12 dig Command Examples for DNS

dig can we very useful in finding out DNS related issues.

To install dig for Window/ Linux/ MacOSX click here.

  1. A basic dig command – dig a domain nameIn the most basic of dig commands, you have a domain name like www.microsoft.com, and you want to find information about it, so you issue the following dig command:

    and get the following results:

    The dig command output has the following sections:

    Header: This displays the dig command version number, the global options used by the dig command, and few additional header information.

    QUESTION SECTION: This displays the question it asked the DNS. i.e This is your input. Since we said ‘dig microsoft.com’, and the default type dig command uses is A record, it indicates in this section that we asked for the A record of the microsoft.com website

    ANSWER SECTION: This displays the answer it receives from the DNS. i.e This is your output. This displays the A record of microsoft.com

    AUTHORITY SECTION: This displays the DNS name server that has the authority to respond to this query. Basically this displays available name servers of microsoft.com

    ADDITIONAL SECTION: This displays the ip address of the name servers listed in the AUTHORITY SECTION.

    Stats section at the bottom displays few dig command statistics including how much time it took to execute this query

  2. Display only the ANSWER Section of the dig command output
    For most part, all you need to look at is the “ANSWER SECTION” of the dig command. So, we can turn off all other sections as shown below.+nocomments – Turn off the comment lines
    +noauthority – Turn off the authority section
    +noadditional – Turn off the additional section
    +nostats – Turn off the stats section
    +noanswer – Turn off the answer section (Of course, you wouldn’t want to turn off the answer section)
    The following dig command displays only the ANSWER SECTION.

    Instead of disabling all the sections that we don’t want one by one, we can disable all sections using +noall (this turns off answer section also), and add the +answer which will show only the answer section.

    The above command can also be written in a short form as shown below, which displays only the ANSWER SECTION.

  3. dig a TCP/IP address I was trying to find the PTR record for the following IP address:

    but as you can see, I don’t get a PTR record in this dig output. To perform a DNS reverse look up using the ip-address you need to use something like the -x option, like this:

    As you can see, this does indeed return a PTR record.

  4. How to get IP address(es) for a domain:
    An easy way to get the IP address(es) corresponding to a domain name is to add the “+short” option to your dig command. As the name implies, this gives you the dig short output, and if you don’t specify any other command line options, that output is the IP address. Here’s what it looks like for microsoft.com :

  5. Get MX record for a domain:
    Another common dig command need is to find an “MX record” for a domain name. This is easily done with the “dig mx” command, like this:

    or

    Output:

    You can also use option -t to pass the query type (for example: MX) as shown below.

  6. Show the nameservers for your domain
    Here’s how to query for a list of nameservers for a given domain, again using the ‘short’ option to keep the output down:

    You can also use option -t to pass the query type (for example: NS) as shown below.

  7. Query specific nameservers with dig

    Or, if you prefer the shorter version of the output:

  8. View ALL DNS records types using dig -t ANY
    To view all the record types (A, MX, NS, etc.), use ANY as the record type as shown below.

    (or) Use -t ANY

  9. Traceroute Information
    If you like the traceroute command, you can do something similar with dig to follow DNS nameservers, like this, using the ‘+short’ option to keep the output manageable:

  10. Query multiple sites from dig command line:

  11. Specify Port Number
    By default the dig command queries port 53 which is the standard DNS port, however we can optionally specify an alternate port if required. This may be useful if an external name server is configured to use a non standard port for some reason. We specify the port to query with the -p option, followed by the port number. In the below example we perform a DNS query to port 5300.

    Note that the external name server must actually be listening for traffic on this port specified, and its firewall will also need to allow the traffic through otherwise the lookup will fail. In this example the connection times out, as 8.8.8.8 is not configured to listen on the random port 5300 that I selected for this example.

  12.  User IPv4 or IPv6
    By default our dig queries are running over the IPv4 network, we can specify if we want to use the IPv4 transport with the -4 option, or alternatively we can specify to use the IPv6 transport with the -6 option.

    Short version:

    Hope this was able to explain how do use dig, or at least get you started. Do you ‘dig’ it ?