Skip to content

Dig command on Linux (DNS query)

The dig command in Linux (domain information groper) is a powerful and flexible tool for searching information on DNS name resolution servers. It is usually used to diagnose server configuration problems.

To install dig

On Debian and Ubuntu:

$ apt-get install <a href="https://packages.debian.org/buster/dnsutils">dnsutils</a>

On CentOS 7:

$ yum install <a href="https://github.com/tigeli/bind-utils">bind-utils</a>

When installing, check the version to ensure that the setup was successfully completed:

$ dig -v

DIG syntax

In a simple way, the dig syntax will be:

say [server] [name] [type]

[server] — the IP address or hostname of the DNS server to query. If the server argument is not provided, dig will use the address listed in /etc/resolv.conf.

[name] — the name of the resource record that should be searched. It can be a host or a domain.

[type] — the type of search requested by dig. For example: A, MX, or SOA record (see the list of DNS records), etc. By default, dig searches for an A record.

Examples of using dig

In this example, the dig returns the IP address corresponding to the certificacaolinux.com.br site, as well as which DNS server was responsible (authority) to answer the query:

$ dig certificacaolinux.com.br;; QUESTION SECTION:; certificacaolinux.com.br. IN A;; ANSWER SECTION: certificacaolinux.com.br. 86400 IN A 192.168.1.5; AUTHORITY SECTION: certificacaolinux.com.br. 86400 IN NS ns2.host.br. certificacaolinux.com.br. 86400 IN NS ns.host.br.

Get record MX from a domain

The dig command can also be used to ask questions about specific records on the name server. In the example below, it will return only the MX type records from the domain certificacaolinux.com.br:

$ dig MX certificacaolinux.com.br;; QUESTION SECTION:; certificacaolinux.com.br. IN MX;; ANSWER SECTION: certificacaolinux.com.br. 35 IN MX 3 alt2.aspmx.l.google.com. certificacaolinux.com.br. 35 IN MX 10 web.certificacaolinux.com.br. certificacaolinux.com.br. 35 IN MX 1 aspmx.l.google.com. certificacaolinux.com.br. 35 IN MX 2 alt1.aspmx.l.google.com.

Get the most information from a domain with dig

The “any” option causes dig to try to obtain all the information for a given domain:

$ dig example.com any
; <> DiG 9.6.1 <> example.com any
; global options: +cmd
;; Got answer:
; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4016
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
; example.com. IN ANY
; ANSWER SECTION:
example.com. 172719 IN NS a.iana-servers.net.
example.com. 172719 IN NS b.iana-servers.net.
example.com. 172719 IN A 208.77.188.166
example.com. 172719 IN SOA dns1.icann.org. hostmaster.icann.org. 2007051703 7200 3600 1209600 86400
;; Query time: 1 msec
;; SERVER: ::1 #53 (::1)
;; WHEN: Wed Aug 12 11:40:43 2009
; MSG SIZE rcvd: 154

Specify the query server in dig

To specify the query server, you can also use the “@” option followed by the address of a DNS server:

$ dig wikimedia.org MX @ns0 .wikimedia.org
; <> DiG 9.11.3 <> wikimedia.org MX @ns0 .wikimedia.org
; global options: +cmd
;; Got answer:
; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39041
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udo: 1024
; COOKIE: c9735311d2d2fa6e3b334ab01b67960d (good)
;; QUESTION SECTION:
; wikimedia.org. IN MX
; ANSWER SECTION:
wikimedia.org. 3600 IN MX 10 mx1001.wikimedia.org.
wikimedia.org. 3600 IN MX 50 mx2001.wikimedia.org.
;; Query time: 1 msec
; SERVER: 208.80.154.238 #53 (208.80.154.238)
;; WHEN: Sat Sep 18 21:33:24 PDT 2021
; MSG SIZE crvd: 108

To obtain summary information

The “+noall +answer +multiline” option can be used to obtain a summary version usable in for a DNS zone configuration file:

$ dig +noall +answer +multiline wikimedia.org MX
wikimedia.org. 3600 IN MX 10 mx1001.wikimedia.org.
wikimedia.org. 3600 IN MX 50 mx2001.wikimedia.org.

To obtain a registry address only:

The “+short” option summarizes the output of the dig command well:

$ dig godaddy.com +short 208.109.192.70

You can specify the record type along with the +short option:

$ dig godaddy.com +MX shorts
0 godaddy-com.mail.protection.outlook.com.