DevOps, coding & IT infrastructures
Networking

How to use dig for checking DNS records

by Jens Neuhaus 5 min read

Installation

dig is usually installed by defaults in most MacOS and Linux.

If you must, you can install it with brew install bind (MacOS). A nice explanation for installation on Windows or Linux can be found at Digital Ocean. And there is one installation guide for CentOS, Debian/Ubuntu or ArchLinux.

Basic usage

You can simply type in the domain to start with a first check: 

$ dig google.de

(...)

;; ANSWER SECTION:
google.de.		137	IN	A	172.217.16.131
dig Basic request

Voila. At the moment of writing google.de resolves to the IP 172.217.16.131.

This is the full output:

; <<>> DiG 9.10.6 <<>> google.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28381
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.de.			IN	A

;; ANSWER SECTION:
google.de.		281	IN	A	172.217.16.131

;; Query time: 51 msec
;; SERVER: 192.xxx.xxx.x(192.xxx.xxx.xxx)
;; WHEN: Wed Feb 26 10:07:37 CET 2020
;; MSG SIZE  rcvd: 54
Detailed answer of dig

Explanation:

  • <<>> DiG 9.10.6 <<>> : The installed version
  • opcode: QUERY: The action, dig took.
  • status: NOERROR: There as no error, it could also have SERVFAIL (Name exists, but data is invalid), NXDOMAIN(Name questioned does not exist) or REFUSED (Nothing is supposed to be served here).
  • OPT PSEUDOSECTION: Extension mechanism values (for DNSSEC etc.)
  • QUESTIONS SECTION: What did dig look for? Default are A records, so it is listed here
  • ANSWER SECTION: This is the most important part showing the results. It shows that google.de has a TTL of 281 and an A record to the given IP.
  • Query time: We had 51msec. Out of curiosity you could compare some DNS Resolvers at dnsperf.com
  • SERVER: This is the server being used, in the given result my local router rechable at the IP 192.xxx.xxx.xxx is my DNS server and therefore answering.

As I wrote, dig outputs A records, you have to explicitly ask for other ones, e.g. you can do:

dig google.de TXT
dig google.de MX
dig google.de
Some of the DNS records, dig can query

You can ask for all existing records with ANY: 

$ dig google.de ANY

;; ANSWER SECTION:
google.de.	582	IN	MX	50 alt4.aspmx.l.google.com.
google.de.	582	IN	MX	40 alt3.aspmx.l.google.com.
google.de.	582	IN	MX	10 aspmx.l.google.com.
google.de.	36101	IN	NS	ns1.google.com.
google.de.	582	IN	MX	20 alt1.aspmx.l.google.com.
google.de.	274	IN	TXT	"v=spf1 -all"
google.de.	176	IN	A	216.58.208.35
google.de.	99	IN	AAAA	2a00:1450:4001:821::2003
google.de.	582	IN	MX	30 alt2.aspmx.l.google.com.
google.de.	36101	IN	NS	ns3.google.com.
google.de.	36101	IN	NS	ns4.google.com.
google.de.	36101	IN	NS	ns2.google.com.
How to ask dig for ALL records

Using a different DNS server for a request

Sometimes your local computer, browser or router caches DNS entries and you are not able, to see changes for some time. You could change the DNS server in your system or temporarily use another public DNS server, e.g. 8.8.8.8 (Google), 208.67.222.222 (OpenDNS), 1.1.1.1 (Cloudflare).

$ dig @8.8.8.8

(...)

;; SERVER: 8.8.8.8#53(8.8.8.8)
dig can use a given DNS server

Checking on DNS Nameservers

Simple check to get the Nameservers:

$ dig +short NS google.de
ns3.google.com.
ns2.google.com.
ns1.google.com.
ns4.google.com.
dig on Nameservers

You can also use +nssearch, to get the IPs and the SOA informations:

$ dig +nssearch google.de
SOA ns1.google.com. dns-admin.google.com. 297077745 900 900 1800 60 from server 216.239.32.10 in 26 ms.
SOA ns1.google.com. dns-admin.google.com. 297077745 900 900 1800 60 from server 216.239.38.10 in 26 ms.
SOA ns1.google.com. dns-admin.google.com. 297077745 900 900 1800 60 from server 216.239.36.10 in 26 ms.
SOA ns1.google.com. dns-admin.google.com. 297077745 900 900 1800 60 from server 216.239.34.10 in 40 ms.
dig on Nameservers with more infos

It shows the name, admin/owner informations, the SOA record serial, the refresh TTL (from slave -> master), retry TTL (retry time, if initial refresh failed), expiry TTL (time after which the master should be considered gone, if both fail) and NX TTL (How long must a NXDOMAIN result be cached by the resolver), the IP and the query time. You can read further about this here.

Specifiying nameservers or their IPs can help to check, if those resolve correctly:

$ dig @216.239.32.10 google.de

(...)

;; ANSWER SECTION:
google.de.		300	IN	A	216.58.213.195
Running dig with a specified Google nameserver

How can I do a reverse DNS lookup?

$ dig -x 172.217.16.131

;; ANSWER SECTION:
131.16.217.172.in-addr.arpa. 86400 IN	PTR	fra15s46-in-f3.1e100.net.
131.16.217.172.in-addr.arpa. 86400 IN	PTR	zrh04s06-in-f8.1e100.net.
dig reserve lookup for google.de

Seems like google.de to me is served from Frankfurt and Zürich.

Tracing DNS with dig

$ dig +trace google.de

; <<>> DiG 9.10.6 <<>> +trace google.de
;; global options: +cmd
.		86388	IN	NS	e.root-servers.net.
.		86388	IN	NS	i.root-servers.net.
.		86388	IN	NS	m.root-servers.net.
.		86388	IN	NS	b.root-servers.net.
.		86388	IN	NS	j.root-servers.net.
.		86388	IN	NS	a.root-servers.net.
.		86388	IN	NS	k.root-servers.net.
.		86388	IN	NS	l.root-servers.net.
.		86388	IN	NS	c.root-servers.net.
.		86388	IN	NS	g.root-servers.net.
.		86388	IN	NS	d.root-servers.net.
.		86388	IN	NS	f.root-servers.net.
.		86388	IN	NS	h.root-servers.net.
;; Received 239 bytes from 192.xxx.xxx in 52 ms

de.		172800	IN	NS	a.nic.de.
de.		172800	IN	NS	f.nic.de.
de.		172800	IN	NS	l.de.net.
de.		172800	IN	NS	n.de.net.
de.		172800	IN	NS	s.de.net.
de.		172800	IN	NS	z.nic.de.
de.		86400	IN	DS	...
de.		86400	IN	RRSIG	...
;; Received 715 bytes from 198.41.0.4#53(a.root-servers.net) in 67 ms

google.de.		86400	IN	NS	ns1.google.com.
google.de.		86400	IN	NS	ns2.google.com.
google.de.		86400	IN	NS	ns3.google.com.
google.de.		86400	IN	NS	ns4.google.com.
tjlb7qbojvmlf1s6gdriru7vsms1lg16.de. 7200 IN NSEC3 ...
tjlb7qbojvmlf1s6gdriru7vsms1lg16.de. 7200 IN RRSIG ...
;; Received 619 bytes from 194.146.107.6#53(n.de.net) in 38 ms

google.de.		300	IN	A	216.58.213.195
;; Received 54 bytes from 216.239.36.10#53(ns3.google.com) in 51 ms
Tracing with dig

This gives us the full trace of DNS name resolving works for google.de. There are 13 root servers, they have info on the TLD authorative servers (NIC is responsibe for .de TLD and they have google.de on file. More about tracing can be found here or here.

BTW: The DNS records DS, NSEC3, RRSIG are part of the DNSSEC protocol. You can find a good explanation of those at Cloudflare. More about root servers, registries and the general structure can be read at the Internet Assigned Numbers Authority (IANA).

Digging deeper into dig

Read more posts by this author

Jens Neuhaus

The link has been copied!
You’ve successfully subscribed to Coding with passion
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Success! Your email is updated.
Your link has expired
Success! Check your email for magic link to sign-in.