Linux dig Command with Practical Examples

Introduction

In this lab, you will learn how to use the powerful dig command to perform DNS (Domain Name System) queries and troubleshoot network issues. The dig command is a versatile network administration tool that allows you to obtain domain name to IP address mappings and other DNS records. You will start by understanding the purpose and basic syntax of the dig command, then explore how to perform basic DNS lookups and delve into advanced dig options for more detailed DNS information.

The lab covers the following key steps:

1. Understand the Purpose and Syntax of the dig Command: You will learn about the purpose of the dig command and its basic syntax, including the available options that can modify the behavior of the command.

2. Perform Basic DNS Lookups Using dig: You will practice using the dig command to perform simple DNS lookups, such as finding the IP address associated with a domain name.

3. Explore Advanced dig Options for Detailed DNS Information: You will discover how to leverage advanced dig options to obtain more detailed DNS information, such as following the chain of referrals or performing non-recursive queries.

Linux Commands Cheat Sheet

Skills Graph

Understand the Purpose and Syntax of the dig Command

In this step, you will learn about the purpose and basic syntax of the dig command, which is a powerful tool for performing DNS (Domain Name System) queries and troubleshooting network issues.

The dig command is a network administration tool that is used to query the Domain Name System (DNS) to obtain domain name to IP address mappings, and other DNS records. It is a versatile tool that can be used to diagnose DNS-related problems, as well as to perform advanced DNS queries.

Let's start by understanding the basic syntax of the dig command:

dig [options] [domain]

The basic structure of the dig command includes the following components:

• dig: The command name.
• [options]: Optional flags or parameters that modify the behavior of the dig command.
• [domain]: The domain name or IP address you want to look up.

Some common options for the dig command include:

• @server: Specifies the DNS server to use for the query.
• +trace: Performs a recursive query, following the chain of referrals to the ultimate destination.
• +norecurse: Performs a non-recursive query, only querying the specified server.
• +short: Displays a shortened version of the output.

Let's try a basic dig command to look up the IP address for the domain example.com:

dig example.com

Example output:

; <<>> DiG 9.16.1-Ubuntu <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57911
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;example.com.                    IN      A

;; ANSWER SECTION:
example.com.             185     IN      A       93.184.216.34

;; Query time: 14 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Apr 14 10:02:47 UTC 2023
;; MSG SIZE  rcvd: 59

This output shows the IP address (93.184.216.34) associated with the example.com domain.

In the next step, you will learn how to perform more advanced DNS queries using the dig command.

Perform Basic DNS Lookups Using dig

In this step, you will learn how to perform basic DNS lookups using the dig command.

Let's start by looking up the IP address for the domain google.com:

dig google.com

Example output:

; <<>> DiG 9.16.1-Ubuntu <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14703
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;google.com.                     IN      A

;; ANSWER SECTION:
google.com.              300     IN      A       142.250.179.78

;; Query time: 14 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Apr 14 10:10:12 UTC 2023
;; MSG SIZE  rcvd: 55

The output shows that the IP address for google.com is 142.250.179.78.

You can also perform a reverse DNS lookup to find the domain name associated with an IP address. Let's look up the domain name for the IP address 8.8.8.8:

dig -x 8.8.8.8

Example output:

; <<>> DiG 9.16.1-Ubuntu <<>> -x 8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4852
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;8.8.8.8.in-addr.arpa.           IN      PTR

;; ANSWER SECTION:
8.8.8.8.in-addr.arpa.    14400   IN      PTR     dns.google.

;; Query time: 14 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Apr 14 10:10:33 UTC 2023
;; MSG SIZE  rcvd: 73

The output shows that the domain name associated with the IP address 8.8.8.8 is dns.google..

In the next step, you will explore more advanced dig options to retrieve detailed DNS information.

Explore Advanced dig Options for Detailed DNS Information

In this step, you will learn how to use advanced dig options to retrieve more detailed DNS information.

Let's start by performing a DNS lookup with the +trace option, which will show the complete chain of DNS servers used to resolve the domain name:

dig +trace google.com

Example output:

; <<>> DiG 9.16.1-Ubuntu <<>> +trace google.com
;; global options: +cmd
.                       518400  IN      NS      a.root-servers.net.
.                       518400  IN      NS      b.root-servers.net.
...
google.com.             300     IN      A       142.250.179.78

The output shows the step-by-step process of resolving the google.com domain, starting from the root DNS servers and following the referrals to the final IP address.

You can also use the +norecurse option to perform a non-recursive DNS lookup, which will only query the specified DNS server without following any referrals:

dig +norecurse @8.8.8.8 google.com

Example output:

; <<>> DiG 9.16.1-Ubuntu <<>> +norecurse @8.8.8.8 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48840
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.                     IN      A

;; ANSWER SECTION:
google.com.              300     IN      A       142.250.179.78

;; Query time: 33 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Apr 14 10:19:14 UTC 2023
;; MSG SIZE  rcvd: 55

This command queries the Google DNS server (8.8.8.8) directly for the google.com domain, without following any referrals.

You can also use the +short option to get a more concise output:

dig +short google.com

Example output:

142.250.179.78

This will only display the final IP address, without the additional information.

In the next step, you will put all the knowledge you've learned about the dig command into practice.

Summary

In this lab, you learned about the purpose and basic syntax of the dig command, which is a powerful tool for performing DNS (Domain Name System) queries and troubleshooting network issues. You performed basic DNS lookups using dig to obtain domain name to IP address mappings and explored advanced dig options for obtaining detailed DNS information, such as using the @server option to specify the DNS server to use for the query, the +trace option to perform a recursive query, and the +short option to display a shortened version of the output.

Linux Commands Cheat Sheet