dig cheat sheet
This article has last been updated at .
This cheat sheet helps performing tasks related to , such as sending DNS queries, lookup hostnames, and perform basic troubleshooting tasks.
Basic usage
Options
Option | Intended action |
---|---|
-f FILE | Perform multiple requests from a file (FILE) |
-t | Specify record type |
-x | Reverse DNS lookup (from IP to hostname) |
-4 | Only use IPv4 |
-4 | Only use IPv6 |
Query options
Dig has specific query options, which start with a plus sign. They influence how output is presented. Query options usually also have a related query option, doing exactly the opposite. Depending on the query option, there is a default option. By having access to both, you can define the output that you like to see.
Query option | Opposite | Default option | Intended action |
---|---|---|---|
+all | +noall | +all | Set or clear the display flags, will influence output |
+short | +noshort | +noshort | Return only response or all information |
Basic request to look up a hostname
The most simple method of using dig
is just providing a hostname, such as a domain name or the , like ‘www.linux-audit.com
’.
# dig linux-audit.com
; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> linux-audit.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37404
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;linux-audit.com. IN A
;; ANSWER SECTION:
linux-audit.com. 2280 IN A 89.41.171.41
;; Query time: 0 msec
;; SERVER: 192.168.123.1#53(192.168.123.1) (UDP)
;; WHEN: Fri Dec 27 23:27:04 CET 2024
;; MSG SIZE rcvd: 60
Change command output
The output of dig is by default ’noisy’ and can be tuned. For example, provide +short to see just the output.
# dig +short linux-audit.com
89.41.171.41
Want to see a little bit more?
dig +noall +answer linux-audit.com
linux-audit.com. 4773 IN A 89.41.171.41
Note: order of the query options matter, especially when using ‘+noall’
Another interesting feature is displaying the output in the format.
# dig +yaml linux-audit.com
- type: MESSAGE
message:
type: RECURSIVE_RESPONSE
query_time: !!timestamp 2024-12-27T23:09:21.576Z
response_time: !!timestamp 2024-12-27T23:09:21.580Z
message_size: 60b
socket_family: INET
socket_protocol: UDP
response_address: "192.168.123.1"
response_port: 53
query_address: "0.0.0.0"
query_port: 0
response_message_data:
opcode: QUERY
status: NOERROR
id: 34226
flags: qr rd ra
QUESTION: 1
ANSWER: 1
AUTHORITY: 0
ADDITIONAL: 1
OPT_PSEUDOSECTION:
EDNS:
version: 0
flags:
udp: 1232
QUESTION_SECTION:
- 'linux-audit.com. IN A'
ANSWER_SECTION:
- 'linux-audit.com. 4949 IN A 89.41.171.41'
Define DNS record type
DNS uses different types of records to store information. Common record types include:
- A
- AAAA
- CNAME
- NS
- PTR
- SOA
- TXT
We can query a specific record type by defining it, like querying which name servers are responsible for the google.com domain.
dig +short NS google.com
ns2.google.com.
ns1.google.com.
ns3.google.com.
ns4.google.com.
An alternative method is using the -t option, which does the same.
Want to query multiple types?
dig +noall +answer MX google.com NS google.com
Define DNS server
For troubleshooting purposes it may be useful to use a different server than the one configured on your system. You can define which DNS resolver you want to use with the help of the @ sign.
# dig @8.8.8.8 +short linux-audit.com
89.41.171.41
The dig command allows performing a set of queries starting at the root servers. Normally DNS resolving happens via a DNS resolver and that is responsible for starting at the beginning of the chain (the root servers) and follow each step, and finally return the related response to your system. With +trace you can let dig perform these steps, to see the responses.
dig +trace google.com