Linux command dig command to dig out DNS secrets

Source: Internet
Author: User
Tags nslookup nslookup command to domain

===

"First Meeting"

I believe that the use of Nslookup students must be more than the use of dig students, so it is necessary to take some time to introduce you to dig.

Dig, and Nslookup functions are similar, are DNS query tools.

Dig, in fact, is an abbreviation, that is, domain information Groper.

Some professional DNS administrators in the tracing of DNS issues, are happy to use the dig command, is a fancy dig set flexible, output clear, powerful features.

"The simplest dig usage"

The simplest dig usage is, of course, the direct input dig press ENTER.

?
123456 $ dig; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2 <<>> //Dig命令的版本信息;; global options: +cmd;; Got answer:;; ->>HEADER<

From the above output, you must have observed that when you use the dig command directly without any parameters and options, dig queries the default up-to-connect DNS server. NS record (root domain).

"Dig Add a Point"

Just enter dig directly, this time we add a "." To see what the difference between the results and just now:

?
123456 $ dig.; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2 <<>> .;; global options: +cmd;; Got answer:;; ->>HEADER<

"I want to use Google-dns to check baidu.com's a record."

?
1234567 $ dig@8.8.8.8 www.baidu.com A //命令格式为dig @dnsserver name querytype; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2 <<>> @8.8.8.8 www.baidu.com A; (1 server found);; global options: +cmd;; Got answer:;; ->>HEADER<

From this example, everyone learns that the basic command format for dig is:

?
1 dig@dnsserver name querytype

If you set the DNSServer to be a domain name, then dig will first query the corresponding IP address through the default up-to-connect DNS server, and then set the DNSServer as the upper-connection DNS server.
If you do not set @dnsserver, then dig will use the address in/etc/resolv.conf in turn as the upper-connection DNS server.
And for QueryType, if you read my last on the nslookup command, then you should have a knowledge of querytype, you can set the A/aaaa/ptr/mx/any equivalent, the default is to query a record.

"Some common options"

The 1-c option allows you to set the protocol type (class), including in (default), CH, and HS.

2-f option , dig support to read content from a file for batch queries, this is very thoughtful and convenient. The content of the file requires one row for a query request. Let's take a practical example:

?
1234567891011 $ cat Querylist // file contents, total two domain names need to be queried www.baidu.com www.sohu.com $ dig -f querylist-c in-t A // set-F parameter Start bulk query   << >> DiG 9.8.2rc1-redhat-9.8.2-0.10.rc1.el6_3.2 <<>> www.baidu.com ; Global options: +cmd ; Got Answer: ->>header<> DiG 9.8.2rc1-redhat-9.8.2-0.10.rc1.el6_3.2 <<>> www.sohu.com ; Got Answer:

3-4 and 62 options for setting only which one is used as the query Packet transport protocol, corresponding to IPV4 and IPV6 respectively.

The 4-t option , which is used to set the query type, is a by default, or can be set to a type such as MX, for example:

?
123456 $ digroclinux.cn -t MX; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2 <<>> roclinux.cn -t MX;; global options: +cmd;; Got answer:;; ->>HEADER<

The 5-q option , in fact, is a redundant option in itself, but it is also useful in complex dig commands. The-Q option allows you to explicitly set the domain name you want to query, which avoids confusion with many other parameters and options, improving the readability of the command, for example:

?
123456 $ dig-q www.roclinux.cn; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2 <<>> -q www.roclinux.cn;; global options: +cmd;; Got answer:;; ->>HEADER<

The 6-x option is the reverse query option. You can query the mapping of IP addresses to domain names. To give an example:

?
123456 $ dig-x 193.0.14.129; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2 <<>> -x 193.0.14.129;; global options: +cmd;; Got answer:;; ->>HEADER<

"Dig-specific query option"

Unlike just the options, dig also has a number of so-called "query Options", the use of this batch of options will affect the Dig query mode or output results information, so for this batch of options, dig requires explicit in front of the unified plus a "+" (plus), so that dig recognition will be more convenient, Commands are also more readable.
Dig a total of 42 query options, involving all aspects of DNS information, so many query options, this article will not be one by one to repeat, will only pick out the most commonly used in several key explanations.

