What is 'dig'?
DIG is a comand line diagnostic tool for troubleshooting DNS.
Dig allows the user to get DNS
information directly from a DNS
server and perform all functions performed by a normal DNS server as per the
RFC's and the Draft Standard for DNS.
By default it sends an non-recursive or iterative
query, assuring you that you are checking only the DNS
server you are querying and not checking the servers it refers you to. To
the DNS server, the query looks like any other query sent by any other server.
To do a DIG, you need the DIG software, which comes with the BIND
DNS distribution. Linux
and Unix come with DIG. Windows and MacOS 9 or earlier do not.
When performing a DIG you need to know one of the following:
- Host name you are trying to look up
- The Domain a host belongs to (forward or reverse)
- Name or IP address of the authoritative
server
- Type of Resource
Record you need (A, MX, NS etc.)
If you need help tracking down the authoritative
DNS server, use the
WHOIS tool to check the WHOIS
registry, or use a DIG for the host or domain
in question and send a query
for NS resource record information to one of the root
servers.
OBTAINING DIG
You can get a copy of DIG from the Internet
Systems Consortium (ISC).
| Internet Systems Consortium, Inc. (ISC) is a nonprofit
public benefit corporation dedicated to supporting the infrastructure
of the universal connected self-organizing Internet—and the autonomy
of its participants—by developing and maintaining core production
quality software, protocols, and operations. -- http://www.isc.org/ |
DIG is part of the BIND software distribution produced by the ISC. ALL the
root name servers
run ISC's BIND. You can download the source from the ISC website.
USING DIG
You use dig from the command line. Below is the structure for the command,
the flags and options it supports.
dig [@server] [-b address] [-c
class] [-f filename] [-k filename]
[-p port#] [-t
type] [-x addr] [-y name:key] [-4] [-6] [name]
[type] [class] [queryopt...] |
Example: Lookup the name servers at the root NIC
dig @g.root-servers.net domain.com
ns
READING DIG RESULTS
| Example #1: Finding
an authoritative name server for a domain |
|
;; First,
check the root servers
[user@localhost]/home/user>
dig @f.root-servers.net. yahoo.com. ns
; <<>> DiG 8.3
<<>> @f.root-servers.net. yahoo.com. ns
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4034
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
;; QUERY SECTION:
;; yahoo.com, type = NS, class = IN
;; AUTHORITY SECTION:
com. 2D IN NS M.GTLD-SERVERS.NET.
com. 2D IN NS A.GTLD-SERVERS.NET.
com. 2D IN NS B.GTLD-SERVERS.NET.
com. 2D IN NS C.GTLD-SERVERS.NET.
com. 2D IN NS D.GTLD-SERVERS.NET.
com. 2D IN NS E.GTLD-SERVERS.NET.
com. 2D IN NS F.GTLD-SERVERS.NET.
com. 2D IN NS G.GTLD-SERVERS.NET.
com. 2D IN NS H.GTLD-SERVERS.NET.
com. 2D IN NS I.GTLD-SERVERS.NET.
com. 2D IN NS J.GTLD-SERVERS.NET.
com. 2D IN NS K.GTLD-SERVERS.NET.
com. 2D IN NS L.GTLD-SERVERS.NET.
;; ADDITIONAL SECTION:
A.GTLD-SERVERS.NET. 2D IN A 192.5.6.30
B.GTLD-SERVERS.NET. 2D IN A 192.33.14.30
C.GTLD-SERVERS.NET. 2D IN A 192.26.92.30
D.GTLD-SERVERS.NET. 2D IN A 192.31.80.30
E.GTLD-SERVERS.NET. 2D IN A 192.12.94.30
F.GTLD-SERVERS.NET. 2D IN A 192.35.51.30
G.GTLD-SERVERS.NET. 2D IN A 192.42.93.30
H.GTLD-SERVERS.NET. 2D IN A 192.54.112.30
I.GTLD-SERVERS.NET. 2D IN A 192.43.172.30
J.GTLD-SERVERS.NET. 2D IN A 192.48.79.30
K.GTLD-SERVERS.NET. 2D IN A 192.52.178.30
L.GTLD-SERVERS.NET. 2D IN A 192.41.162.30
M.GTLD-SERVERS.NET. 2D IN A 192.55.83.30
;; Total query time: 105 msec
;; FROM: localhost.saaridin.inetdaemon.com to SERVER: 192.5.5.241
;; WHEN: Mon Jun 14 02:11:19 2004
;; MSG SIZE sent: 27 rcvd: 459
;; Next, check the greater top level servers
[user@localhost]/home/user>
dig @a.gtld-servers.net yahoo.com ns
; <<>> DiG 8.3
<<>> @a.gtld-servers.net yahoo.com ns
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8822
;; flags: qr rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 5
;; QUERY SECTION:
;; yahoo.com, type = NS, class = IN
;; ANSWER SECTION:
yahoo.com. 2D IN NS ns1.yahoo.com.
yahoo.com. 2D IN NS ns2.yahoo.com.
yahoo.com. 2D IN NS ns3.yahoo.com.
yahoo.com. 2D IN NS ns4.yahoo.com.
yahoo.com. 2D IN NS ns5.yahoo.com.
