The Linux dig command uses

Source: Internet
Author: User
Tags nets mx record

Dig Introduction:
Dig is a tool that queries DNS for information such as NS Records, A records, MX records, and so on in Unix-like command-line mode. Because it has been missing
Dig man page document, this article right when a Dig use the wizard.
Dig's source code is part of the ISC bind package, but most of the files that compile and install bind do not include it, but the Linux system
System, it is usually a part of a package, under Gentoo is Bind-tools, under Redhat/fedora is bind-utils, or in
Under Debian is dnsutils.
If you are looking for information about bind configuration, you should refer to my article: Bind for the mall LAN
Read the default output:
The simplest and most common query is to query a host, but by default, the output information for dig is verbose. You may not need all the output,
But it does deserve to know.


The following is a query with comments:
Above is the command line where I call dig.
; <<>> DiG 9.2.3 <<>>
;; Global Options:printcmd
The partial output of the dig tells us some information about its version 9.2.3 and the global Settings option if +nocmd on the command line
Is the first parameter, then this part of the output can be +nocmd by adding a query.
;; Got Answer:
;; ->>header<<-opcode:query, Status:noerror, id:43071
;; Flags:qr Rd RA; Query:1, Answer:1, Authority:3, Additional:3
Here, Dig tells us some technical information returned from DNS, this information can be used to control the display with the option +[no]comments, but careful
, it is also possible to turn off some other options by banning comments.
;; QUESTION section:
; In A
In this query section, dig shows the output of our query, the default query is to query a record, you can display or prohibit the use of these +[no]
Question Options
;; ANSWER section: In A
Finally, we get the results of our query.'s address is, I don't know why you prefer to filter it out.
These outputs, but you can keep these options with +[no]answer.
;; Authority section: 2351 in NS 2351 in NS 2351 in NS
This authoritative note tells us which DNS server provides authoritative answers to us. In this example, has 3 name servers, and you
This output can be preserved with the +[no]authority option.
;; ADDITIONAL section: 171551 in A 2351 in A 2351 in AAAA 2001:4f8:0:2::15
These additional options are representative of the IP addresses of the authoritative DNS listed, which can be reserved with the +[no]additional option.
;; Query time:2046 msec
;; server: (
;; When:fri 27 08:22:26 2004
;; MSG SIZE rcvd:173
The last section of the default output contains the statistics of the query, which can be reserved with +[no]stats.


What can we inquire about?
Dig allows you to effectively query DNS, the most commonly used queries are A records, TXT (text comments), MX records, NS records, or any combination of queries.

Find a record for (This must be a domain and not a host, as our company is
Dig A +noall +answer

To find a list of MX records:
Dig MX +noall +answer

To find the authoritative DNS for
Dig NS +noall +answer

Query all of the above records:
Dig any +noall +answer

In this case, you can also use the AAAA option to query the host's IPv6 AAAA record for this IPv4 and IPV6 mix:
Dig AAAA +short
If the domain you want to query allows forwarding, you can also query the relevant information, such as DNS records on the Internet life cycle, but now
In only a few DNS allow unrestricted forwarding.

How do we check? Get a streamlined answer?
When we need a quick answer, the +short option is your best friend:
Dig +short

Get an answer that's not very concise?
Streamlining answers is not the same as just one answer,

The way to get a detailed answer without additional information is to use the +noall option so that only the output you want is preserved.
Here is a thin query with only one answer, and finally contains all the configuration information, including TTL data, formatted BIND configuration information.
$ dig mx +short
$ dig +nocmd mx +noall +answer 3583 in MX 3583 in MX 3583 in MX

get a detailed answer?
Through its man page, you can get a lengthy multiline mode with a user-friendly annotated DSN SOA record through the +multiline option, in general,
The information obtained with the +multiline option can be displayed a lot, just like the bind configuration file.
$ dig +nocmd any +multiline +noall +answer 14267 in A 14267 in MX 5 14267 in MX 14267 in SOA (
200408230; Serial
14400; Refresh (4 hours)
900; Retry (minutes)
3600000; Expire (5 weeks 6 days hours)
14400; Minimum (4 hours)
) 14267 in NS 14267 in NS 14267 in NS

Find PTR records?
You can use the-X option to find the host name of an IP address.
$ dig-x +short
In this loop, the script has the flexibility to map the name in the given subnet.
For n in $ (seq 1 254); Do
Echo-e "${addr}\t$ (dig-x ${addr} +short)"

Query a different naming server?
The query commands are as follows:
Dig @ns1.
Use the record query inside the/etc/resolv.conf
The host will automatically query DNS records from the/etc/resolv.conf file
$ host www has address
However, by default, dig produces some unexpected output. If you want to query the local hostname instead of the full domain name, use the
+search Options
Dig www +search

handle most of the queries?
If you want to query a large number of host names, you can store them in a text file (one record line), using the dig with the-f parameter to
Second query.
# Querying a large number of host names
# The same, more explicit output
Dig-f/path/to/host-list.txt +noall +answer
But I have to tell you that the dig 9.2.3 and later versions do not support the use of the-f option to reverse the query.
Verifying DNS Mappings
Incorrect DNS configuration can cause you a lot of distress, and there are two ways to verify your DNS configuration:
1. Each hostname should be resolved to an IP address, and that IP address should also be directed back to that host name.
2. If an address on your subnet is directed to a hostname, the host name must also point to that IP.
For these two rules, there are some exceptions, such as the CNAME should first resolve to a different host name, and can only point to an IP
, sometimes multiple host names point to the same IP address, but that IP can have only one PTR record.
In summary, these help you check whether your DNS mappings work as you think.
You can also write a test script to write your known hostname, as shown below, and the content is simple; when it executes, when it snaps to a CNAME, it
will be interrupted if multiple host names point to the same IP address it will error. Let's say this file contains your hostname called named-hosts.

# test DNS Forward-and reverse-mapping
# edit this variable to reflect local class C subnet (s)
nets= "192.168.1 192.168.2"
# Test name to address to name validity
Echo-e "\tname, address and name"
Echo '----------------------------------'
while read H; Do
addr=$ (Dig $H +short)
If Test-n "$ADDR"; Then
host=$ (dig-x $ADDR +short)
if test "$H" = "$HOST"; Then
Echo-e $HOST, $ADDR, ok\t$h
Elif test-n "$HOST"; Then
Echo-e $HOST, $ADDR, fail\t$h
Echo-e "Fail\t$h $ADDR [Unassigned]"
Echo-e "fail\t$h [Unassigned]"
Done < named-hosts
# Test address to name to address validity
Echo-e "\taddress, name-and-Address"
Echo '-------------------------------------'
For NET in $NETS; Do
For n in $ (seq 1 254); Do
host=$ (dig-x $A +short)
If Test-n "$HOST"; Then
addr=$ (Dig $HOST +short)
if test "$A" = "$ADDR"; Then
Echo-e $ADDR, $HOST, ok\t$a
Elif test-n "$ADDR"; Then
Echo-e $ADDR, $HOST, fail\t$a
Echo-e "fail\t$a $HOST [Unassigned]"

Interesting dig.
Create your own Named.root file
Any DNS server connected to the Internet will certainly have a copy of the InterNIC named.root file that lists the root of all the Internet
DNS, if you are not afraid of trouble, you can often download it from the InterNIC FTP server, or you can use the dig command
Create your own funky Named.root
# Compare with Ftp://
Dig +nocmd. NS +noall +answer +additional
Your TTL value may be small here, but it's where you find the latest Named.root file!

Tracing the query path for dig
You may be a traceroute enthusiast and often like to see How to connect point B from point A. Then you can use the Dig +trace option to do something like
The matter.
Dig +trace
You can see the root DNS in the header section of the dig output, and then find the DNS that resolves all *.de, and finally find the domain name IP.

Get SOA Records
As a DNS administrator, I sometimes make some changes (to DNS configuration) and wonder if my DNS resolution is pushing or old data.
This +nssearch option provides clear statistics for your public servers.
# The Unvarnished truth
Dig +nssearch
# the same, displaying only serial number and hostname
Dig +nssearch | Cut-d '-f4,11

Interpreting TTL values
One of the reasons I love Google for many reasons is that it provides accurate links in my web logs, which makes it easy for me to point out
Which type of query leads people to access the pages of this site.
Unexpectedly, I've seen a lot of requests asking for a TTL value, and I never thought the TTL would be the most popular thing, but every day you
Are learning new things, so, in response to everyone's request, here a little bit about the TTL.
If you query the Internet address from local DNS, the server points out where to get the authoritative answer and get the address, once the server learns the answer, it
Save the answer in the local cache so that you can query the same address again later in the day, so that it will quickly get you from the cache
The answer is much faster than if you were to query the Internet again.
When domain administrators configure DNS records, they can determine how long this record can be stored in the cache, which is the TTL value (usually
Seconds to indicate).
Typically, the remote server typically stores only the TTL value for a recorded cache for a long time. After the time expires, the server refreshes its local cache and
Re-query an authoritative answer.
When you use dig to query a DNS server for a record, the server tells dig how long this record can remain in the cache.
For example, as written above, the TTL value of the MX record for the domain is that the administrator of the 300s, domain requires the remote server to slow
The MX record to save it cannot be higher than 5 minutes, so when you first query that record ('s MX record), Dig will tell you a 300
The TTL.
$ dig +nocmd MX +noall +answer in MX in MX ten
If you check back for a while, you'll find that the TTL value is reduced to 280 (20s in interval).
$ dig +nocmd MX +noall +answer 280 in MX 280 in MX
If your time is good enough, you will get the last surviving time of this record.
$ dig +nocmd MX +noall +answer 1 in MX ten 1 in MX
After that, the DNS server you are querying will "forget" the answer to the question, and the next time you query this record, the entire loop will start (
In this example, 300s).

The official source of this howto is

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.