Dig (command)

dig
Original author(s)	Steve Hotz, Michael Sawyer
Developer(s)	Internet Systems Consortium (originally Computer Systems Research Group)
Operating system	Linux, NetBSD, FreeBSD, OpenBSD, macOS, Windows, Solaris, illumos, OpenVMS
Type	DNS lookup tool
License	Mozilla Public License (ISC license before 9.11)
Website	https://www.isc.org/bind/

Last updated June 10, 2024

dig is a network administration command-line tool for querying the Domain Name System (DNS).

dig is useful for network troubleshooting and for educational purposes.^[2] It can operate based on command line option and flag arguments, or in batch mode by reading requests from an operating system file. When a specific name server is not specified in the command invocation, it uses the operating system's default resolver, usually configured in the file resolv.conf. Without any arguments it queries the DNS root zone.

dig supports Internationalized domain name (IDN) queries.

dig is a component of the domain name server software suite BIND. dig supersedes in functionality older tools, such as nslookup and the program host; however, the older tools are still used in complementary fashion.

Example usage

Basic

In this example, dig is used to query for any type of record information in the domain example.com:

$ dig example.com any; <<>> DiG 9.6.1 <<>> example.com any;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4016;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:;example.com.                   IN      ANY;; ANSWER SECTION:example.com.172719INNSa.iana-servers.net.example.com.172719INNSb.iana-servers.net.example.com.172719INA208.77.188.166example.com.172719INSOAdns1.icann.org.hostmaster.icann.org.200705170372003600120960086400;; Query time: 1 msec;; SERVER: ::1#53(::1);; WHEN: Wed Aug 12 11:40:43 2009;; MSG SIZE  rcvd: 154

The number 172719 in the above example is the time to live value, which indicates the time of validity of the data.

The any DNS query is a special meta query which is now deprecated. Since around 2019, most public DNS servers have stopped answering most DNS ANY queries usefully .

If ANY queries do not enumerate multiple records, the only option is to request each record type (e.g. A, CNAME, or MX) individually.

Specific DNS server

Queries may be directed to designated DNS servers for specific records; in this example, MX records:

$ dig wikimedia.org MX @ns0.wikimedia.org; <<>> DiG 9.11.3 <<>> wikimedia.org MX @ns0.wikimedia.org;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39041;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1;; WARNING: recursion requested but not available;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 1024; COOKIE: c9735311d2d2fa6e3b334ab01b67960d (good);; QUESTION SECTION:;wikimedia.org.                 IN      MX;; ANSWER SECTION:wikimedia.org.3600INMX10mx1001.wikimedia.org.wikimedia.org.3600INMX50mx2001.wikimedia.org.;; Query time: 1 msec;; SERVER: 208.80.154.238#53(208.80.154.238);; WHEN: Sat Sep 18 21:33:24 PDT 2021;; MSG SIZE  rcvd: 108

With output formatting

There are many output formatting options available. A common selection to make the output more terse is:

$ dig +noall +answer +multiline wikimedia.org MXwikimedia.org.3600INMX10mx1001.wikimedia.org.wikimedia.org.3600INMX50mx2001.wikimedia.org.

Where +noall +answer +multiline are simply output formatting flags.

History

dig was originally written by Steve Hotz and incorporated into BIND 4 since at least 1990;^[3] later it was rewritten by Michael Sawyer, and is maintained by the Internet Systems Consortium as part of BIND 9.

When originally written, the manual page for dig indicated that its name was an acronym for "Domain Information Groper".^[3] This expansion was removed in 2017; the tool's name is now simply "dig".

Related Research Articles

The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

{{|TLD|TLDN|Temporary Location Directory Number|Mobile Station Roaming Number|other uses|TLD }}

A name server is a computer application that implements a network service for providing responses to queries against a directory service. It translates an often humanly meaningful, text-based identifier to a system-internal, often numeric identification or addressing component. This service is performed by the server in response to a service protocol request.

In the Internet, a domain name is a string that identifies a realm of administrative autonomy, authority or control. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. Domain names are used in various networking contexts and for application-specific naming and addressing purposes. In general, a domain name identifies a network domain or an Internet Protocol (IP) resource, such as a personal computer used to access the Internet, or a server computer.

<span class="mw-page-title-main">Root name server</span> Name server for the DNS root zone

A root name server is a name server for the root zone of the Domain Name System (DNS) of the Internet. It directly answers requests for records in the root zone and answers other requests by returning a list of the authoritative name servers for the appropriate top-level domain (TLD). The root name servers are a critical part of the Internet infrastructure because they are the first step in resolving human-readable host names into IP addresses that are used in communication between Internet hosts.

The DNS root zone is the top-level DNS zone in the hierarchical namespace of the Domain Name System (DNS) of the Internet.

A wildcard DNS record is a record in a DNS zone that will match requests for non-existent domain names. A wildcard DNS record is specified by using a * as the leftmost label (part) of a domain name, e.g. *.example.com. The exact rules for when a wildcard will match are specified in RFC 1034, but the rules are neither intuitive nor clearly specified. This has resulted in incompatible implementations and unexpected results when they are used.

