Linux and Unix dig Command Examples

http://www.cyberciti.biz/faq/linux-unix-dig-command-examples-usage-syntax

I am a new Linux/Unix command line user. How do I use dig command line utility to query DNS (Domain Name System) servers on Linux and Unix-like operating systems? How do I use dig command to find the IP address of a host name or host Name of an IP address?

dig command details
Description	Query DNS
Category	Network Utilities
Difficulty	Intermediate
Root privileges	No
Estimated completion time	20m
Contents Syntax DNS record types Examples Understanding dig output Query a nameserver Specifying the query type Show the SOA for domain/zone name Reverse DNS lookup Get a long or short answer Read host names from a file Debug tip: Trace dns path Find Out TTL Set IPv4 or IPv6 query transport mode Options Video See also

The dig command is primarily used to query dns servers. It is useful tool for network troubleshooting. It is popular due to its flexibility, simple to use, and crystal clear output over host command. It is used for the following purposes:

1. Performs DNS lookups.
2. Find host addresses, IP address, mail exchanges (MX), CNAMEs, name servers, and more.
3. Verify ISP dns server and Internet connectivity.
4. Verify spam and blacklisting records.

Purpose

Use dig command for DNS lookup and to query DNS name servers for various resource record.

Syntax

The basic syntax:
dig Hostname
dig DomaiNameHere
dig @DNS-server-name Hostname
dig @DNS-server-name IPAddress
dig @DNS-server-name Hostname|IPAddress type
Where:

1. DNS-server-name - The name or IP address of the name server to query (such as 8.8.8.8 or ns1.cyberciti.biz). If no DNS-server-name is provided, the dig command will use the /etc/resolv.conf file and use name servers listed there.
2. Hostname|IPAddress - The name of the resource record that is to be looked up using DNS-server-name.
3. type - Set the type of query such as A, MX, NS and more.

List of DNS record types

Before you use the dig command you should aware of common types of resource records of the DNS. Here are most common resource records:

Type	Purpose	Examples
A	IPv4 IP address	192.168.1.5 or 75.126.153.206
AAAA	IPv6 IP address	2607:f0d0:1002:51::4
CNAME	Canonical name record (Alias)	s0.cyberciti.org is an alias for d2m4hyssawyie7.cloudfront.net
MX	Email server host names	smtp.cyberciti.biz or mx1.nixcraft.com
NS	Name (DNS) server names	ns1.cyberciti.biz or ns-243.awsdns-30.com
PTR	Pointer to a canonical name. Mostly used for implementing reverse DNS lookups	82.236.125.74.in-addr.arpa
SOA	Authoritative information about a DNS zone	see below
TXT	Text record	see below

By default, dig command looks for A records only.

dig command examples

To find the IP address of the host www.cyberciti.biz, type:
dig www.cyberciti.biz
Sample outputs:

Fig. 01: The default dig command output

Understanding dig command output

The above is simple query for a single host called www.cyberciti.biz. The dig command displays lots of information. Let us try to understand the default dig command output:

1. The questions section displays query type. By default query is for A (Internet address). In this example, I am using dig command to find out an IP address of www.cyberciti.biz.
2. Next, you get the answer to your query in answer section - the address of www.cyberciti.biz is 75.126.153.206.
3. The final section of the dig command contains statistics (stats section) about the query such as name server names, query time and more.

How do I query a different nameserver such as ns1.example.com?

Type the following command:
dig @ns1.example.com Hostname
dig @ns1.example.com IPAddress
dig @ns1.yahoo.com yahoo.com
dig @ns-1287.awsdns-32.org www.cyberciti.biz
Sample outputs (note 205.251.197.7 in the stats section):

; <<>> DiG 9.8.3-P1 <<>> @ns-1287.awsdns-32.org www.cyberciti.biz
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 24233="" id:="" opcode:="" query="" refused="" span="" status:="">
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
 
;; QUESTION SECTION:
;www.cyberciti.biz.  IN A
 
;; Query time: 61 msec
;; SERVER: 205.251.197.7#53(205.251.197.7)
;; WHEN: Mon Jan 13 17:25:10 2014
;; MSG SIZE  rcvd: 35

How do I select the DNS query type?

dig will let you query types. The basic syntax is:

 
dig Hostname|IPAddress type
dig @ns-server-here Hostname|IPAddress type
dig Hostname|IPAddress type
dig [+options] @ns-server-here Hostname|IPAddress type
 

Here are most common examples of dns lookups.