"TCP instead of UDP"

It is well known that the interaction in the DNS query process is UDP-based. If you want to use TCP, you need this:

?
123456 $ dig+tcp www.baidu.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2 <<>> +tcp www.baidu.com;; global options: +cmd;; Got answer:;; ->>HEADER<

"Append Domain by default"

If you look directly at the example, you should be able to understand the concept of "Default Domain", and you can understand the role of +domain=somedomain:

?
123456 dig+domain=baidu.com image; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2 <<>> +domain=baidu.com image;; global options: +cmd;; Got answer:;; ->>HEADER<

"Tracking dig whole process"

Dig is a very famous query option is +trace, when using this query option, dig will be tracking from the root domain until the query to the final result, and the entire process information output.

?
1234567891011121314151617181920212223242526272829303132333435 $ dig +trace roclinux.cn ; <<>> DiG 9.2.4 <<>> +trace roclinux.cn ;; global options:  printcmd.                       335937  IN      NS      l.root-servers.net..                       335937  IN      NS      b.root-servers.net..                       335937  IN      NS      d.root-servers.net..                       335937  IN      NS      k.root-servers.net..                       335937  IN      NS      h.root-servers.net..                       335937  IN      NS      j.root-servers.net..                       335937  IN      NS      a.root-servers.net..                       335937  IN      NS      e.root-servers.net..                       335937  IN      NS      c.root-servers.net..                       335937  IN      NS      m.root-servers.net..                       335937  IN      NS      g.root-servers.net..                       335937  IN      NS      i.root-servers.net..                       335937  IN      NS      f.root-servers.net.;; Received 400 bytes from 10.23.0.231#53(10.23.0.231) in 0 ms //从本地DNS查找到根域DNS列表 cn.                     172800  IN      NS      c.dns.cn.cn.                     172800  IN      NS      a.dns.cn.cn.                     172800  IN      NS      b.dns.cn.cn.                     172800  IN      NS      e.dns.cn.cn.                     172800  IN      NS      ns.cernet.net.cn.                     172800  IN      NS      d.dns.cn.;; Received 292 bytes from 192.228.79.201#53(b.root-servers.net) in 460 ms //选择了b.root-servers.net这台根域DNS来查找cn.域DNS列表 roclinux.cn.            21600   IN      NS      ns11.edong.com.roclinux.cn.            21600   IN      NS      ns12.edong.com.;; Received 76 bytes from 203.119.27.1#53(c.dns.cn) in 0 ms //选择了c.dns.cn这台cn.域DNS服务器来查找roclinux.cn的DNS列表roclinux.cn.            3600    IN      A       116.255.245.206roclinux.cn.            3600    IN      NS      ns12.edong.com.roclinux.cn.            3600    IN      NS      ns11.edong.com.;; Received 124 bytes from 61.147.124.145#53(ns11.edong.com) in 104 ms //最终查找到A记录

"Thin dig Output"

1 If you use +nocmd, you can save output dig version information.

2 with +short, only the most streamlined CNAME information and a record will be exported, and none of the others will be output. Just like this:

?
1234 $ dig+short www.baidu.comwww.a.shifen.com.119.75.218.77119.75.217.56

3 using +nocomment, you can save the details of the output dig annotation information.

4 If you use +nostat, the final statistic will not be output. When +nocmd, +nocomment and +nostat are used, this is the case:

?
12345 $ Dig +nocmd +nocomment +nostat www.baidu.com ; www.baidu.com.                 in      A www.baidu.com.           260     in      cname   Www.a.shifen.com. www.a.shifen.com.       244     in       a       119.75.217.56 www.a.shifen.com.       244     in       a       119.75.218.77

Linux command dig command to dig out DNS secrets

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.