The dig command in Linux: advanced DNS queries

Posted on by BlockmyIP | Category: Linux terminal commands

Introduction

The dig command (Domain Information Groper) is an essential tool for system administrators and network professionals on Linux. It allows performing DNS queries in a detailed and flexible manner, surpassing simpler utilities such as nslookup or host. Its origin in the BIND package gives it precision and a wealth of options that make it the de facto standard for domain name diagnosis.

What is dig?

Dig is part of the BIND (Berkeley Internet Name Domain) package and is responsible for querying name servers to obtain information about DNS records, such as A, AAAA, MX, TXT, CNAME, NS, SRV, and many others. Its output can be customized via various options, making it a powerful ally for debugging name resolution problems, validating zone configurations, and automating tasks via scripts.

Installation

In most Linux distributions, dig comes preinstalled. If it is not available, simply install the corresponding package:

  • Debian/Ubuntu: sudo apt-get install dnsutils
  • Red Hat/CentOS: sudo yum install bind-utils
  • Fedora: sudo dnf install bind-utils
  • Arch Linux: sudo pacman -S bind-tools

Basic Queries

A simple query is executed by indicating the name to resolve:

dig example.com

This returns the answer section with the default A record, along with the question, authority, and additional sections. Each section includes useful information such as time-to-live (TTL), class (IN), and record type.

Advanced Queries

Dig offers multiple flags that allow fine-tuning the query:

  • +short: shows only the answer, ideal for scripts.
  • +trace: shows the full path from the roots to the authoritative server, displaying each step of the delegation.
  • +json: (available in recent versions) generates the output in JSON format for easy processing by programs.
  • @server: specifies the DNS server to query, for example @8.8.8.8 or @1.1.1.1.
  • type: indicates the record type, such as MX, TXT, ANY or SRV.
  • +noall +answer: suppresses all sections except the answer, useful for obtaining clean data.
  • +retry=N: defines how many retries to perform in case of timeout.
  • +timeout=N: sets the wait time in seconds for each query.

Practical Examples

Some common uses:

  • Obtain only the IP address:
    • dig +short example.com
  • Query MX records of a domain:
    • dig example.com MX +short
  • Perform a trace of the query:
    • dig +trace example.com
  • Obtain information in JSON:
    • dig @1.1.1.1 example.com TXT +json
  • Query all available records (without showing the authority or additional sections):
    • dig example.com ANY +noall +answer
  • Filter responses with grep to obtain only IPv6 addresses:
    • dig example.com AAAA +short | grep -v '^;'
  • Measure the response time of several DNS servers:
    • for s in 8.8.8.8 1.1.1.

    This post is also available in ESPAÑOL.

Leave a Reply

Your email address will not be published. Required fields are marked *

Esta obra está bajo una Licencia Creative Commons Atribución 4.0 Internacional para Francesc Roig francesc@vivaldi.net .