Find the IP address (A) of a Hostname

dig www.cyberciti.biz A
dig @ns-1075.awsdns-06.org www.cyberciti.biz A
dig +short www.cyberciti.biz A
Sample outputs:

75.126.153.206

Find the hostname of an IP address

dig 74.125.236.167

Find the MX (mail exchanges) of a domain/host name

dig cyberciti.biz MX
dig @ns-1075.awsdns-06.org cyberciti.biz MX
dig +short cyberciti.biz MX
Sample outputs:

1 aspmx.l.google.com.
10 aspmx2.googlemail.com.
10 aspmx3.googlemail.com.
5 alt1.aspmx.l.google.com.
5 alt2.aspmx.l.google.com.

Find the NS (name servers) of a domain name

dig cyberciti.biz NS
dig @ns-1075.awsdns-06.org cyberciti.biz NS
dig +short cyberciti.biz NS
Sample outputs:

ns-1075.awsdns-06.org.
ns-1947.awsdns-51.co.uk.
ns-243.awsdns-30.com.
ns-866.awsdns-44.net.

Find the TXT (text annotations) of a domain name

dig google.com TXT
dig +short google.com TXT
dig @8.8.8.8 google.com TXT
Sample outputs:

; <<>> DiG 9.8.3-P1 <<>> google.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 24961="" id:="" noerror="" opcode:="" query="" span="" status:="">
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
 
;; QUESTION SECTION:
;google.com.   IN TXT
 
;; ANSWER SECTION:
google.com.  3590 IN TXT "v=spf1 include:_spf.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all"
 
;; Query time: 29 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Jan 13 17:41:00 2014
;; MSG SIZE  rcvd: 116

ANY query i.e. try all queries to get as much as information possible

You can also try ANY query as follows:
dig cyberciti.biz ANY
dig +short cyberciti.biz ANY
dig @8.8.8.8 cyberciti.biz ANY

Sample outputs:

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 cyberciti.biz ANY
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 54232="" id:="" noerror="" opcode:="" query="" span="" status:="">
;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 0
 
;; QUESTION SECTION:
;cyberciti.biz.   IN ANY
 
;; ANSWER SECTION:
cyberciti.biz.  236 IN A 75.126.153.206
cyberciti.biz.  21536 IN NS ns-1075.awsdns-06.org.
cyberciti.biz.  21536 IN NS ns-1947.awsdns-51.co.uk.
cyberciti.biz.  21536 IN NS ns-243.awsdns-30.com.
cyberciti.biz.  21536 IN NS ns-866.awsdns-44.net.
cyberciti.biz.  836 IN SOA ns-1075.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
cyberciti.biz.  3536 IN MX 1 aspmx.l.google.com.
cyberciti.biz.  3536 IN MX 10 aspmx2.googlemail.com.
cyberciti.biz.  3536 IN MX 10 aspmx3.googlemail.com.
cyberciti.biz.  3536 IN MX 5 alt1.aspmx.l.google.com.
cyberciti.biz.  3536 IN MX 5 alt2.aspmx.l.google.com.
cyberciti.biz.  21536 IN AAAA 2607:f0d0:1002:51::4
 
;; Query time: 31 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Jan 13 17:43:28 2014
;; MSG SIZE  rcvd: 406
 

Show the SOA records for DNS zone name

The syntax is:
dig cyberciti.biz SOA
dig @8.8.8.8 cyberciti.biz SOA
Sample outputs:

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 cyberciti.biz SOA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 35="" id:="" noerror="" opcode:="" query="" span="" status:="">
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
 
;; QUESTION SECTION:
;cyberciti.biz.   IN SOA
 
;; ANSWER SECTION:
cyberciti.biz.  894 IN SOA ns-1075.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
 
;; Query time: 28 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Jan 13 17:44:29 2014
;; MSG SIZE  rcvd: 116
 

OR try:
dig cyberciti.biz +nssearch
Sample outputs:

SOA ns-1075.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 from server 205.251.196.51 in 66 ms.
SOA ns-1075.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 from server 205.251.199.155 in 68 ms.
SOA ns-1075.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 from server 205.251.192.243 in 79 ms.
SOA ns-1075.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 from server 205.251.195.98 in 141 ms.

How do I perform a reverse DNS lookups?

To map addresses to names (reverse lookups), pass the -x option as follows:
dig -x ip-address-here
dig @ns-name-server -x ip-address-here
dig -x 75.126.153.206
dig +short -x 75.126.153.206
Sample outputs:

www.cyberciti.biz.