The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol provides cryptographic authentication of data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

nslookup is a network administration command-line tool for querying the Domain Name System (DNS) to obtain the mapping between domain name and IP address, or other DNS records.

A Canonical Name (CNAME) record is a type of resource record in the Domain Name System (DNS) that maps one domain name to another.

example.com Domain name reserved for documentation purposes and as an example of the use of domain names

The domain names example.com, example.net, example.org, and example.edu are second-level domain names in the Domain Name System of the Internet. They are reserved by the Internet Assigned Numbers Authority (IANA) at the direction of the Internet Engineering Task Force (IETF) as special-use domain names for documentation purposes. The domain names are used widely in books, tutorials, sample network configurations, and generally as examples for the use of domain names. The Internet Corporation for Assigned Names and Numbers (ICANN) operates web sites for these domains with content that reflects their purpose.

A DNS zone is a specific portion of the DNS namespace in the Domain Name System (DNS), which a specific organization or administrator manages. A DNS zone is an administrative space allowing more granular control of the DNS components, such as authoritative nameserver. The DNS is broken up into different zones, distinctly managed areas in the DNS namespace. DNS zones are not necessarily physically separated from one another; however, a DNS zone can contain multiple subdomains, and multiple zones can exist on the same server.

DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to any computer that the attacker chooses.

<span class="mw-page-title-main">Open Root Server Network</span>

Open Root Server Network (ORSN) was a network of Domain Name System root nameservers for the Internet. ORSN DNS root zone information was kept in synchronization with the "official" Domain Name System root nameservers coordinated by ICANN. The networks were 100% compatible, though ORSN was operated independently. The ORSN servers were primarily placed in Europe. ORSN is also used by public name servers, providing Domain Name System access freely for everyone, without any limitation until the project closed in May 2019. ORSN was primarily started to reduce the over-dependence of Internet users on the United States and Department of Commerce/IANA/ICANN/VeriSign, limit the control over the Internet that this gives, while ensuring that domain names remain unambiguous. It also helps avoid the technical possibility of global "Internet shutdown" by one party. They also expect their network to make domain name resolutions faster for everyone.

A Domain Name System (DNS) zone file is a text file that describes a DNS zone. A DNS zone is a subset, often a single domain, of the hierarchical domain name structure of the DNS. The zone file contains mappings between domain names and IP addresses and other resources, organized in the form of text representations of resource records (RR). A zone file may be either a DNS master file, authoritatively describing a zone, or it may be used to list the contents of a DNS cache.

This article presents a comparison of the features, platform support, and packaging of many independent implementations of Domain Name System (DNS) name server software.

WHOIS is a query and response protocol that is used for querying databases that store an Internet resource's registered users or assignees. These resources include domain names, IP address blocks and autonomous systems, but it is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format. The current iteration of the WHOIS protocol was drafted by the Internet Society, and is documented in RFC 3912.

DNS hijacking, DNS poisoning, or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards.

host is a simple utility for performing Domain Name System lookups.

A start of authority record is a type of resource record in the Domain Name System (DNS) containing administrative information about the zone, especially regarding zone transfers. The SOA record format is specified in RFC 1035.

References

↑ "LICENSE in Bind 9.11 branch". Archived from the original on 2021-08-22. Retrieved 2021-09-19.
↑ "Dig Command in Linux (DNS Lookup)". linuxize.com. 2020-02-26. Retrieved 2024-03-07.
1 2 "dig (4.4BSD of 1990)". man.freebsd.org. Retrieved 2024-05-17.

Bibliography

Paul Albitz and Cricket Liu. DNS and BIND, 5th Edition. Nutshell Series. O'Reilly and Associates, Inc., 2006.

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "LICENSE in Bind 9.11 branch". Archived from the original on 2021-08-22. Retrieved 2021-09-19.

[linuxize-2] "Dig Command in Linux (DNS Lookup)". linuxize.com. 2020-02-26. Retrieved 2024-03-07.

[hotz-3] 1 2 "dig (4.4BSD of 1990)". man.freebsd.org. Retrieved 2024-05-17.

[1]

[2]

[3]

v t e Unix command-line interface programs and shell builtins
File system	cat chattr chmod chown chgrp cksum cmp cp dd du df file fuser ln ls mkdir mv pax pwd rm rmdir split tee touch type umask
Processes	at bg crontab fg kill nice ps time
User environment	env exit logname mesg talk tput uname who write
Text processing	awk basename comm csplit cut diff dirname ed ex fold head iconv join m4 more nl paste patch printf read sed sort strings tail tr troff uniq vi wc xargs
Shell builtins	alias cd echo test unset wait
Searching	find grep
Documentation	man
Software development	ar ctags lex make nm strip yacc
Miscellaneous	bc cal expr lp od sleep true and false
Categories Standard Unix programs Unix SUS2008 utilities List