Skip to main content

Getting started with dig - DNS troubleshooting

Getting started with dig

Please note that this blog post is not an in-depth guide on DNS and dig. It will provide you with the basics, and more advanced topics that are out of the scope. Some more advanced topics are DNS over HTTPs/TLS, all kinds of methods to format the results, DNSSEC, and so on. I'll go into more detail in separate posts.

Basic usage

Dig stands for 'Domain Information Groper' and is a great tool to troubleshoot DNS issues or get information about certain domains. It is an excellent alternative to nslookup and host and generally presents results that are more script-friendly.

The typical syntax is the following:
dig @server name type
@server - is the IP or name of the name server you want to handle the request. It is optional and if it is not specified, dig checks /etc/resolv.conf.
name - is the host or domain name for the request
type - the DNS type that is requested. It is optional and if it is not specified, dig will use the A record.

Basic example with line numbers added:

kuser@pleasejustwork:~$ dig ittavern.com

 1 ; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> ittavern.com
 2 ;; global options: +cmd
 3 ;; Got answer:
 4 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64814
 5 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
 6 
 7 ;; OPT PSEUDOSECTION:
 8 ; EDNS: version: 0, flags:; udp: 65494
 9 ;; QUESTION SECTION:
10 ;ittavern.com.                  IN      A
11 
12 ;; ANSWER SECTION:
13 ittavern.com.           600     IN      A       95.216.194.187
14 
15 ;; Query time: 40 msec
16 ;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
17 ;; WHEN: Fri Oct 13 20:26:34 CEST 2023
18 ;; MSG SIZE  rcvd: 67

Without providing too many options, we already get a lot of information, and I'll try to get into more detail in the following sections.

Let us start with line 4: the status field is the first indicator of the request's success.

NOERROR:
There was no problem. All requested information were delivered.
SERVFAIL:
The requested name exists, but there's no data available or the data is invalid.
NXDOMAIN:
The requested name doesn't exist.
REFUSED:
The zone doesn't exist at the name server.

I'll go into more detail of the other information when we talk about the usage.


Basic commands

To get the version of dig:
-v
To get more information
-h
man dig
Chose the DNS record type:
dig ittavern.com mx
this would be an example of requesting an MX record. The default is an A record.
you can add the flag -t in front of it to separate it from the rest and make it more verbose
the ANY request to get all entries won't be answered from most name servers
I couldn't find a way to request all records for a domain without a script
Start a reverse lookup:
-x
if you want to lookup a name behind an IP
you don't have to specify the PTR type or IN class.

Choose a specific name server with @:
dig @9.9.9.9 ittavern.com
Specify the source IP and source port:
-b address[#port]
dig ittavern.com -b 10.10.10.10#12345
Specify the destination port:
-p port # the default port is 53, but some name servers listen to another one.

Send query over TCP:
+tcp
the default is UDP
Specify the query class:
-c CLASS # default is IN
Specify the IP version:
-4 # IPv4
-6 # IPv6

Multiple queries

You can write them in a single command one after the other, like the following example, or use a batch file like described in the following section.

dig ittavern.com ittavern.com mx brrl.net

Using a batch file

Simply use batch files when you have a high number of requests. Every request should stand in a single line.

Using the -f flag to do so.

Sample file:

kuser@pleasejustwork: $ cat batch.txt 
ittavern.com a
ittavern.com mx
brrl.net a
You then can tell dig to use this file to send the queries:
dig -f batch.txt

You can use the usual options to shorten the output:

kuser@pleasejustwork: $ dig -f batch.txt +short
95.216.194.187
10 mxext2.mailbox.org.
10 mxext1.mailbox.org.
20 mxext3.mailbox.org.
94.130.76.189

Verbosity

As mentioned before, without additional options, dig provides you with a lot of information by default - more than nslookup or host.

To get less information, simply use +short:

kuser@pleasejustwork:~$ dig +short ittavern.com
95.216.194.187

To get even more information, use +trace:

kuser@pleasejustwork: $ dig +trace ittavern.com

; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> +trace ittavern.com
;; global options: +cmd
.                       40164   IN      NS      l.root-servers.net.
.                       40164   IN      NS      m.root-servers.net.
.                       40164   IN      NS      f.root-servers.net.
.                       40164   IN      NS      d.root-servers.net.
.                       40164   IN      NS      e.root-servers.net.
.                       40164   IN      NS      b.root-servers.net.
.                       40164   IN      NS      c.root-servers.net.
.                       40164   IN      NS      a.root-servers.net.
.                       40164   IN      NS      h.root-servers.net.
.                       40164   IN      NS      k.root-servers.net.
.                       40164   IN      NS      g.root-servers.net.
.                       40164   IN      NS      j.root-servers.net.
.                       40164   IN      NS      i.root-servers.net.
;; Received 239 bytes from 127.0.0.53#53(127.0.0.53) in 40 ms

;; communications error to 199.7.91.13#53: connection refused
;; communications error to 199.7.91.13#53: connection refused
;; communications error to 199.7.91.13#53: connection refused
;; communications error to 202.12.27.33#53: connection refused
;; communications error to 192.112.36.4#53: connection refused
[...]

It gives you more insight into the DNS process.

Conclusion

I hope this blog post will help you to get started with dig. It provides even more options to troubleshoot certain issues, but I'll tackle those topics in a separate post.



E-Mail hellofoo@ittafoovern.comcom
Twitter ITTavernCom
Fediverse ITTavern
Lemmy infosec.pub/c/ittavern

More reading: