DIG
Share This:
dig
WHAT IS DIG?
DIG is a comand line diagnostic tool for troubleshooting DNS. Dig allows the user to get DNS information directly from a DNS server and perform all functions performed by a normal DNS server as per the RFC's and the Draft Standard for DNS. By default it sends an non-recursive or iterative query, assuring you that you are checking only the DNS server you are querying and not checking the servers it refers you to. To the DNS server, the query looks like any other query sent by any other server.
To do a DIG, you need the DIG software, which comes with the BIND DNS distribution. Linux and Unix come with DIG. Windows and MacOS 9 or earlier do not.
When performing a DIG you need to know one of the following:
- Host name you are trying to look up
- The Domain a host belongs to (forward or reverse)
- Name or IP address of the authoritative server
- Type of Resource Record you need (A, MX, NS etc.)
If you need help tracking down the authoritative DNS server, use the WHOIS tool to check the WHOIS registry, or use a DIG for the host or domain in question and send a query for NS resource record information to one of the root servers.
OBTAINING DIG
You can get a copy of DIG from the Internet Systems Consortium (ISC).
| Internet Systems Consortium, Inc. (ISC) is a nonprofit public benefit corporation dedicated to supporting the infrastructure of the universal connected self-organizing Internet—and the autonomy of its participants—by developing and maintaining core production quality software, protocols, and operations. -- http://www.isc.org/ |
DIG is part of the BIND software distribution produced by the ISC. ALL the root name servers run ISC's BIND. You can download the source from the ISC website.
USING DIG
You use dig from the command line. Below is the structure for the command, the flags and options it supports.
| dig [@server] [-b address] [-c
class] [-f filename] [-k filename] [-p port#] [-t type] [-x addr] [-y name:key] [-4] [-6] [name] [type] [class] [queryopt...] |
Example: Lookup the name servers at the root NIC
dig @g.root-servers.net domain.com ns
READING DIG RESULTS
| Example #1: Finding an authoritative name server for a domain |
|
;; First,
check the root servers ; <<>> DiG 8.3
<<>> @f.root-servers.net. yahoo.com. ns ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Total query time: 105 msec ; <<>> DiG 8.3
<<>> @a.gtld-servers.net yahoo.com ns ;; ANSWER SECTION: ;; ADDITIONAL SECTION: ;; Total query time: 32 msec |
| EXAMPLE #2: Determining authority for the zone |
| [user@localhost]/home/user>
dig @a.gtld-servers.net www.yahoo.com a
;
<<>> DiG 8.3 <<>> @a.gtld-servers.net www.yahoo.com
a ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Total query time: 28 msec |
| EXAMPLE #3: Finding the valid Mail Exchangers for a zone. |
[johnp@mudserv]/home/johnp> dig @ns1.yahoo.com yahoo.com mx ; <<>> DiG 8.3
<<>> @ns1.yahoo.com yahoo.com mx ;; ANSWER SECTION: ;; Note that
mx1, mx2 and mx3 have the lowest weights and are ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Note that
there are multiple IP addresses for each ;; Total query time: 112 msec |
Web Based Dig Sites
TOOLS | Ping | Traceroute | nslookup | dig
Share This:
If you found this tutorial useful, please DONATE! Donations support the creation and maintenance of this, and other tutorials throughout this site.
