How to use dig for checking DNS records
Installation
dig is usually installed by defaults in most MacOS and Linux.
If you must, you can install it with brew install bind (MacOS). A nice explanation for installation on Windows or Linux can be found at Digital Ocean. And there is one installation guide for CentOS, Debian/Ubuntu or ArchLinux.
Basic usage
You can simply type in the domain to start with a first check:
$ dig google.de
(...)
;; ANSWER SECTION:
google.de. 137 IN A 172.217.16.131Voila. At the moment of writing google.de resolves to the IP 172.217.16.131.
This is the full output:
; <<>> DiG 9.10.6 <<>> google.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28381
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.de. IN A
;; ANSWER SECTION:
google.de. 281 IN A 172.217.16.131
;; Query time: 51 msec
;; SERVER: 192.xxx.xxx.x(192.xxx.xxx.xxx)
;; WHEN: Wed Feb 26 10:07:37 CET 2020
;; MSG SIZE rcvd: 54Explanation:
-
<<>> DiG 9.10.6 <<>>: The installed version -
opcode: QUERY: The action,digtook. -
status: NOERROR: There as no error, it could also haveSERVFAIL(Name exists, but data is invalid),NXDOMAIN(Name questioned does not exist) orREFUSED(Nothing is supposed to be served here). OPT PSEUDOSECTION: Extension mechanism values (for DNSSEC etc.)-
QUESTIONS SECTION: What diddiglook for? Default areArecords, so it is listed here -
ANSWER SECTION: This is the most important part showing the results. It shows that google.de has a TTL of 281 and anA recordto the given IP. -
Query time: We had 51msec. Out of curiosity you could compare some DNS Resolvers at dnsperf.com SERVER: This is the server being used, in the given result my local router rechable at the IP192.xxx.xxx.xxxis my DNS server and therefore answering.
As I wrote, dig outputs A records, you have to explicitly ask for other ones, e.g. you can do:
dig google.de TXT
dig google.de MX
dig google.de You can ask for all existing records with ANY:
$ dig google.de ANY
;; ANSWER SECTION:
google.de. 582 IN MX 50 alt4.aspmx.l.google.com.
google.de. 582 IN MX 40 alt3.aspmx.l.google.com.
google.de. 582 IN MX 10 aspmx.l.google.com.
google.de. 36101 IN NS ns1.google.com.
google.de. 582 IN MX 20 alt1.aspmx.l.google.com.
google.de. 274 IN TXT "v=spf1 -all"
google.de. 176 IN A 216.58.208.35
google.de. 99 IN AAAA 2a00:1450:4001:821::2003
google.de. 582 IN MX 30 alt2.aspmx.l.google.com.
google.de. 36101 IN NS ns3.google.com.
google.de. 36101 IN NS ns4.google.com.
google.de. 36101 IN NS ns2.google.com.Using a different DNS server for a request
Sometimes your local computer, browser or router caches DNS entries and you are not able, to see changes for some time. You could change the DNS server in your system or temporarily use another public DNS server, e.g. 8.8.8.8 (Google), 208.67.222.222 (OpenDNS), 1.1.1.1 (Cloudflare).
$ dig @8.8.8.8
(...)
;; SERVER: 8.8.8.8#53(8.8.8.8)Checking on DNS Nameservers
Simple check to get the Nameservers:
$ dig +short NS google.de
ns3.google.com.
ns2.google.com.
ns1.google.com.
ns4.google.com.You can also use +nssearch, to get the IPs and the SOA informations:
$ dig +nssearch google.de
SOA ns1.google.com. dns-admin.google.com. 297077745 900 900 1800 60 from server 216.239.32.10 in 26 ms.
SOA ns1.google.com. dns-admin.google.com. 297077745 900 900 1800 60 from server 216.239.38.10 in 26 ms.
SOA ns1.google.com. dns-admin.google.com. 297077745 900 900 1800 60 from server 216.239.36.10 in 26 ms.
SOA ns1.google.com. dns-admin.google.com. 297077745 900 900 1800 60 from server 216.239.34.10 in 40 ms.It shows the name, admin/owner informations, the SOA record serial, the refresh TTL (from slave -> master), retry TTL (retry time, if initial refresh failed), expiry TTL (time after which the master should be considered gone, if both fail) and NX TTL (How long must a NXDOMAIN result be cached by the resolver), the IP and the query time. You can read further about this here.
Specifiying nameservers or their IPs can help to check, if those resolve correctly:
$ dig @216.239.32.10 google.de
(...)
;; ANSWER SECTION:
google.de. 300 IN A 216.58.213.195How can I do a reverse DNS lookup?
$ dig -x 172.217.16.131
;; ANSWER SECTION:
131.16.217.172.in-addr.arpa. 86400 IN PTR fra15s46-in-f3.1e100.net.
131.16.217.172.in-addr.arpa. 86400 IN PTR zrh04s06-in-f8.1e100.net.Seems like google.de to me is served from Frankfurt and Zürich.
Tracing DNS with dig
$ dig +trace google.de
; <<>> DiG 9.10.6 <<>> +trace google.de
;; global options: +cmd
. 86388 IN NS e.root-servers.net.
. 86388 IN NS i.root-servers.net.
. 86388 IN NS m.root-servers.net.
. 86388 IN NS b.root-servers.net.
. 86388 IN NS j.root-servers.net.
. 86388 IN NS a.root-servers.net.
. 86388 IN NS k.root-servers.net.
. 86388 IN NS l.root-servers.net.
. 86388 IN NS c.root-servers.net.
. 86388 IN NS g.root-servers.net.
. 86388 IN NS d.root-servers.net.
. 86388 IN NS f.root-servers.net.
. 86388 IN NS h.root-servers.net.
;; Received 239 bytes from 192.xxx.xxx in 52 ms
de. 172800 IN NS a.nic.de.
de. 172800 IN NS f.nic.de.
de. 172800 IN NS l.de.net.
de. 172800 IN NS n.de.net.
de. 172800 IN NS s.de.net.
de. 172800 IN NS z.nic.de.
de. 86400 IN DS ...
de. 86400 IN RRSIG ...
;; Received 715 bytes from 198.41.0.4#53(a.root-servers.net) in 67 ms
google.de. 86400 IN NS ns1.google.com.
google.de. 86400 IN NS ns2.google.com.
google.de. 86400 IN NS ns3.google.com.
google.de. 86400 IN NS ns4.google.com.
tjlb7qbojvmlf1s6gdriru7vsms1lg16.de. 7200 IN NSEC3 ...
tjlb7qbojvmlf1s6gdriru7vsms1lg16.de. 7200 IN RRSIG ...
;; Received 619 bytes from 194.146.107.6#53(n.de.net) in 38 ms
google.de. 300 IN A 216.58.213.195
;; Received 54 bytes from 216.239.36.10#53(ns3.google.com) in 51 msThis gives us the full trace of DNS name resolving works for google.de. There are 13 root servers, they have info on the TLD authorative servers (NIC is responsibe for .de TLD and they have google.de on file. More about tracing can be found here or here.
BTW: The DNS records DS, NSEC3, RRSIG are part of the DNSSEC protocol. You can find a good explanation of those at Cloudflare. More about root servers, registries and the general structure can be read at the Internet Assigned Numbers Authority (IANA).