;; ADDITIONAL SECTION:
ns1.yahoo.com. 2D IN A 66.218.71.63
ns2.yahoo.com. 2D IN A 66.163.169.170
ns3.yahoo.com. 2D IN A 217.12.4.104
ns4.yahoo.com. 2D IN A 63.250.206.138
ns5.yahoo.com. 2D IN A 216.109.116.17
;; Total query time: 32 msec
;; FROM: localhost.saaridin.inetdaemon.com to SERVER: 192.5.6.30
;; WHEN: Mon Jun 14 02:13:13 2004
;; MSG SIZE sent: 27 rcvd: 197 |
| EXAMPLE #2: Determining
authority for the zone |
| [user@localhost]/home/user>
dig @a.gtld-servers.net www.yahoo.com a
;
<<>> DiG 8.3 <<>> @a.gtld-servers.net www.yahoo.com
a
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1800
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 5
;; QUERY SECTION:
;; www.yahoo.com, type = A, class = IN
;; AUTHORITY SECTION:
yahoo.com. 2D IN NS ns1.yahoo.com.
yahoo.com. 2D IN NS ns2.yahoo.com.
yahoo.com. 2D IN NS ns3.yahoo.com.
yahoo.com. 2D IN NS ns4.yahoo.com.
yahoo.com. 2D IN NS ns5.yahoo.com.
;; ADDITIONAL SECTION:
ns1.yahoo.com. 2D IN A 66.218.71.63
ns2.yahoo.com. 2D IN A 66.163.169.170
ns3.yahoo.com. 2D IN A 217.12.4.104
ns4.yahoo.com. 2D IN A 63.250.206.138
ns5.yahoo.com. 2D IN A 216.109.116.17
;; Total query time: 28 msec
;; FROM: localhost.saaridin.inetdaemon.com to SERVER: 192.5.6.30
;; WHEN: Mon Jun 14 02:21:16 2004
;; MSG SIZE sent: 31 rcvd: 201 |
| EXAMPLE #3:
Finding the valid Mail Exchangers for a zone. |
[johnp@mudserv]/home/johnp> dig @ns1.yahoo.com yahoo.com mx
; <<>> DiG 8.3
<<>> @ns1.yahoo.com yahoo.com mx
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2771
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 5, ADDITIONAL: 19
;; QUERY SECTION:
;; yahoo.com, type = MX, class = IN
;; ANSWER SECTION:
yahoo.com. 2H IN MX 5 mx4.mail.yahoo.com.
yahoo.com. 2H IN MX 1 mx1.mail.yahoo.com.
yahoo.com. 2H IN MX 1 mx2.mail.yahoo.com.
yahoo.com. 2H IN MX 1 mx3.mail.yahoo.com.
;; Note that
mx1, mx2 and mx3 have the lowest weights and are
;; thus preferred. Their weight is equal and will be used
;; in a round-robin fashion. mx4
will only be used if mx1-mx3
;; are
unavailable.
;; AUTHORITY SECTION:
yahoo.com. 2D IN NS ns1.yahoo.com.
yahoo.com. 2D IN NS ns2.yahoo.com.
yahoo.com. 2D IN NS ns3.yahoo.com.
yahoo.com. 2D IN NS ns4.yahoo.com.
yahoo.com. 2D IN NS ns5.yahoo.com.
;; ADDITIONAL SECTION:
mx4.mail.yahoo.com. 30M IN A 216.136.129.5
mx4.mail.yahoo.com. 30M IN A 66.218.86.197
mx4.mail.yahoo.com. 30M IN A 66.218.86.199
mx4.mail.yahoo.com. 30M IN A 66.94.234.252
mx4.mail.yahoo.com. 30M IN A 206.190.36.244
mx1.mail.yahoo.com. 30M IN A 64.157.4.78
mx1.mail.yahoo.com. 30M IN A 64.156.215.19
mx1.mail.yahoo.com. 30M IN A 64.156.215.20
mx2.mail.yahoo.com. 30M IN A 64.156.215.8
mx2.mail.yahoo.com. 30M IN A 64.156.215.18
mx2.mail.yahoo.com. 30M IN A 67.28.113.10
mx2.mail.yahoo.com. 30M IN A 67.28.113.11
mx3.mail.yahoo.com. 30M IN A 64.156.215.5
mx3.mail.yahoo.com. 30M IN A 64.156.215.6
mx3.mail.yahoo.com. 30M IN A 64.156.215.7
mx3.mail.yahoo.com. 30M IN A 67.28.114.35
mx3.mail.yahoo.com. 30M IN A 67.28.114.36
ns1.yahoo.com. 2D IN A 66.218.71.63
ns2.yahoo.com. 2D IN A 66.163.169.170
;; Note that
there are multiple IP addresses for each
;; mail exchanger, thus helping to distribute the load
;; Total query time: 112 msec
;; FROM: mudserv.saaridin.inetdaemon.com to SERVER: 66.218.71.63
;; WHEN: Mon Jun 14 03:12:52 2004
;; MSG SIZE sent: 27 rcvd: 506 |
Web Based Dig Sites
TOOLS | Ping | Traceroute | nslookup | dig
Bookmark this page and SHARE: