In this article, we will see 20 dig command examples in Linux. dig, also known as domain internet groper is a free and open source tool for querying the domain name system(DNS). It is very commonly used for performing DNS lookups to retrieve various DNS records such as A (address), MX (mail exchange), NS (name server), TXT (text), CNAME (canonical name), and AAAA (IPv6 address). It is also very frequently used by network and system administrators for troubleshooting various DNS issues. You can also use dig to perform reverse DNS lookups which means you can query an IP address to find out the domain name associated with it.
It has lot of other options and features available which can be effectively used in both command line as well as in shell script. Here we will see few of the important examples of dig command that can be helpful in querying DNS records of any given domain.
Also Read: How to Install whois utility on Ubuntu 20.04
To check currently installed dig utility version, you can run dig -v
command as shown below.
cyberithub@ubuntu:~$ dig -v DiG 9.16.1-Ubuntu
You can check dns record of any domain by running dig
command. Here we are checking all the records of domain example.com
using dig example.com
command as shown below.
cyberithub@ubuntu:~$ dig example.com
; > DiG 9.16.1-Ubuntu > example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADERexample.com. 10614 IN A 93.184.216.34
;; Query time: 28 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sat Nov 18 22:17:15 IST 2023
;; MSG SIZE rcvd: 56
If you are looking for the IP Address of a domain then you can use +short
option with dig
command. For example, here we are looking for the IP Address of example.com
using dig +short example.com
command as shown below.
cyberithub@ubuntu:~$ dig +short example.com 93.184.216.34
If you want to query the A record (IPv4)
of a domain then you have to use dig A
command. In our below example, we are querying the A
record of domain example.com
using dig example.com A
command as shown below.
cyberithub@ubuntu:~$ dig example.com A
; > DiG 9.16.1-Ubuntu > example.com A
;; global options: +cmd
;; Got answer:
;; ->>HEADERexample.com. 7057 IN A 93.184.216.34
;; Query time: 4 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sat Nov 18 22:19:38 IST 2023
;; MSG SIZE rcvd: 56
Just like A record, if you are looking to query AAAA (IPv6)
record of a domain then you have to use dig AAAA
syntax. In below example, we are querying AAAA
record of domain google.com
using dig google.com AAAA
command as shown below.
cyberithub@ubuntu:~$ dig google.com AAAA
; > DiG 9.16.1-Ubuntu > google.com AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADERgoogle.com. 142 IN AAAA 2404:6800:4009:812::200e
;; Query time: 36 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sat Nov 18 22:22:52 IST 2023
;; MSG SIZE rcvd: 67
If you are looking to perform reverse DNS lookup on an IP address then you have to use dig -x
syntax. In below example, we are performing reverse dns lookup on google ip address 8.8.8.8
using dig -x 8.8.8.8
command as shown below.
cyberithub@ubuntu:~$ dig -x 8.8.8.8
; > DiG 9.16.1-Ubuntu > -x 8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER8.8.8.8.in-addr.arpa. 48607 IN PTR dns.google.
;; Query time: 24 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Nov 19 09:19:11 IST 2023
;; MSG SIZE rcvd: 73
If you want to query about a domain through some specific DNS Server then you have to use dig @
syntax. In below example, we are querying about domain example.com
through dns server 8.8.8.8
as shown below.
cyberithub@ubuntu:~$ dig @8.8.8.8 example.com
; > DiG 9.16.1-Ubuntu > @8.8.8.8 example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADERexample.com. 5318 IN A 93.184.216.34
;; Query time: 660 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Nov 19 09:20:37 IST 2023
;; MSG SIZE rcvd: 56
If you are looking to retrieve MX record of a domain then you have to use dig MX
command. In below example, we are retrieving MX record of domain example.com
using dig example.com MX
command as shown below.
cyberithub@ubuntu:~$ dig example.com MX
; > DiG 9.16.1-Ubuntu > example.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADERexample.com. 86400 IN MX 0 .
;; Query time: 244 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Nov 19 09:22:08 IST 2023
;; MSG SIZE rcvd: 55
If you are looking to retrieve NS record of a domain then you have to use dig NS
command. In below example, we are retrieving NS record of domain example.com
using dig example.com NS
command as shown below.
cyberithub@ubuntu:~$ dig example.com NS
; > DiG 9.16.1-Ubuntu > example.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADERexample.com. 48185 IN NS a.iana-servers.net.
example.com. 48185 IN NS b.iana-servers.net.
;; Query time: 228 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Nov 19 09:23:06 IST 2023
;; MSG SIZE rcvd: 88
DNSSEC, short for Domain Name System Security Extensions, is a suite of extensions to DNS that adds a layer of security to the domain name resolution process. If you are looking to retrieve DNSSEC information of a domain then you have to use dig +dnssec
command. In below example, we are querying the DNSSEC
information of domain example.com
using dig example.com +dnssec
command as shown below.
cyberithub@ubuntu:~$ dig example.com +dnssec
; > DiG 9.16.1-Ubuntu > example.com +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADERexample.com. 53817 IN A 93.184.216.34
;; Query time: 24 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Nov 19 10:10:08 IST 2023
;; MSG SIZE rcvd: 79
If you are looking to trace the delegation of domain then you have to use +trace
option. In below example, we are tracing the DNS Delegation of domain example.com
using dig +trace example.com
command as shown below.
cyberithub@ubuntu:~$ dig +trace example.com
; > DiG 9.16.1-Ubuntu > +trace example.com
;; global options: +cmd
. 399219 IN NS k.root-servers.net.
