Dig command Details (reprint)-Aquan's study

Source: Internet
Author: User
Tags domain name server dnssec nslookup

Under UNIX and Linux, it is recommended that you use the dig command instead of Nslookup. The function of the dig command is much more powerful than the nslookup, unlike Nslookkup, which has to set to set to go, blame trouble.

Here are some of the more commonly used commands for dig:

# The most basic usage of dig
Dig @server qianlong.com
# View Zone data transfer with dig
Dig @server qianlong.com AXFR
# View incremental transfer of zone data with dig
Dig @server qianlong.com Ixfr=n
# View reverse resolution with dig
Dig-x @server
# Find an authoritative DNS server for a domain
Dig qianlong.com +nssearch
# Start tracking the parsing process of a domain name from the root server
Dig qianlong.com +trace
# See which F root DNS server you are using
Dig +norec @f.root-servers.net HOSTNAME. BIND CHAOS TXT
# View the version number of BIND
Dig @bind_dns_server CHAOS TXT version.bind

You can go to www.isc.org to download a version of BIND for Windows installation, you can use the Dig command on Windows after installation. ^O^


DNS Query Utility.


Dig [@server] [-B address] [-C class] [-f filename] [-k filename] [-n][-p port#] [-t type] [-X addr] [-y name:key] [name ] [Type] [class] [queryopt ...]
Dig [-h]
Dig [global-queryopt ...] [Query ...]


The dig (Domain Information Finder) command is a flexible tool for asking DNS domain name servers. He performs a DNS search that displays replies returned from the requested domain name server. Most DNS administrators use dig as a troubleshooting for DNS problems because of his flexibility, ease of use, and clear output. Although dig typically uses command-line arguments, he is also able to read a search request from a document in batch mode. Unlike earlier versions, the BIND9 implementation of dig allows multiple queries to be emitted from the command line. Unless instructed to request a specific domain name server, dig will attempt to/etc/resolv.conf any of the servers listed in the. When no command-line arguments or options are specified, the dig will be "." (root) executes the NS query.


-B address configures the source IP address to be queried. This must be a valid address on the host network interface.
The-C class default query class (in for Internet) is reset by option-C. Class can be any legal class, such as the HS class that queries Hesiod records or the CH class that queries Chaosnet records.
-f filename causes dig to run in batch mode and is processed by reading a series of search requests from the document filename. The document contains many queries, one per line. Each item in the document should be organized in the same way as the dig query using the command-line interface.
-H when the option-H is used, a brief summary of command-line arguments and options is displayed.
-k filename to sign the DNS query sent by dig along with the response to them using transaction signing (TSIG), specify the TSIG key document with option-K.
-N By default, use IP6. ARPA domain and RFC2874-defined binary designator search IPV6 address. To use an earlier RFC1886 method that uses the Ip6.int domain and nibble tags, specify option-N (Nibble).
-P port# If you need to query a non-standard port number, use the option-P. port# is the port number that dig will send its query to, not the standard DNS port number 53. This option can be used to test a domain name server that has been configured on a non-standard port number to listen for queries.
-T type the configuration query type is. can be any valid query type supported by BIND9. The default query type is a, unless the-X option is provided to indicate a reverse query. You can request a zone transfer by specifying the type of AXFR. When an incremental zone transfer (IXFR) is required, the type is configured as Ixfr=n. An incremental zone transfer will contain changes to the zone since the sequence number in the SOA record of the zone has been changed to N.
The-X addr reverse query (mapping addresses to names) can be simplified with the-x option. Addr is a IPv4 address or a colon-bounded IPv6 address that is bounded by a decimal point. When you use this option, you do not need to provide the name, class, and type parameters. Dig automatically runs a domain name query similar to and configures the query type and class for PTR and in respectively.
-Y Name:key You can specify the TSIG key by using the-y option on the command line; name is the TSIG password, and key is the actual password. The password is a 64-bit cryptographic string, usually generated by Dnssec-keygen (8). Caution should be exercised when using option-Y on multi-user systems because the password may be visible in the output of PS (1) or in the history document of the shell. When using both dig and TSCG authentication, the queried name server needs to know the password and decoding rules. In BIND, the implementation is implemented by providing the correct password and the server declaration in named.conf.


