Just a quick post on how to use the dig
command. Had to troubleshooting some DNS issues today and nslookup
just wasn’t cutting it so I downloaded BIND for Windows and ran dig
from there. (For anyone else that’s interested – if you download BIND (it’s a zip file), extract the contents, and copy dig.exe
and all the .dll
files elsewhere that’s all you need to run dig
).
Here’s the simple way of running dig
:
1 |
dig @server name type |
A bit confusing when you come from nslookup
where you type the name server first and then the name and type. Here’s the nslookup
syntax for reference:
1 |
nslookup -type=type name server |
Although all documentation shows the dig
syntax as above I think the order can be changed too. Since the name server is identified by the @
sign you can specify it later on too:
1 |
dig name @server type |
I will use this syntax everywhere as it’s easier for me to remember.
You can complicate the simple syntax by adding options to dig
. There’s two sort of options: query options and domain options (I made the names up). These are usually placed after the type but again the order doesn’t really matter:
1 |
dig name @server type options |
- Query options start with a
-
(dash) and look like the switches you have in most command line tools. These are useful to control the behavior ofdig
when making the query.- For instance: say I want to for
dig
to only use IPv4. I can add the option-4
. Similarly for only IPv6 it is-6
. - If I want to specify the port of the name server (i.e. apart from 53) the
-p
option is for that. - (Very useful) If I want to specify a different source port for the client (i.e. the port from which the outgoing request is made and to which the reply is sent, in case you want to eliminate any issues with that) the
-b
switch is for that. It takes as argumentaddress#port
, if you don’t care about the address leave it as0.0.0.0#port
. - Apart from specifying the name and type as above it is also possible to pass these as query options via
-n
and-t
. - There are some more query options. Above are just the common ones I can remember.
- For instance: say I want to for
- Domain options start with a
+
(plus). These pertain to the name lookup you are doing.- For instance: typically DNS queries are performed using UDP. To use TCP instead do
+tcp
. Most of these options can be prefixed with a “no”, so if you explicitly want to not use TCP then you can do+notcp
instead. - To specify the default domain name do
+domain=xxx
. - To turn off or on recursive mode do
+norecurse
or+recurse
. (This is similar to the-recurse
or-norecurse
switch innslookup
).- Note: By default recursion is on.
- A quick note on recursion: When recursion is on
dig
asks the name server you supply (or that used by the OS) for an answer and if that name server doesn’t have an answer the name server is expected ask other name servers and get back with an answer. Hence the term “recursive”. The name server will send a recursive query to the name server it knows of, who will send a recursive query to the name server it knows of, until an answer is got down the chain of delegation. - A quick note on iterative (non-recursive queries): When recursion is off
dig
gets an answer from the first name server, then it queries the second name server, gets an answer and queries the third name server, and so on … untildig
itself gets an answer from a server who knows.
- The output from
dig
is usually verbose and shows all the sections. To keep it short use the+short
option.- This doesn’t show the name of the server that
dig
got an answer from. To print this too use the+identify
option.
- This doesn’t show the name of the server that
- To list all the authoritative name servers of a domain along with their SOA records use the
+nssearch
option. This disables recursion. - To list a trace of the delegation path use the
+trace
option. This too disables recursion. The delegation path is listed bydig
contacting each name server down the chain iteratively. - Couple of output modifying options. Most of these require no changing:
- By default the first line of the output shows the version of
dig
, the query, and some extra bits of info. To hide that use+nocmd
. - By default the answer section of replies is shown. To hide it do
+noanswer
. - By default the additional sections of a reply are shown. To hide it do
+noadditional
. - By default the authority section of a reply is shown. To hide it do
+noauthority
. - By default the question asked is shown as a comment (this is useful because you might type something like
dig rakhesh.com
whichdig
interprets asdig rakhesh.com A
so this makes the question explicit). To hide this do+noquestion
.- Note that this is not same as the query that is sent. The query is the question plus other flags like whether we want a recursive query etc. By default the query that is sent is not shown. To show that do
+qr
.
- Note that this is not same as the query that is sent. The query is the question plus other flags like whether we want a recursive query etc. By default the query that is sent is not shown. To show that do
- By default comments are printed. To hide it do
+nocomments
. - By default some stats are printed. To hide these do
+nostats
.
- By default the first line of the output shows the version of
- To change the timeout use
+time=X
. Default is 5 seconds. This is equivalent tonslookup -timeout=X
. - To change the number of retries use
+retry=X
. Default is 3. This is equivalent tonslookup -retry=X
. - There are some more domain options. Above are just the common ones I can remember.
- For instance: typically DNS queries are performed using UDP. To use TCP instead do
An interesting thing about dig
(since BIND 9) is that it can do multiple queries (the brackets below are not part of the command, I put them to show the multiple queries):
1 |
dig (name @server type options) (name @server type options) ... |
Each of these queries can take its own options but in addition to that you can also provide global options. So the full command when you have multiple queries and global options is as below (again, without the brackets):
1 |
dig global-options (name @server type options) (name @server type options) ... |
To add to the fun you can even have one name server to be used for all queries and over-ride these via name servers for each query! Thus a fuller syntax is:
1 |
dig global-options @global-server (name @server type options) (name @server type options) ... |
This is also why the options can be at the beginning of the query rather than at the end of the query. When you specify global options you can over-ride these per query (except the +[no]cmd
option).