Hello my fellow Linux Yogi’s,
in today’s illustration I am going to show you in easy examples how to use “dig” to query name server. Dig is a very powerful tool and can be very useful.
By default without any filtering option “dig” provides a lot of information which can be at times too much. Let’s query google.com and have a look at the result.
dig www.google.com
this is what you will get back
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13583 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 282 IN A 216.58.216.4 ;; Query time: 1 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Thu Mar 09 08:20:21 MST 2017 ;; MSG SIZE rcvd: 59
this is a lot of gibberish just for getting back the information of the IP address of www.google.com. Well we can apply filters to our query request. The following are common filtering option.
+noall = Turns off all sections in the result +nocomments = Turns off the comment section in the result +comments = Turns on the comment section in the result +noauthority = Turns off Authority section in the result +authority = Turns on the authority section in the result +noadditional = Turns off the additional section in the result +additional = Turns on the additional section in the result +nostats = Turns off the stats in the result +stats = Turns on the stats in the result +noanswer = Turns off the Answer section in the result (which would not make any sense to do so) +answer = Turns on the Answer section in the result.
Ok let’s go through all those options and see how it presents the results.
dig www.google.com +noall
Result:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com +noall ;; global options: +cmd
Well that’s not very useful isn’t it? How about the next one:
dig www.google.com +nocomment
Result:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com +nocomment ;; global options: +cmd ;www.google.com. IN A www.google.com. 140 IN A 216.58.216.4 ;; Query time: 0 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Thu Mar 09 08:34:36 MST 2017 ;; MSG SIZE rcvd: 59
This is better but still lots of gibberish. How about the next no filter:
dig www.google.com +noauthority
Result:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com +noauthority ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40248 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 300 IN A 216.58.216.4 ;; Query time: 38 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Thu Mar 09 08:37:01 MST 2017 ;; MSG SIZE rcvd: 59
How about the next no filter:
dig www.google.com +noadditional
Result:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com +noadditional ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65017 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 69 IN A 172.217.3.164 ;; Query time: 69 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Thu Mar 09 08:38:26 MST 2017 ;; MSG SIZE rcvd: 59
How about the next no filter:
dig www.google.com +nostats
Result:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com +nostats ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58579 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 298 IN A 172.217.3.164
How about the last no filter on our list:
dig www.google.com +noanswer
Result:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com +noanswer ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47284 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;www.google.com. IN A ;; Query time: 63 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Thu Mar 09 08:41:16 MST 2017 ;; MSG SIZE rcvd: 59
Well nothing really fits what we are looking for. Let’s start combining filters. Try this:
dig www.google.com +nocomments +noquestion +noauthority +noadditional +nostats
Result:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com +nocomments +noquestion +noauthority +noadditional +nostats ;; global options: +cmd www.google.com. 272 IN A 216.58.216.4
Well that looks good but it seems like overkill to enter all those filters each time. There is an easier solution. Let’s try this:
dig www.google.com +noall +answer
In the example above we turned everything off and turned on only the answer.
Result:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com +noall +answer ;; global options: +cmd www.google.com. 133 IN A 216.58.216.4
That looks way better. So with the example above it should give you the idea how to turn on/off filters and present you the results you are looking for. Now lets just query only MX Records and then NS, TXT, SRV & SOA
dig google.com MX
Result:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> google.com MX ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51525 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 11 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;google.com. IN MX ;; ANSWER SECTION: google.com. 600 IN MX 20 alt1.aspmx.l.google.com. google.com. 600 IN MX 10 aspmx.l.google.com. google.com. 600 IN MX 50 alt4.aspmx.l.google.com. google.com. 600 IN MX 40 alt3.aspmx.l.google.com. google.com. 600 IN MX 30 alt2.aspmx.l.google.com. ;; ADDITIONAL SECTION: alt1.aspmx.l.google.com. 293 IN A 74.125.22.26 alt1.aspmx.l.google.com. 293 IN AAAA 2607:f8b0:400d:c06::1a aspmx.l.google.com. 293 IN A 74.125.129.26 aspmx.l.google.com. 293 IN AAAA 2607:f8b0:4001:c17::1a alt4.aspmx.l.google.com. 293 IN A 108.177.15.26 alt4.aspmx.l.google.com. 293 IN AAAA 2a00:1450:400c:c0c::1a alt3.aspmx.l.google.com. 293 IN A 64.233.186.26 alt3.aspmx.l.google.com. 293 IN AAAA 2800:3f0:4003:c00::1b alt2.aspmx.l.google.com. 293 IN A 173.194.213.26 alt2.aspmx.l.google.com. 293 IN AAAA 2607:f8b0:400c:c0a::1b ;; Query time: 43 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Thu Mar 09 08:49:34 MST 2017 ;; MSG SIZE rcvd: 367
If that is too much make some adjustments like the following:
dig google.com MX +noall +answer
Result:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> google.com MX +noall +answer ;; global options: +cmd google.com. 458 IN MX 10 aspmx.l.google.com. google.com. 458 IN MX 50 alt4.aspmx.l.google.com. google.com. 458 IN MX 40 alt3.aspmx.l.google.com. google.com. 458 IN MX 30 alt2.aspmx.l.google.com. google.com. 458 IN MX 20 alt1.aspmx.l.google.com.
Let’s query to find our the Name Server (NS) for google.com
dig google.com NS
Result:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> google.com NS ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46103 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 5 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;google.com. IN NS ;; ANSWER SECTION: google.com. 345376 IN NS ns2.google.com. google.com. 345376 IN NS ns4.google.com. google.com. 345376 IN NS ns1.google.com. google.com. 345376 IN NS ns3.google.com. ;; ADDITIONAL SECTION: ns2.google.com. 86176 IN A 216.239.34.10 ns4.google.com. 78383 IN A 216.239.38.10 ns1.google.com. 86176 IN A 216.239.32.10 ns3.google.com. 86176 IN A 216.239.36.10 ;; Query time: 0 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Thu Mar 09 08:53:39 MST 2017 ;; MSG SIZE rcvd: 175
Let’s query the Text Record(s) (TXT) for google.com
dig google.com TXT
Result:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> google.com TXT ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5339 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;google.com. IN TXT ;; ANSWER SECTION: google.com. 3600 IN TXT "v=spf1 include:_spf.google.com ~all" ;; Query time: 39 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Thu Mar 09 08:55:54 MST 2017 ;; MSG SIZE rcvd: 87
and now lets try to query the Service Record (SRV) for google.com
dig google.com SRV
Result:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> google.com SRV ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25601 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;google.com. IN SRV ;; AUTHORITY SECTION: google.com. 60 IN SOA ns3.google.com. dns-admin.google.com. 149628038 900 900 1800 60 ;; Query time: 42 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Thu Mar 09 08:57:12 MST 2017 ;; MSG SIZE rcvd: 89
and last but not least lets query what the Server of Authority (SOA) is for google.com
dig google.com SOA
Result:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.google.com SOA ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12751 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;www.google.com. IN SOA ;; AUTHORITY SECTION: google.com. 60 IN SOA ns1.google.com. dns-admin.google.com. 149628038 900 900 1800 60 ;; ADDITIONAL SECTION: ns1.google.com. 85858 IN A 216.239.32.10 ;; Query time: 41 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Thu Mar 09 08:58:57 MST 2017 ;; MSG SIZE rcvd: 109
As you have noticed without filters applied dig returns alot of information which you won’t need in most cases so I recommend to always use the following two filters “+noall +answer” which will result a quick and clear answer.
There is still another option you can use to shorten the answer even more. Let’s try this:
dig google.com +noall +answer +short
Result:
172.217.11.238
Wow that is really short. So you can also query absolutely everything with the following command:
dig google.com any
Result:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> google.com any ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52529 ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;google.com. IN ANY ;; ANSWER SECTION: google.com. 171 IN A 172.217.11.238 google.com. 86400 IN NS ns4.google.com. google.com. 60 IN SOA ns4.google.com. dns-admin.google.com. 149628038 900 900 1800 60 google.com. 600 IN MX 20 alt1.aspmx.l.google.com. google.com. 3064 IN TXT "v=spf1 include:_spf.google.com ~all" google.com. 300 IN AAAA 2607:f8b0:400f:800::200e google.com. 86400 IN CAA 0 issue "pki.goog" ;; ADDITIONAL SECTION: ns4.google.com. 77713 IN A 216.239.38.10 ;; Query time: 40 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Thu Mar 09 09:04:49 MST 2017 ;; MSG SIZE rcvd: 267
It returned the following records in this case: A, NS, SOA, MX, TXT, AAAA and CAA
Now you probably asking yourself how to query reverse records? Well here is your answer:
dig -x 172.217.11.238
Result:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x 172.217.11.238 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54356 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;238.11.217.172.in-addr.arpa. IN PTR ;; ANSWER SECTION: 238.11.217.172.in-addr.arpa. 82072 IN PTR den02s01-in-f14.1e100.net. ;; Query time: 3 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Thu Mar 09 09:07:19 MST 2017 ;; MSG SIZE rcvd: 95
or make the result shorter:
dig -x 172.217.11.238 +noall +answer
Result:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x 172.217.11.238 +noall +answer ;; global options: +cmd 238.11.217.172.in-addr.arpa. 82038 IN PTR den02s01-in-f14.1e100.net.
or even shorter:
dig -x 172.217.11.238 +short
Result:
den02s01-in-f14.1e100.net.
How about you like to check against a specific name server? Here you go I am using an open public dns server 208.67.222.222.
dig @208.67.222.222 google.com
Result:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @208.67.222.222 google.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10484 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 300 IN A 172.217.11.238 ;; Query time: 63 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Thu Mar 09 09:13:19 MST 2017 ;; MSG SIZE rcvd: 55
So this concludes this illustration. I hope you can make use of it and like dig much more now. Please subscribe and register to this Blog and it’s Forum. If you like me to write about something in particular use my Contact Form and drop me a line.
Until next time, Namaste my friends 😉