Global-queryopt ... Global query options (see multiple queries).
Query query options (see query Options).
Query options
Dig provides a query option number that affects the search method and results display. Some in the query request header configuration or reset flag bit, part of the decision to display which reply information, other determine timeout and retry strategy. Each query option is identified by a keyword with a prefix (+). Some keywords to configure or reset an option. The usual prefix is the string no that is the meaning of the Negation keyword. Other keywords assign values for each option, such as the time-out interval. Their format is shaped like +keyword=value. The query options are:
Use [Do not use] TCP when querying a domain name server. The default behavior is to use UDP, except for AXFR or IXFR requests, to use a TCP connection.
Use [Do not use] TCP when querying the name server. +[NO]TCP's alternate syntax provides backward compatibility. VC stands for Virtual circuit.
Ignore the interrupt of the UDP response, not retry with TCP. TCP retries are run by default.
Setting a search list that contains a single domain somename appears to be specified by the domain pseudo-directive in/etc/resolv.conf, and the Search list processing is enabled, as if the +search option is given.
A search list that is defined using the [do not use] search list or domain pseudo-directives in resolv.conf (if any). The search list is not used by default.
Not recommended as a synonym for +[no]search.
This option does nothing. He is used to provide compatibility with older versions of Dig that are configured to not implement parser flags.
Configure the [Do not configure] AD (real data) bit in the query. The AD bit now has standard meaning only in the response, but not in the query, but for completeness it is possible to configure this performance in the query.
Configure the [Do not configure] CD (check disabled) bit in the query. He requests that the server not run the DNSSEC legitimacy of the response information.
The RD (requires recursive) bit configuration in the transformation query. This bit is configured by default, which means that dig normally sends a recursive query. Recursion is automatically disabled when you use the query option +nssearch or +trace.
When this option is configured, Dig attempts to locate the authoritative domain name server that contains the network segment for which the name is to be searched and displays the SOA record for each domain name server in the network segment.
Convert the proxy path trace to the name that you want to query from the root name server. Tracing is not used by default. Once tracing is enabled, Dig uses an iterative query to resolve the name to be queried. He will display a response from each server that uses the resolve query, as referenced from the root server.
Sets the initial comment in the output that indicates the dig version and the query options used. Comments are displayed by default.
Provide a brief response. The default value is to display the reply information in a verbose format.
When the +short option is enabled, the IP address and port number provided to the answer are displayed [or not displayed]. If a short format answer is requested, the source address and port number of the server supplied to the answer are not displayed by default.
The comment lines in the transformation output are displayed. The default value is to display a comment.
This query option sets the display statistics: When the query is made, the size of the answer, and so on. The query statistics are displayed by default.
Displays the query request that was sent [not displayed]. The default is not displayed.
When the answer is returned, the problem portion of the query request is displayed. The problem section is displayed by default as a comment.
Displays the answer part of the [Do not show] answer. Displayed by default.
Displays the permission portion of the [do not show] answer. Displayed by default.
Displays an additional part of the [Do not show] answer. Displayed by default.
Configures or clears any display flags.
Configure the time-out for the query to T seconds. The default is 5 seconds. If T is configured to a number less than 1, the query time-out is 1 seconds.
Configure the retry attempts to send a UDP query request to the server to a, instead of the default 3 times. If A is less than or equal to 0, then 1 is used as the retry count.
For full consideration, the configuration must appear in the number of points in name D. The default value is defined using the Ndots statement in/etc/resolv.conf, or 1, if there is no ndots statement. Names with fewer points are interpreted as relative names and searched by Domain pseudo-directives in the field or document/etc/resolv.conf in the search list.
Configure the UDP message buffer size to be B bytes using EDNS0. The maximum and minimum values for the buffers are 65535 and 0, respectively. Values beyond this range are automatically rounded to the nearest valid value.
Displays similar SOA-like records in a well-detailed, multi-line format with readable annotations. The default value is to display a record on each individual line so that the computer resolves the output of the dig.
More than one query
Dig's BIND9 supports specifying multiple queries on the command line (additional features that support the-F Batch document option). Each query can use its own flag bits, options, and query options.
In this case, in the command-line syntax described above, each query argument represents an individual query. Each one is made up of any standard options and flags, the name to be queried, the optional query type, and the class, along with any query options that apply to the query.
You can also use the Global collection of query options that are valid for any query. The global query option must precede the tuple of the first name, class, type, option, flag, and query options on the command line. Any global query option (except for the +[NO]CMD option) can be reset by the following query special option. For example:
Dig +qr www.isc.org any-x isc.org ns +NOQR show dig How to do three queries from the command line: an arbitrary query for www.isc.org, a reverse query, along with an I NS record query for sc.org. The +QR Global query option is applied so that dig displays the initial query for each query. The last query has a local query option of +NOQR, which indicates that dig does not display the initial query when searching for NS records for isc.org.


A typical dig call is similar to:
Dig @server name type where:
Name or IP address of the name server you want to query. Can be a dot-delimited IPv4 address or a colon-delimited IPv6 address. When the server parameter is provided by the host, dig resolves that name before querying the nameserver. If no server parameters are available, dig refer to/etc/resolv.conf, and then query the name servers listed there. Displays an answer from the domain name server.
The name of the resource record that will be queried.
Displays the type of query you want-any, A, MX, SIG, and any valid query type. If no type parameter is supplied, dig will execute a query against record A.

Dig command Details (reprint)-Aquan's study

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.