt4.aspmx.l.google.com.
google.com. 458 IN MX 40 alt3.aspmx.l.google.com.
google.com. 458 IN MX 30 alt2.aspmx.l.google.com.
google.com. 458 IN MX 20 alt1.aspmx.l.google.com.

Let’s query to find our the Name Server (NS) for google.com

dig google.com NS

Result:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> google.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46103
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;google.com. IN NS

;; ANSWER SECTION:
google.com. 345376 IN NS ns2.google.com.
google.com. 345376 IN NS ns4.google.com.
google.com. 345376 IN NS ns1.google.com.
google.com. 345376 IN NS ns3.google.com.

;; ADDITIONAL SECTION:
ns2.google.com. 86176 IN A 216.239.34.10
ns4.google.com. 78383 IN A 216.239.38.10
ns1.google.com. 86176 IN A 216.239.32.10
ns3.google.com. 86176 IN A 216.239.36.10

;; Query time: 0 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Mar 09 08:53:39 MST 2017
;; MSG SIZE rcvd: 175

Let’s query the Text Record(s) (TXT) for google.com

dig google.com TXT

Result:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> google.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5339
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;google.com. IN TXT

;; ANSWER SECTION:
google.com. 3600 IN TXT "v=spf1 include:_spf.google.com ~all"

;; Query time: 39 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Mar 09 08:55:54 MST 2017
;; MSG SIZE rcvd: 87

and now lets try to query the Service Record (SRV) for google.com

dig google.com SRV

Result:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> google.com SRV
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25601
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;google.com. IN SRV

;; AUTHORITY SECTION:
google.com. 60 IN SOA ns3.google.com. dns-admin.google.com. 149628038 900 900 1800 60

;; Query time: 42 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Mar 09 08:57:12 MST 2017
;; MSG SIZE rcvd: 89

and last but not least lets query what the Server of Authority (SOA) is for google.com

dig google.com SOA

Result:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com SOA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12751
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;www.google.com. IN SOA

;; AUTHORITY SECTION:
google.com. 60 IN SOA ns1.google.com. dns-admin.google.com. 149628038 900 900 1800 60

;; ADDITIONAL SECTION:
ns1.google.com. 85858 IN A 216.239.32.10

;; Query time: 41 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Mar 09 08:58:57 MST 2017
;; MSG SIZE rcvd: 109

As you have noticed without filters applied dig returns alot of information which you won’t need in most cases so I recommend to always use the following two filters “+noall +answer” which will result a quick and clear answer.

There is still another option you can use to shorten the answer even more. Let’s try this:

dig google.com +noall +answer +short

Result:

172.217.11.238

Wow that is really short. So you can also query absolutely everything with the following command:

dig google.com any

Result:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> google.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52529
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;google.com. IN ANY

;; ANSWER SECTION:
google.com. 171 IN A 172.217.11.238
google.com. 86400 IN NS ns4.google.com.
google.com. 60 IN SOA ns4.google.com. dns-admin.google.com. 149628038 900 900 1800 60
google.com. 600 IN MX 20 alt1.aspmx.l.google.com.
google.com. 3064 IN TXT "v=spf1 include:_spf.google.com ~all"
google.com. 300 IN AAAA 2607:f8b0:400f:800::200e
google.com. 86400 IN CAA 0 issue "pki.goog"

;; ADDITIONAL SECTION:
ns4.google.com. 77713 IN A 216.239.38.10

;; Query time: 40 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Mar 09 09:04:49 MST 2017
;; MSG SIZE rcvd: 267

It returned the following records in this case: A, NS, SOA, MX, TXT, AAAA and CAA

Now you probably asking yourself how to query reverse records? Well here is your answer:

dig -x 172.217.11.238

Result:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x 172.217.11.238
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54356
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;238.11.217.172.in-addr.arpa. IN PTR

;; ANSWER SECTION:
238.11.217.172.in-addr.arpa. 82072 IN PTR den02s01-in-f14.1e100.net.

;; Query time: 3 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Mar 09 09:07:19 MST 2017
;; MSG SIZE rcvd: 95

or make the result shorter:

dig -x 172.217.11.238 +noall +answer

Result:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x 172.217.11.238 +noall +answer
;; global options: +cmd
238.11.217.172.in-addr.arpa. 82038 IN PTR den02s01-in-f14.1e100.net.

or even shorter:

dig -x 172.217.11.238 +short

Result:

den02s01-in-f14.1e100.net.

How about you like to check against a specific name server? Here you go I am using an open public dns server 208.67.222.222.

dig @208.67.222.222 google.com

Result:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @208.67.222.222 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10484
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 300 IN A 172.217.11.238

;; Query time: 63 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Thu Mar 09 09:13:19 MST 2017
;; MSG SIZE rcvd: 55

So this concludes this illustration. I hope you can make use of it and like dig much more now.  Please subscribe and register to this Blog and it’s Forum. If you like me to write about something in particular use my Contact Form and drop me a line.

Until next time, Namaste my friends 😉