How do I get a long or short answer?

To get a short answer pass the +short option as follows:
dig +short query
dig +short cyberciti.biz NS
dig @8.8.8.8 +short cyberciti.biz NS
By default dig shows a long answer. You can pass the following additional options to get a fined tuned answer:
dig +multiline +noall +answer +nocmd cyberciti.biz ANY
Sample outputs:

Fig.02: Getting a long ans useful answer about a domain name

Batch mode: Read host names from a file

First create a text file as follow with number of queries, one per line using cat command:

cat > lookup.txt
+short yahoo.com mx
+short google.com mx
+short cyberciti.biz mx

Pass the -f lookup.txt option makes dig operate in batch mode:
dig -f /path/to/lookup.txt
dig -f lookup.txt
Sample outputs:

Fig.03: Doing a bulk/batch dns lookups using dig command

Debug tip: Trace dns path

You can force dig to follow the delegation path from the root name servers for the name being looked up. The syntax is:
dig +trace cyberciti.biz
dig +short +trace cyberciti.biz
dig +short +trace s0.cyberciti.org
Sample outputs:

Fig.04: Tracing of the delegation path from the root name servers

Find out TTL (Time to Live) value for DNS records

Time to live (TTL) is a mechanism that limits the lifetime of dns records in the Domain Name System (DNS). It is set by an authoritative DNS server for particular resource record. The TTL is set in seconds and it is used by caching (recursive) dns server to speed up dns name resolution. The syntax is as follows to find out TTL:
dig +nocmd +noall +answer +ttlid a example.com
dig +nocmd +noall +answer +ttlid A www.cyberciti.biz
Sample outputs:

Fig.05: Finding TTL value using dig command

Set IPv4 or IPv6 query transport mode

Pass the -4 option forces dig to only use IPv4 query transport:
dig -4 query ...
Pass the -6 option forces dig to only use IPv6 query transport:
dig -6 query ..

dig command options

Here is the summary of all important options of the dig command on Linux or Unix-like operating systems:

Command line option	Usage
-x dot-notation	shortcut for reverse lookups
-i	use IP6.INT for IPv6 reverse lookups
-f filename	Batch mode
-b address[#port]	Bind to source address/port
-p port	Specify port number
-q name	Specify query name
-t type	Specify query type
-c class	Specify query class
-k keyfile	Specify tsig key file
-y [hmac:]name:key	Specify named base64 tsig key
-4	Use IPv4 query transport only
-6	Use IPv6 query transport only
-m	Enable memory usage debugging

dig command query options

dig command has a number of query options. Each query option is identified by a keyword preceded by a plus sign (+). Some keywords set or reset an option. These may be preceded by the string no to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form +keyword=value. The query options are:

Option	Usage
+[no]vc	TCP mode
+[no]tcp	TCP mode, alternate syntax
+time=###	Set query timeout [5]
+tries=###	Set number of UDP attempts [3]
+retry=###	Set number of UDP retries [2]
+domain=###	Set default domainname
+bufsize=###	Set EDNS0 Max UDP packet size
+ndots=###	Set NDOTS value
+edns=###	Set EDNS version
+[no]search	Set whether to use searchlist
+[no]showsearch	Search with intermediate results
+[no]defname	Ditto
+[no]recurse	Recursive mode
+[no]ignore	Don't revert to TCP for TC responses.
+[no]fail	Don't try next server on SERVFAIL
+[no]besteffort	Try to parse even illegal messages
+[no]aaonly	Set AA flag in query +[no]aaflag
+[no]adflag	Set AD flag in query
+[no]cdflag	Set CD flag in query
+[no]cl	Control display of class in records
+[no]cmd	Control display of command line
+[no]comments	Control display of comment lines
+[no]question	Control display of question
+[no]answer	Control display of answer
+[no]authority	Control display of authority
+[no]additional	Control display of additional
+[no]stats	Control display of statistics
+[no]short	Disable everything except shortform of answer
+[no]ttlid	Control display of ttls in records
+[no]all	Set or clear all display flags
+[no]qr	Print question before sending
+[no]nssearch	Search all authoritative nameservers
+[no]identify	ID responders in short answers
+[no]trace	Trace delegation down from root
+[no]dnssec	Request DNSSEC records
+[no]nsid	Request Name Server ID
+[no]multiline	Print records in an expanded format
+[no]onesoa	AXFR prints only one soa record

Related media

This tutorials is also available in a quick video format:

See also

• dig(1) command man page
• Resource Record (RR) TYPEs