dig command FAQ: Can you share some dig command examples?
I was just trying to help a friend troubleshoot some email server problems at his company, and had to use the Linux dig command a lot to try to determine what was wrong. In the end it turned out that his company bought a block of IP addresses that were blacklisted, but in the middle I had some fun trying to remember how to use the dig command again.
A basic dig command - dig a domain name
In the most basic of dig commands, you have a domain name like www.devdaily.com, and you want to find information about it, so you issue the following dig command:
$ dig devdaily.com
and get the following results:
; <<>> DiG 9.6.0-APPLE-P2 <<>> www.devdaily.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28092 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.devdaily.com. IN A ;; ANSWER SECTION: www.devdaily.com. 2108 IN CNAME devdaily.com. devdaily.com. 2108 IN A 97.74.197.162 ;; Query time: 33 msec ;; SERVER: 209.165.131.12#53(209.165.131.12) ;; WHEN: Tue Nov 9 09:39:09 2010 ;; MSG SIZE rcvd: 64
Perhaps the most interesting thing there is the TCP/IP address associated with the domain name. The output for this command is a little more interesting if you dig something like www.google.com:
; <<>> DiG 9.6.0-APPLE-P2 <<>> www.google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38446 ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 4124 IN CNAME www.l.google.com. www.l.google.com. 229 IN A 72.14.213.106 www.l.google.com. 229 IN A 72.14.213.147 www.l.google.com. 229 IN A 72.14.213.99 www.l.google.com. 229 IN A 72.14.213.103 www.l.google.com. 229 IN A 72.14.213.104 www.l.google.com. 229 IN A 72.14.213.105 ;; Query time: 17 msec ;; SERVER: 209.165.131.12#53(209.165.131.12) ;; WHEN: Tue Nov 9 09:40:36 2010 ;; MSG SIZE rcvd: 148
Dig command example - dig a TCP/IP address
What I actually had to do for my friend was just the opposite. Because it seemed like this emails were being treated as spam, I was trying to look up his IP address with dig to see what his PTR record looked like. To protect his privacy, if I keep using my own domain, a basic dig command on a TCP/IP address gives me some information:
$ dig 97.74.197.162 ; <<>> DiG 9.6.0-APPLE-P2 <<>> 97.74.197.162 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63541 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;97.74.197.162. IN A ;; ANSWER SECTION: 97.74.197.162. 86400 IN A 97.74.197.162 ;; Query time: 262 msec ;; SERVER: 209.165.131.12#53(209.165.131.12) ;; WHEN: Tue Nov 9 09:44:22 2010 ;; MSG SIZE rcvd: 60
but as you can see, I don't get a PTR record in this dig output. The short answer is that if you want a PTR record with dig, you need to use something like the -x option, like this:
$ dig -x 97.74.197.162 ; <<>> DiG 9.6.0-APPLE-P2 <<>> -x 97.74.197.162 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20925 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;162.197.74.97.in-addr.arpa. IN PTR ;; ANSWER SECTION: 162.197.74.97.in-addr.arpa. 1457 IN PTR ip-97-74-197-162.ip.secureserver.net. ;; Query time: 225 msec ;; SERVER: 209.165.131.12#53(209.165.131.12) ;; WHEN: Tue Nov 9 09:47:07 2010 ;; MSG SIZE rcvd: 94
As you can see, this does indeed return a PTR record.
How to get the IP address(es) for a domain name
An easy way to get the IP address(es) corresponding to a domain name is to add the "+short" option to your dig command. As the name implies, this gives you the dig short output, and if you don't specify any other command line options, that output is the IP address. Here's what it looks like for devdaily.com:
$ dig devdaily.com +short 97.74.197.162
And here's what it looks like for Google:
$ dig google.com +short 72.14.213.147 72.14.213.99 72.14.213.103 72.14.213.104 72.14.213.105 72.14.213.106
dig example commands - dig MX record
Another common dig command need is to find an "MX record" for a domain name. This is easily done with the "dig mx" command, like this:
$ dig mx devdaily.com
A command like this produces output like this, which as you can see, includes dig MX record information:
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25885 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;devdaily.com. IN MX ;; ANSWER SECTION: devdaily.com. 3600 IN MX 10 mailstore1.secureserver.net. devdaily.com. 3600 IN MX 0 smtp.secureserver.net. Or, if you prefer, just show the short dig MX output, which is a little bit easier to digest:
$ dig devdaily.com mx +short 10 mailstore1.secureserver.net. 0 smtp.secureserver.net.
Show the nameservers for a domain
Here's how to query for a list of nameservers for a given domain, again using the 'short' option to keep the output down:
$ dig devdaily.com ns +short ns44.domaincontrol.com. ns43.domaincontrol.com.
Query specific nameservers with dig
Now that you know the nameservers for that domain, you can query them directly, like this:
$ dig @ns44.domaincontrol.com devdaily.com any ; (1 server found) ;; QUESTION SECTION: ;devdaily.com. IN ANY ;; ANSWER SECTION: devdaily.com. 86400 IN SOA ns43.domaincontrol.com. dns.jomax.net. 2008011200 28800 7200 604800 86400 devdaily.com. 3600 IN MX 0 smtp.secureserver.net. devdaily.com. 3600 IN A 97.74.197.162 devdaily.com. 3600 IN NS ns43.domaincontrol.com. devdaily.com. 3600 IN NS ns44.domaincontrol.com. devdaily.com. 3600 IN MX 10 mailstore1.secureserver.net.
Or, if you prefer the shorter version of the output:
$ dig @ns44.domaincontrol.com devdaily.com any +short ns43.domaincontrol.com. dns.jomax.net. 2008011200 28800 7200 604800 86400 0 smtp.secureserver.net. 97.74.197.162 ns43.domaincontrol.com. ns44.domaincontrol.com. 10 mailstore1.secureserver.net.
dig traceroute information
If you like the traceroute command, you can do something similar with dig to follow DNS nameservers, like this, using the '+short' option to keep the output manageable:
$ dig devdaily.com +trace +short NS m.root-servers.net. from server 209.165.131.12 in 15 ms. NS k.root-servers.net. from server 209.165.131.12 in 15 ms. NS g.root-servers.net. from server 209.165.131.12 in 15 ms. NS f.root-servers.net. from server 209.165.131.12 in 15 ms. NS b.root-servers.net. from server 209.165.131.12 in 15 ms. NS a.root-servers.net. from server 209.165.131.12 in 15 ms. NS e.root-servers.net. from server 209.165.131.12 in 15 ms. NS c.root-servers.net. from server 209.165.131.12 in 15 ms. NS j.root-servers.net. from server 209.165.131.12 in 15 ms. NS d.root-servers.net. from server 209.165.131.12 in 15 ms. NS h.root-servers.net. from server 209.165.131.12 in 15 ms. NS l.root-servers.net. from server 209.165.131.12 in 15 ms. NS i.root-servers.net. from server 209.165.131.12 in 15 ms. A 97.74.197.162 from server ns44.domaincontrol.com in 108 ms.
More dig commands and examples
That's all the dig commands/examples I have for today, but I'll be glad to share more dig commands and examples as I need them. Or, refer to this excellent dig resource at madboa.com.
books by alvin
 |
 |
 |
 |