. 399219 IN NS l.root-servers.net.
. 399219 IN NS m.root-servers.net.
. 399219 IN NS a.root-servers.net.
. 399219 IN NS b.root-servers.net.
. 399219 IN NS c.root-servers.net.
. 399219 IN NS d.root-servers.net.
. 399219 IN NS e.root-servers.net.
. 399219 IN NS f.root-servers.net.
. 399219 IN NS g.root-servers.net.
. 399219 IN NS h.root-servers.net.
. 399219 IN NS i.root-servers.net.
. 399219 IN NS j.root-servers.net.
..........................................
If you want to check SOA record of a domain then you have to use dig SOA
command. In below example, we are checking the SOA record of domain example.com
using dig example.com SOA
command as shown below.
cyberithub@ubuntu:~$ dig example.com SOA
; > DiG 9.16.1-Ubuntu > example.com SOA
;; global options: +cmd
;; Got answer:
;; ->>HEADERexample.com. 3600 IN SOA ns.icann.org. noc.dns.icann.org. 2022091367 7200 3600 1209600 3600
;; Query time: 260 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Nov 19 11:10:57 IST 2023
;; MSG SIZE rcvd: 96
If you want to know detail information about a domain, say for example.com
in our case then you can use dig example.com +noall +answer +stats
command as shown below. Here are the different options used with dig command:-
cyberithub@ubuntu:~$ dig example.com +noall +answer +stats example.com. 50522 IN A 93.184.216.34 ;; Query time: 20 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Sun Nov 19 11:12:10 IST 2023 ;; MSG SIZE rcvd: 56
To query TXT records of a domain, you have to run dig TXT
command. In below example, we are querying the TXT record of domain example.com
using dig example.com TXT
command as shown below.
cyberithub@ubuntu:~$ dig example.com TXT
; > DiG 9.16.1-Ubuntu > example.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADERexample.com. 50524 IN TXT "wgyf8z8cgvm2qmxpnbnldrcltvk4xqfn"
example.com. 50524 IN TXT "v=spf1 -all"
;; Query time: 20 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Nov 19 11:15:16 IST 2023
;; MSG SIZE rcvd: 109
If you are looking to query CNAME (canonical name) record of a domain then you have to use dig CNAME
command. In below example, we are querying CNAME
of domain example.com
using dig example.com CNAME
command as shown below.
cyberithub@ubuntu:~$ dig example.com CNAME ; > DiG 9.16.1-Ubuntu > example.com CNAME ;; global options: +cmd ;; Got answer: ;; ->>HEADER
Example 16: Set a timeout
You also have the option to set timeout period during DNS lookups. For example, if you are querying DNS records of domain
example.com
then you can set timeout period to say10 secs
(in our case) for getting a response usingdig example.com +time=10
command as shown below. It will wait for that much time period for a response, after that it will show an error.cyberithub@ubuntu:~$ dig example.com +time=10 ; > DiG 9.16.1-Ubuntu > example.com +time=10 ;; global options: +cmd ;; Got answer: ;; ->>HEADER
Example 17: Set the EDNSO Buffer Size
You also have the option to set the buffer size for the DNS query message. For example, if you want to set the buffer size to
512 bytes
to query the DNS records of domainexample.com
then you have to usedig +bufsize=512 example.com
command as shown below. cyberithub@ubuntu:~$ dig +bufsize=512 example.com ; > DiG 9.16.1-Ubuntu > +bufsize example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER
Example 18: Send Query without EDNS
EDNS is an extension to the original DNS specification and is used to allow for larger packet sizes, carry additional information, and facilitate new DNS features. If you want to disable this feature during query then you have to use
+noedns
option. So if you want to query DNS records ofexample.com
from DNS server without using EDNS features then you have to rundig +noedns example.com
command as shown below.cyberithub@ubuntu:~$ dig +noedns example.com ; > DiG 9.16.1-Ubuntu > +noedns example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER
Example 19: Query using a Specific Port
If you want to query about a domain from some specific port then you can mention the port number as shown in below example. Here we are querying about domain
example.com
fromPort number 53
by usingdig port=53 example.com
command as shown below. cyberithub@ubuntu:~$ dig port=53 example.com ; > DiG 9.16.1-Ubuntu > port=53 example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER>HEADER
Example 20: Send a Non-recursive Query
dig utility also provides the ability to send non-recursive query. In a recursive query, if the server doesn't have the answer, it will query other servers until it finds the information but in case if you want server to return a response only if it has the answer in its cache or is authoritative for the domain then you have to use non-recursive query.
To send a non-recursive query, you can use
+norecurse
option. For example, here we are using non-recursive query to get information about domainexample.com
usingdig +norecurse example.com
command as shown below.cyberithub@ubuntu:~$ dig +norecurse example.com ; > DiG 9.16.1-Ubuntu > +norecurse example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER
In this article, we will see how to install nvidia-smi on Ubuntu or Debian Linux.…
In this article, we will see how to install clang tool on Ubuntu or Debian…
When working with Docker containers on Raspberry Pi devices, you might encounter frustrating signature verification…
You’ve recently upgraded to Ubuntu 18.04 and found that your OpenVPN connection no longer resolves…
Have you ever tried to open System Monitor on your Ubuntu 18.04 system only to…
System hardening means locking down a system and reducing its attack surface: removing unnecessary software…